Duży upload:/

**Posty:** 175 · przez **McLeo** 24 Wrz 2008, 21:26

mam taki problem. ciagle mam prawie max uploadu przez co bardzo mi zamula net a czasami praktycznie nie chodzi. prosze o sprawdzenie logów:

combo fix:

ComboFix 08-08-31.01 - Konrad 2008-09-24 20:52:14.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1570 [GMT 2:00]
Running from: D:\Nowy folder (3)\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-24 20:50 . 2008-09-24 20:50 0 --a------ C:\21.tmp
2008-09-24 20:50 . 2008-09-24 20:50 0 --a------ C:\20.tmp
2008-09-24 20:50 . 2008-09-24 20:50 0 --a------ C:\1F.tmp
2008-09-24 20:49 . 2008-09-24 20:49 179,200 --a------ C:\WINDOWS\system32\drivers\oruvrqro.sys
2008-09-24 20:49 . 2008-09-24 20:49 0 --a------ C:\WINDOWS\system32\1D.tmp
2008-09-24 20:49 . 2008-09-24 20:49 0 --a------ C:\1E.tmp
2008-09-24 20:48 . 2001-10-26 20:29 93,184 --a------ C:\WINDOWS\system32\adsn.dll
2008-09-24 20:48 . 2008-09-24 20:48 49,183 --a------ C:\WINDOWS\system32\drivers\str.sys
2008-09-24 20:48 . 2008-09-24 20:49 37,888 --a------ C:\WINDOWS\system32\17.tmp
2008-09-24 20:48 . 2008-09-24 20:48 228 --a------ C:\WINDOWS\system32\14.tmp
2008-09-24 19:34 . 2008-09-24 20:47 32,256 --a------ C:\WINDOWS\system32\drivers\ati7bqxx.sys
2008-09-24 19:33 . 2001-10-26 20:27 93,184 --a------ C:\WINDOWS\system32\comca.dll
2008-09-24 19:33 . 2008-09-24 19:33 49,664 --a------ C:\127.tmp
2008-09-24 19:12 . 2008-09-24 19:12 23,552 --ahs---- C:\WINDOWS\system32\adadix2kp.dll
2008-09-24 19:12 . 2008-09-24 19:12 23,040 --ahs---- C:\WINDOWS\system32\2052b.dll
2008-09-24 19:12 . 2008-09-24 19:12 20,480 --ahs---- C:\WINDOWS\system32\1028p.dll
2008-09-24 19:11 . 2008-09-24 19:10 81,920 -rahs---- C:\WINDOWS\system32\6to4svca.exe
2008-09-24 19:09 . 2008-09-24 19:33 164,864 --a------ C:\WINDOWS\system32\rs32net.exe
2008-09-24 19:09 . 2007-10-16 13:41 93,184 --a------ C:\WINDOWS\system32\ativcox.dll
2008-09-24 19:09 . 2008-09-24 19:09 49,664 --a------ C:\FA.tmp
2008-09-24 19:09 . 2008-09-24 19:42 636 --a-s---- C:\WINDOWS\system32\2470109395.dat
2008-09-24 19:09 . 2008-09-24 19:09 184 --a------ C:\WINDOWS\system32\F4.tmp
2008-09-24 19:09 . 2008-09-24 19:09 29 --a------ C:\WINDOWS\system32\wrquspad.tmp
2008-09-24 19:09 . 2008-09-24 19:09 18 --a------ C:\WINDOWS\system32\FB.tmp
2008-09-23 18:36 . 2008-09-23 18:36 <DIR> d-------- C:\Program Files\thriXXX
2008-09-20 17:04 . 2008-09-20 17:04 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\Hamachi
2008-09-19 19:28 . 2008-09-19 19:28 <DIR> d-------- C:\Program Files\Hamachi
2008-09-19 19:28 . 2008-09-24 20:48 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Hamachi
2008-09-19 19:28 . 2008-09-19 19:28 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-09-18 19:44 . 2008-09-24 08:16 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-18 17:12 . 2008-09-18 17:12 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-09-18 17:12 . 2008-09-22 17:57 <DIR> d-------- C:\Program Files\AskTBar
2008-09-18 17:12 . 2008-09-18 17:12 <DIR> d-------- C:\Program Files\Ahead
2008-09-18 17:12 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-09-18 17:12 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-18 17:12 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-18 17:12 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-09-18 17:12 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-09-18 17:12 . 2006-01-12 16:40 167,936 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-09-18 17:12 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-18 17:12 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-09-18 17:12 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-18 13:35 . 2008-09-18 13:35 <DIR> d---s---- C:\Documents and Settings\Konrad\UserData
2008-09-15 17:38 . 2008-09-21 18:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-14 20:50 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-14 20:50 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-14 20:04 . 2008-09-14 20:04 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\Media Player Classic
2008-09-14 17:54 . 2008-09-14 17:54 <DIR> d-------- C:\Program Files\ipla
2008-09-14 17:54 . 2008-09-14 17:54 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\ipla
2008-09-14 17:54 . 2008-09-23 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ipla
2008-09-14 15:21 . 2008-09-14 15:21 <DIR> d-------- C:\WINDOWS\Sun
2008-09-13 19:17 . 2008-09-13 20:45 <DIR> d-------- C:\Games
2008-09-13 19:13 . 2008-09-24 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-09-13 19:12 . 2008-09-13 19:13 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-09-13 16:37 . 2008-09-13 16:37 <DIR> d-------- C:\WINDOWS\system32\languages
2008-09-13 16:37 . 2008-09-13 16:41 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-09-13 16:32 . 2008-09-13 16:32 <DIR> d-------- C:\Program Files\ffdshow
2008-09-13 16:32 . 2006-12-10 23:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-09-13 16:32 . 2006-12-10 23:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-09-13 16:32 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-09-13 16:32 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-09-13 16:32 . 2008-06-12 20:37 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-09-13 16:32 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-13 16:27 . 2008-09-13 16:41 847,872 --a------ C:\WINDOWS\iun6002.exe
2008-09-13 13:33 . 2008-09-13 13:33 <DIR> d-------- C:\Program Files\FLVPlayer
2008-09-12 21:55 . 2008-09-12 21:55 <DIR> d-------- C:\Logs
2008-09-12 16:38 . 2008-09-12 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-11 20:08 . 2008-09-11 20:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-11 19:55 . 2008-09-24 20:52 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-09-11 19:55 . 2008-09-06 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-09-11 19:55 . 2008-09-06 18:50 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-09-11 19:55 . 2008-09-06 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-09-11 19:55 . 2008-09-06 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-09-11 19:55 . 2008-09-06 20:30 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-09-11 19:55 . 2008-09-06 20:30 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-09-11 19:55 . 2008-09-11 19:55 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-11 19:52 . 2008-09-24 20:46 <DIR> d-------- C:\SDFix
2008-09-11 15:56 . 2008-09-11 15:56 80,059 --a------ C:\WINDOWS\RGI3.tmp
2008-09-11 15:56 . 2008-09-11 15:56 80,059 --a------ C:\WINDOWS\RGI2.tmp
2008-09-11 15:56 . 2008-09-11 15:56 80,059 --a------ C:\WINDOWS\RGI1.tmp
2008-09-11 15:15 . 2008-09-11 15:15 <DIR> d-------- C:\Program Files\Bonjour
2008-09-11 15:09 . 2008-09-11 15:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-11 14:52 . 2008-09-11 16:00 1,193,596 ---hs---- C:\WINDOWS\system32\obgrejvc.ini
2008-09-11 14:45 . 2008-09-11 14:45 140,800 --a------ C:\ombos.exe
2008-09-11 14:45 . 2008-09-11 14:45 78,848 --a------ C:\hcsu.exe
2008-09-11 14:42 . 2008-09-11 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-09-11 12:19 . 2008-09-11 12:19 <DIR> d-------- C:\Program Files\FM Modifier 2.1
2008-09-11 12:19 . 2008-09-11 12:19 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\Sports Interactive
2008-09-10 17:18 . 2008-09-10 17:56 <DIR> d-------- C:\Program Files\DAP
2008-09-10 17:18 . 2008-09-10 17:18 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-09-10 17:18 . 2008-09-10 17:18 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-09-10 17:18 . 2008-09-10 17:18 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-09-10 14:56 . 2008-09-10 14:56 <DIR> d-------- C:\Program Files\Ray Adams
2008-09-10 14:56 . 2008-09-10 14:56 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\atitray
2008-09-09 20:16 . 2008-09-09 20:16 <DIR> d-------- C:\Program Files\BitComet
2008-09-09 20:16 . 2008-09-09 20:16 <DIR> d-------- C:\Downloads
2008-09-09 15:57 . 2008-09-09 15:57 <DIR> d-------- C:\Program Files\Ares
2008-09-08 19:05 . 2008-09-11 15:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-08 19:04 . 2008-09-08 19:04 <DIR> d-------- C:\WINDOWS\Cache
2008-09-07 21:37 . 2008-09-07 21:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-07 21:21 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-09-07 21:21 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-07 21:21 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-07 21:21 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-09-07 16:12 . 2008-09-07 16:12 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Media Player Classic
2008-09-07 14:16 . 2008-09-07 14:21 <DIR> d-------- C:\Program Files\n-k_masz_wiadomosc
2008-09-07 11:42 . 2008-09-13 16:36 <DIR> d-------- C:\Program Files\Real Alternative
2008-09-07 09:32 . 2008-09-21 18:32 <DIR> d-------- C:\Documents and Settings\Konrad\Gadu-Gadu
2008-09-07 09:21 . 2008-09-24 20:38 <DIR> d--h----- C:\Documents and Settings\Konrad\Ustawienia lokalne
2008-09-07 09:21 . 2008-09-24 19:10 <DIR> dr------- C:\Documents and Settings\Konrad\Ulubione
2008-09-07 09:21 . 2008-09-06 18:50 <DIR> d--h----- C:\Documents and Settings\Konrad\Szablony
2008-09-07 09:21 . 2008-09-24 17:12 <DIR> d-------- C:\Documents and Settings\Konrad\Pulpit
2008-09-07 09:21 . 2008-09-24 19:10 <DIR> dr------- C:\Documents and Settings\Konrad\Moje dokumenty
2008-09-07 09:21 . 2008-09-06 20:30 <DIR> dr------- C:\Documents and Settings\Konrad\Menu Start
2008-09-07 09:21 . 2008-09-19 19:28 <DIR> dr-h----- C:\Documents and Settings\Konrad\Dane aplikacji
2008-09-07 09:21 . 2008-09-24 20:15 <DIR> d-------- C:\Documents and Settings\Konrad
2008-09-07 09:21 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-06 19:51 . 2008-09-06 19:51 1,160 --a------ C:\WINDOWS\mozver.dat
2008-09-06 19:37 . 2008-09-17 19:28 <DIR> d-------- C:\Program Files\eMule
2008-09-06 19:36 . 2008-09-06 19:36 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-09-06 19:36 . 2008-09-06 19:36 <DIR> d-------- C:\Program Files\AVSMedia
2008-09-06 19:34 . 2008-09-06 19:35 <DIR> d-------- C:\Program Files\Winamp
2008-09-06 19:33 . 2008-09-19 08:09 <DIR> d-------- C:\Program Files\CDex_150
2008-09-06 19:29 . 2008-09-06 19:29 <DIR> d-------- C:\Program Files\Lavalys
2008-09-06 19:26 . 2008-09-06 19:26 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 17:08 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-09-06 17:01 327,680 ----a-w C:\WINDOWS\HideWin.exe
2008-09-06 17:00 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-09-06 16:58 --------- d-----w C:\Program Files\Yahoo!
2008-09-06 16:58 --------- d-----w C:\Program Files\Intel
2008-09-06 16:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-06 16:52 --------- d-----w C:\Program Files\Usługi online
.

------- Sigcheck -------

2004-08-04 00:44 25600 aa072d25028679cdc83ffee8c659b3fd C:\WINDOWS\system32\svchost.exe
2004-08-04 00:44 25600 49bdfca6b2ddc76c6dbbad131f1b2e31 C:\WINDOWS\system32\dllcache\svchost.exe

2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 00:44 1077760 9450f59dab562fc8d4cbd922cae13250 C:\WINDOWS\explorer.exe
2004-08-04 00:44 1044992 27901414114fd638178a62f69f552f9a C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 00:44 26624 d9d7b9d8b0b0c8d614afab3d5661201a C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:44 26624 485b51af56cd0357393cfefa7ad26968 C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:44 167424 2b1cfc1bcbf4032f8173c0e2805db0f8 C:\WINDOWS\system32\spoolsv.exe
2004-08-04 00:44 69120 71ec3753d00bb7e0f4446f596d9ed1d7 C:\WINDOWS\system32\dllcache\spoolsv.exe

2004-08-04 00:44 156160 5d603a87821abb2165e4409c7c7e45ad C:\WINDOWS\system32\wuauclt.exe
2004-08-04 00:44 123392 7516dd0b456ad7a411fedbca9b8b1c26 C:\WINDOWS\system32\dllcache\wuauclt.exe

2004-08-04 00:44 36352 f93fb4bfaae8a81b3989583f0652f346 C:\WINDOWS\system32\userinit.exe
2004-08-04 00:44 36352 6b684540f75121e222b9035f31fa18ac C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( snapshot_2008-09-24_20.37.22.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-01-28 14:42:30 1,531,904 ----a-w C:\WINDOWS\adiras.exe
+ 2004-01-28 14:42:30 1,609,728 ----a-w C:\WINDOWS\adiras.exe
- 2005-05-03 10:43:28 69,632 ------r C:\WINDOWS\Alcmtr.exe
+ 2005-05-03 10:43:28 81,920 ------r C:\WINDOWS\Alcmtr.exe
- 2006-05-04 08:26:36 2,808,832 ------r C:\WINDOWS\alcwzrd.exe
+ 2006-05-04 08:26:36 2,920,448 ------r C:\WINDOWS\alcwzrd.exe
- 2003-01-30 06:48:24 143,360 ----a-w C:\WINDOWS\autoclk.exe
+ 2003-01-30 06:48:24 155,648 ----a-w C:\WINDOWS\autoclk.exe
- 2005-10-20 18:02:28 178,176 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2008-07-17 10:57:07 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-17 10:57:07 178,176 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
- 2008-09-11 18:08:23 475,136 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-09-24 18:39:12 475,136 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-09-11 18:08:23 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-09-24 18:39:12 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2006-10-11 09:42:58 2,157,568 ------r C:\WINDOWS\MicCal.exe
+ 2006-10-11 09:42:58 2,235,392 ------r C:\WINDOWS\MicCal.exe
- 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 05:28:32 25,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2004-08-03 22:44:26 70,144 ----a-w C:\WINDOWS\NOTEPAD.EXE
+ 2004-08-03 22:44:26 179,712 ----a-w C:\WINDOWS\NOTEPAD.EXE
- 2007-03-23 11:19:10 9,715,200 ------r C:\WINDOWS\RTLCPL.exe
+ 2007-03-23 11:19:10 9,728,000 ------r C:\WINDOWS\RTLCPL.exe
- 2007-01-16 02:39:36 1,191,936 ------r C:\WINDOWS\RtlUpd.exe
+ 2007-01-16 02:39:36 1,204,224 ------r C:\WINDOWS\RtlUpd.exe
- 2000-08-31 06:00:00 142,848 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
- 2007-04-13 07:36:14 1,822,720 ------r C:\WINDOWS\SkyTel.exe
+ 2007-04-13 07:36:14 1,867,776 ------r C:\WINDOWS\SkyTel.exe
- 2004-08-03 22:44:18 4,096 ----a-w C:\WINDOWS\system32\actmovie.exe
+ 2004-08-03 22:44:18 15,360 ----a-w C:\WINDOWS\system32\actmovie.exe
- 2004-08-03 22:44:18 98,304 ----a-w C:\WINDOWS\system32\ahui.exe
+ 2004-08-03 22:44:18 109,568 ----a-w C:\WINDOWS\system32\ahui.exe
- 2001-10-26 18:29:46 19,968 ----a-w C:\WINDOWS\system32\arp.exe
+ 2001-10-26 18:29:46 31,232 ----a-w C:\WINDOWS\system32\arp.exe
- 2004-08-03 22:44:18 30,208 ----a-w C:\WINDOWS\system32\asr_fmt.exe
+ 2004-08-03 22:44:18 107,008 ----a-w C:\WINDOWS\system32\asr_fmt.exe
- 2001-10-26 18:29:46 33,792 ----a-w C:\WINDOWS\system32\asr_ldm.exe
+ 2001-10-26 18:29:46 77,824 ----a-w C:\WINDOWS\system32\asr_ldm.exe
- 2004-08-03 22:44:18 32,768 ----a-w C:\WINDOWS\system32\asr_pfu.exe
+ 2004-08-03 22:44:18 44,032 ----a-w C:\WINDOWS\system32\asr_pfu.exe
- 2004-08-03 22:44:18 25,600 ----a-w C:\WINDOWS\system32\at.exe
+ 2004-08-03 22:44:18 102,400 ----a-w C:\WINDOWS\system32\at.exe
- 2007-10-16 11:39:00 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
+ 2007-10-16 11:39:00 37,376 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
- 2007-10-16 11:40:00 40,960 ----a-w C:\WINDOWS\system32\ATIODCLI.exe
+ 2007-10-16 11:40:00 59,876 ----a-w C:\WINDOWS\system32\ATIODCLI.exe
- 2007-10-16 11:40:00 81,920 ----a-w C:\WINDOWS\system32\ATIODE.exe
+ 2007-10-16 11:40:00 180,132 ----a-w C:\WINDOWS\system32\ATIODE.exe
- 2004-08-03 22:44:18 11,264 ----a-w C:\WINDOWS\system32\atmadm.exe
+ 2004-08-03 22:44:18 55,296 ----a-w C:\WINDOWS\system32\atmadm.exe
- 2004-08-03 22:44:18 14,336 ----a-w C:\WINDOWS\system32\auditusr.exe
+ 2004-08-03 22:44:18 91,136 ----a-w C:\WINDOWS\system32\auditusr.exe
- 2004-08-03 22:44:18 71,680 ----a-w C:\WINDOWS\system32\blastcln.exe
+ 2004-08-03 22:44:18 148,480 ----a-w C:\WINDOWS\system32\blastcln.exe
- 2001-10-26 18:29:48 148,480 ----a-w C:\WINDOWS\system32\bootcfg.exe
+ 2001-10-26 18:29:48 192,512 ----a-w C:\WINDOWS\system32\bootcfg.exe
- 2001-10-26 18:29:48 4,608 ----a-w C:\WINDOWS\system32\bootok.exe
+ 2001-10-26 18:29:48 15,872 ----a-w C:\WINDOWS\system32\bootok.exe
- 2001-10-26 18:29:48 5,120 ----a-w C:\WINDOWS\system32\bootvrfy.exe
+ 2001-10-26 18:29:48 16,384 ----a-w C:\WINDOWS\system32\bootvrfy.exe
- 2001-10-26 18:29:48 19,456 ----a-w C:\WINDOWS\system32\cacls.exe
+ 2001-10-26 18:29:48 30,720 ----a-w C:\WINDOWS\system32\cacls.exe
- 2006-08-01 07:02:32 49,152 ------r C:\WINDOWS\system32\ChCfg.exe
+ 2006-08-01 07:02:32 61,440 ------r C:\WINDOWS\system32\ChCfg.exe
- 2001-10-26 18:29:48 11,776 ----a-w C:\WINDOWS\system32\chkdsk.exe
+ 2001-10-26 18:29:48 55,808 ----a-w C:\WINDOWS\system32\chkdsk.exe
- 2001-10-26 18:29:48 11,264 ----a-w C:\WINDOWS\system32\chkntfs.exe
+ 2001-10-26 18:29:48 22,528 ----a-w C:\WINDOWS\system32\chkntfs.exe
- 2001-10-26 18:29:48 8,192 ----a-w C:\WINDOWS\system32\cidaemon.exe
+ 2001-10-26 18:29:48 19,456 ----a-w C:\WINDOWS\system32\cidaemon.exe
- 2004-08-03 22:44:18 56,320 ----a-w C:\WINDOWS\system32\cipher.exe
+ 2004-08-03 22:44:18 67,584 ----a-w C:\WINDOWS\system32\cipher.exe
- 2004-08-03 22:44:18 5,632 ----a-w C:\WINDOWS\system32\cisvc.exe
+ 2004-08-03 22:44:18 16,896 ----a-w C:\WINDOWS\system32\cisvc.exe
- 2001-10-26 18:29:48 7,680 ----a-w C:\WINDOWS\system32\ckcnv.exe
+ 2001-10-26 18:29:48 84,480 ----a-w C:\WINDOWS\system32\ckcnv.exe
- 2004-08-03 22:44:18 20,480 ----a-w C:\WINDOWS\system32\cliconfg.exe
+ 2004-08-03 22:44:18 65,536 ----a-w C:\WINDOWS\system32\cliconfg.exe
- 2004-08-03 22:44:18 103,424 ----a-w C:\WINDOWS\system32\clipbrd.exe
+ 2004-08-03 22:44:18 180,224 ----a-w C:\WINDOWS\system32\clipbrd.exe
- 2004-08-03 22:44:18 33,280 ----a-w C:\WINDOWS\system32\clipsrv.exe
+ 2004-08-03 22:44:18 44,544 ----a-w C:\WINDOWS\system32\clipsrv.exe
- 2004-08-03 22:44:18 39,424 ----a-w C:\WINDOWS\system32\cmmon32.exe
+ 2004-08-03 22:44:18 50,688 ----a-w C:\WINDOWS\system32\cmmon32.exe
- 2004-08-03 22:44:18 64,512 ----a-w C:\WINDOWS\system32\cmstp.exe
+ 2004-08-03 22:44:18 108,544 ----a-w C:\WINDOWS\system32\cmstp.exe
- 2001-10-26 18:29:50 15,872 ----a-w C:\WINDOWS\system32\comp.exe
+ 2001-10-26 18:29:50 27,136 ----a-w C:\WINDOWS\system32\comp.exe
- 2001-10-26 18:29:50 17,920 ----a-w C:\WINDOWS\system32\compact.exe
+ 2001-10-26 18:29:50 29,184 ----a-w C:\WINDOWS\system32\compact.exe
- 2008-09-24 18:33:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-24 18:48:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-24 18:33:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-09-24 18:48:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-09-24 17:47:21 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008092420080925\index.dat
+ 2008-09-24 18:47:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008092420080925\index.dat
+ 2008-09-24 18:48:13 128,000 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\A8Q4XU7G\pa[1].exe
- 2008-09-24 18:33:33 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-24 18:48:33 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-03 22:44:18 27,648 ----a-w C:\WINDOWS\system32\conime.exe
+ 2004-08-03 22:44:18 104,448 ----a-w C:\WINDOWS\system32\conime.exe
- 2001-10-26 18:29:50 19,456 ----a-w C:\WINDOWS\system32\control.exe
+ 2001-10-26 18:29:50 118,272 ----a-w C:\WINDOWS\system32\control.exe
- 2001-10-26 18:29:50 13,824 ----a-w C:\WINDOWS\system32\convert.exe
+ 2001-10-26 18:29:50 90,624 ----a-w C:\WINDOWS\system32\convert.exe
- 2004-08-03 22:44:20 98,304 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2004-08-03 22:44:20 110,592 ----a-w C:\WINDOWS\system32\cscript.exe
- 2001-10-26 18:29:50 5,120 ----a-w C:\WINDOWS\system32\dcomcnfg.exe
+ 2001-10-26 18:29:50 81,920 ----a-w C:\WINDOWS\system32\dcomcnfg.exe
- 2004-08-03 22:44:20 30,720 ----a-w C:\WINDOWS\system32\ddeshare.exe
+ 2004-08-03 22:44:20 74,752 ----a-w C:\WINDOWS\system32\ddeshare.exe
- 2004-08-03 22:44:20 25,088 ----a-w C:\WINDOWS\system32\defrag.exe
+ 2004-08-03 22:44:20 69,120 ----a-w C:\WINDOWS\system32\defrag.exe
- 2004-08-03 22:44:20 82,432 ----a-w C:\WINDOWS\system32\dfrgfat.exe
+ 2004-08-03 22:44:20 159,232 ----a-w C:\WINDOWS\system32\dfrgfat.exe
- 2004-08-03 22:44:20 104,960 ----a-w C:\WINDOWS\system32\dfrgntfs.exe
+ 2004-08-03 22:44:20 148,992 ----a-w C:\WINDOWS\system32\dfrgntfs.exe
- 2004-08-03 22:44:20 85,504 ----a-w C:\WINDOWS\system32\diantz.exe
+ 2004-08-03 22:44:20 96,768 ----a-w C:\WINDOWS\system32\diantz.exe
- 2004-08-03 22:44:20 164,864 ----a-w C:\WINDOWS\system32\diskpart.exe
+ 2004-08-03 22:44:20 208,896 ----a-w C:\WINDOWS\system32\diskpart.exe
- 2001-10-26 18:29:50 18,432 ----a-w C:\WINDOWS\system32\diskperf.exe
+ 2001-10-26 18:29:50 29,696 ----a-w C:\WINDOWS\system32\diskperf.exe
- 2001-10-26 18:29:48 13,824 -c--a-w C:\WINDOWS\system32\dllcache\chglogon.exe
+ 2001-10-26 18:29:48 25,088 -c--a-w C:\WINDOWS\system32\dllcache\chglogon.exe
- 2001-10-26 18:29:48 11,776 -c--a-w C:\WINDOWS\system32\dllcache\chkdsk.exe
+ 2001-10-26 18:29:48 23,040 -c--a-w C:\WINDOWS\system32\dllcache\chkdsk.exe
- 2001-10-26 18:29:50 13,824 -c--a-w C:\WINDOWS\system32\dllcache\convert.exe
+ 2001-10-26 18:29:50 25,088 -c--a-w C:\WINDOWS\system32\dllcache\convert.exe
- 2004-08-03 22:44:22 13,312 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe
+ 2004-08-03 22:44:22 24,576 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe
- 2001-10-26 18:29:58 13,824 -c--a-w C:\WINDOWS\system32\dllcache\mrinfo.exe
+ 2001-10-26 18:29:58 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mrinfo.exe
- 2001-10-26 18:30:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\rasautou.exe
+ 2001-10-26 18:30:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\rasautou.exe
- 2001-10-26 18:30:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\rasdial.exe
+ 2001-10-26 18:30:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\rasdial.exe
- 2004-08-03 22:44:26 13,824 -c--a-w C:\WINDOWS\system32\dllcache\rdsaddin.exe
+ 2004-08-03 22:44:26 25,088 -c--a-w C:\WINDOWS\system32\dllcache\rdsaddin.exe
- 2004-08-03 22:44:28 13,824 -c--a-w C:\WINDOWS\system32\dllcache\savedump.exe
+ 2004-08-03 22:44:28 25,088 -c--a-w C:\WINDOWS\system32\dllcache\savedump.exe
- 2004-08-03 22:44:28 11,776 -c--a-w C:\WINDOWS\system32\dllcache\spnpinst.exe
+ 2004-08-03 22:44:28 23,040 -c--a-w C:\WINDOWS\system32\dllcache\spnpinst.exe
- 2001-10-26 18:30:02 13,312 -c--a-w C:\WINDOWS\system32\dllcache\tcmsetup.exe
+ 2001-10-26 18:30:02 24,576 -c--a-w C:\WINDOWS\system32\dllcache\tcmsetup.exe
- 2004-08-03 22:44:30 504,832 -c--a-w C:\WINDOWS\system32\dllcache\winlogon.exe
+ 2004-08-03 22:44:30 516,096 -c--a-w C:\WINDOWS\system32\dllcache\winlogon.exe
- 2001-10-26 18:30:06 13,824 -c--a-w C:\WINDOWS\system32\dllcache\winmgmt.exe
+ 2001-10-26 18:30:06 25,088 -c--a-w C:\WINDOWS\system32\dllcache\winmgmt.exe
- 2001-10-26 18:30:06 11,776 -c--a-w C:\WINDOWS\system32\dllcache\winmsd.exe
+ 2001-10-26 18:30:06 23,040 -c--a-w C:\WINDOWS\system32\dllcache\winmsd.exe
- 2004-08-03 22:44:30 13,824 -c--a-w C:\WINDOWS\system32\dllcache\wscntfy.exe
+ 2004-08-03 22:44:30 25,088 -c--a-w C:\WINDOWS\system32\dllcache\wscntfy.exe
- 2004-08-03 22:44:20 5,120 ----a-w C:\WINDOWS\system32\dllhost.exe
+ 2004-08-03 22:44:20 16,384 ----a-w C:\WINDOWS\system32\dllhost.exe
- 2001-10-26 18:29:50 4,608 ----a-w C:\WINDOWS\system32\dllhst3g.exe
+ 2001-10-26 18:29:50 48,640 ----a-w C:\WINDOWS\system32\dllhst3g.exe
- 2004-08-03 22:44:20 225,280 ----a-w C:\WINDOWS\system32\dmadmin.exe
+ 2004-08-03 22:44:20 302,080 ----a-w C:\WINDOWS\system32\dmadmin.exe
- 2004-08-03 22:44:20 15,872 ----a-w C:\WINDOWS\system32\dmremote.exe
+ 2004-08-03 22:44:20 27,136 ----a-w C:\WINDOWS\system32\dmremote.exe
- 2006-02-28 10:41:34 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2006-02-28 10:41:34 106,496 ----a-w C:\WINDOWS\system32\dns-sd.exe
- 2001-10-26 18:29:52 10,752 ----a-w C:\WINDOWS\system32\doskey.exe
+ 2001-10-26 18:29:52 22,016 ----a-w C:\WINDOWS\system32\doskey.exe
- 2004-08-03 22:44:20 30,208 ----a-w C:\WINDOWS\system32\dplaysvr.exe
+ 2004-08-03 22:44:20 74,240 ----a-w C:\WINDOWS\system32\dplaysvr.exe
- 2004-08-03 22:44:20 18,432 ----a-w C:\WINDOWS\system32\dpnsvr.exe
+ 2004-08-03 22:44:20 95,232 ----a-w C:\WINDOWS\system32\dpnsvr.exe
- 2004-08-03 22:44:20 83,456 ----a-w C:\WINDOWS\system32\dpvsetup.exe
+ 2004-08-03 22:44:20 160,256 ----a-w C:\WINDOWS\system32\dpvsetup.exe
- 2001-10-26 18:29:52 60,416 ----a-w C:\WINDOWS\system32\driverquery.exe
+ 2001-10-26 18:29:52 104,448 ----a-w C:\WINDOWS\system32\driverquery.exe
- 2004-08-03 22:44:20 22,016 ----a-w C:\WINDOWS\system32\dumprep.exe
+ 2004-08-03 22:44:20 88,064 ----a-w C:\WINDOWS\system32\dumprep.exe
- 2001-10-26 19:03:24 57,856 ----a-w C:\WINDOWS\system32\dvdplay.exe
+ 2001-10-26 19:03:24 134,656 ----a-w C:\WINDOWS\system32\dvdplay.exe
- 2004-08-03 22:44:20 17,920 ----a-w C:\WINDOWS\system32\dvdupgrd.exe
+ 2004-08-03 22:44:20 61,952 ----a-w C:\WINDOWS\system32\dvdupgrd.exe
- 2004-08-03 22:44:20 1,298,432 ----a-w C:\WINDOWS\system32\dxdiag.exe
+ 2004-08-03 22:44:20 1,343,488 ----a-w C:\WINDOWS\system32\dxdiag.exe
- 2001-10-26 18:29:52 39,424 ----a-w C:\WINDOWS\system32\esentutl.exe
+ 2001-10-26 18:29:52 50,688 ----a-w C:\WINDOWS\system32\esentutl.exe
- 2004-08-03 22:44:20 194,048 ----a-w C:\WINDOWS\system32\eudcedit.exe
+ 2004-08-03 22:44:20 205,312 ----a-w C:\WINDOWS\system32\eudcedit.exe
- 2004-08-03 22:44:20 52,224 ----a-w C:\WINDOWS\system32\eventcreate.exe
+ 2004-08-03 22:44:20 96,256 ----a-w C:\WINDOWS\system32\eventcreate.exe
- 2001-10-26 18:29:52 80,896 ----a-w C:\WINDOWS\system32\eventtriggers.exe
+ 2001-10-26 18:29:52 124,928 ----a-w C:\WINDOWS\system32\eventtriggers.exe
- 2001-10-26 18:29:52 9,216 ----a-w C:\WINDOWS\system32\eventvwr.exe
+ 2001-10-26 18:29:52 20,480 ----a-w C:\WINDOWS\system32\eventvwr.exe
- 2001-10-26 18:29:52 16,384 ----a-w C:\WINDOWS\system32\expand.exe
+ 2001-10-26 18:29:52 27,648 ----a-w C:\WINDOWS\system32\expand.exe
- 2004-08-03 22:44:20 45,568 ----a-w C:\WINDOWS\system32\extrac32.exe
+ 2004-08-03 22:44:20 56,832 ----a-w C:\WINDOWS\system32\extrac32.exe
- 2001-10-26 18:29:54 14,848 ----a-w C:\WINDOWS\system32\fc.exe
+ 2001-10-26 18:29:54 91,648 ----a-w C:\WINDOWS\system32\fc.exe
- 2001-10-26 18:29:54 86,016 ----a-w C:\WINDOWS\system32\find.exe
+ 2001-10-26 18:29:54 118,784 ----a-w C:\WINDOWS\system32\find.exe
- 2001-10-26 18:29:54 9,728 ----a-w C:\WINDOWS\system32\finger.exe
+ 2001-10-26 18:29:54 53,760 ----a-w C:\WINDOWS\system32\finger.exe
- 2001-10-26 18:29:54 3,072 ----a-w C:\WINDOWS\system32\fixmapi.exe
+ 2001-10-26 18:29:54 14,336 ----a-w C:\WINDOWS\system32\fixmapi.exe
- 2004-08-03 22:44:20 22,528 ----a-w C:\WINDOWS\system32\fltMc.exe
+ 2004-08-03 22:44:20 33,792 ----a-w C:\WINDOWS\system32\fltMc.exe
- 2004-08-03 22:44:20 21,504 ----a-w C:\WINDOWS\system32\fontview.exe
+ 2004-08-03 22:44:20 98,816 ----a-w C:\WINDOWS\system32\fontview.exe
- 2001-10-26 18:29:54 7,168 ----a-w C:\WINDOWS\system32\forcedos.exe
+ 2001-10-26 18:29:54 84,480 ----a-w C:\WINDOWS\system32\forcedos.exe
- 2004-08-03 22:44:20 193,024 ----a-w C:\WINDOWS\system32\fsquirt.exe
+ 2004-08-03 22:44:20 269,824 ----a-w C:\WINDOWS\system32\fsquirt.exe
- 2001-10-26 18:29:54 62,976 ----a-w C:\WINDOWS\system32\fsutil.exe
+ 2001-10-26 18:29:54 140,288 ----a-w C:\WINDOWS\system32\fsutil.exe
- 2004-08-03 22:44:20 44,544 ----a-w C:\WINDOWS\system32\ftp.exe
+ 2004-08-03 22:44:20 55,808 ----a-w C:\WINDOWS\system32\ftp.exe
- 2001-10-26 18:29:54 56,832 ----a-w C:\WINDOWS\system32\getmac.exe
+ 2001-10-26 18:29:54 68,096 ----a-w C:\WINDOWS\system32\getmac.exe
- 2004-08-03 22:44:22 122,880 ----a-w C:\WINDOWS\system32\gpresult.exe
+ 2004-08-03 22:44:22 134,144 ----a-w C:\WINDOWS\system32\gpresult.exe
- 2001-10-26 18:29:54 58,368 ----a-w C:\WINDOWS\system32\gpupdate.exe
+ 2001-10-26 18:29:54 135,168 ----a-w C:\WINDOWS\system32\gpupdate.exe
- 2005-01-07 15:07:16 61,952 ------w C:\WINDOWS\system32\HdAShCut.exe
+ 2005-01-07 15:07:16 73,216 ------w C:\WINDOWS\system32\HdAShCut.exe
- 2001-10-26 18:29:54 14,848 ----a-w C:\WINDOWS\system32\help.exe
+ 2001-10-26 18:29:54 58,880 ----a-w C:\WINDOWS\system32\help.exe
- 2001-10-26 18:29:54 8,192 ----a-w C:\WINDOWS\system32\hostname.exe
+ 2001-10-26 18:29:54 84,992 ----a-w C:\WINDOWS\system32\hostname.exe
- 2004-08-03 22:44:22 114,688 ----a-w C:\WINDOWS\system32\iexpress.exe
+ 2004-08-03 22:44:22 125,952 ----a-w C:\WINDOWS\system32\iexpress.exe
- 2004-08-03 22:44:22 57,344 ----a-w C:\WINDOWS\system32\ipconfig.exe
+ 2004-08-03 22:44:22 68,608 ----a-w C:\WINDOWS\system32\ipconfig.exe
- 2001-10-26 18:29:54 45,056 ----a-w C:\WINDOWS\system32\ipsec6.exe
+ 2001-10-26 18:29:54 56,320 ----a-w C:\WINDOWS\system32\ipsec6.exe
- 2004-08-03 22:44:22 53,760 ----a-w C:\WINDOWS\system32\ipv6.exe
+ 2004-08-03 22:44:22 98,304 ----a-w C:\WINDOWS\system32\ipv6.exe
- 2004-08-03 22:44:22 24,064 ----a-w C:\WINDOWS\system32\ipxroute.exe
+ 2004-08-03 22:44:22 35,328 ----a-w C:\WINDOWS\system32\ipxroute.exe
- 2005-11-10 09:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2005-11-10 09:27:06 127,072 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 09:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2005-11-10 09:27:16 127,074 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 11:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-11-10 11:03:54 204,902 ----a-w C:\WINDOWS\system32\javaws.exe
- 2001-10-26 18:29:54 9,728 ----a-w C:\WINDOWS\system32\label.exe
+ 2001-10-26 18:29:54 20,992 ----a-w C:\WINDOWS\system32\label.exe
- 2001-10-26 18:29:54 29,696 ----a-w C:\WINDOWS\system32\lights.exe
+ 2001-10-26 18:29:54 52,224 ----a-w C:\WINDOWS\system32\lights.exe
- 2001-10-26 18:29:54 26,624 ----a-w C:\WINDOWS\system32\lnkstub.exe
+ 2001-10-26 18:29:54 37,888 ----a-w C:\WINDOWS\system32\lnkstub.exe
- 2004-08-03 22:44:22 75,264 ----a-w C:\WINDOWS\system32\locator.exe
+ 2004-08-03 22:44:22 119,296 ----a-w C:\WINDOWS\system32\locator.exe
- 2001-10-26 18:29:56 5,120 ----a-w C:\WINDOWS\system32\lodctr.exe
+ 2001-10-26 18:29:56 49,664 ----a-w C:\WINDOWS\system32\lodctr.exe
- 2004-08-03 22:44:22 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2004-08-03 22:44:22 180,736 ----a-w C:\WINDOWS\system32\logagent.exe
- 2004-08-03 22:44:22 60,928 ----a-w C:\WINDOWS\system32\logman.exe
+ 2004-08-03 22:44:22 105,472 ----a-w C:\WINDOWS\system32\logman.exe
- 2001-10-26 18:29:56 15,872 ----a-w C:\WINDOWS\system32\logoff.exe
+ 2001-10-26 18:29:56 59,904 ----a-w C:\WINDOWS\system32\logoff.exe
- 2001-10-26 18:29:56 6,144 ----a-w C:\WINDOWS\system32\lpq.exe
+ 2001-10-26 18:29:56 17,408 ----a-w C:\WINDOWS\system32\lpq.exe
- 2001-10-26 18:29:56 8,192 ----a-w C:\WINDOWS\system32\lpr.exe
+ 2001-10-26 18:29:56 84,992 ----a-w C:\WINDOWS\system32\lpr.exe
- 2004-08-03 22:44:22 85,504 ----a-w C:\WINDOWS\system32\makecab.exe
+ 2004-08-03 22:44:22 96,768 ----a-w C:\WINDOWS\system32\makecab.exe
- 2001-10-26 18:29:56 52,224 ----a-w C:\WINDOWS\system32\migpwd.exe
+ 2001-10-26 18:29:56 129,024 ----a-w C:\WINDOWS\system32\migpwd.exe
- 2002-11-18 13:02:58 40,960 ----a-w C:\WINDOWS\system32\MMAVILNG.exe
+ 2002-11-18 13:02:58 56,988 ----a-w C:\WINDOWS\system32\MMAVILNG.exe
- 2004-08-03 22:44:22 815,616 ----a-w C:\WINDOWS\system32\mmc.exe
+ 2004-08-03 22:44:22 892,928 ----a-w C:\WINDOWS\system32\mmc.exe
- 2004-08-03 22:44:22 32,768 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
+ 2004-08-03 22:44:22 45,056 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
- 2001-10-26 18:29:56 8,192 ----a-w C:\WINDOWS\system32\mountvol.exe
+ 2001-10-26 18:29:56 19,456 ----a-w C:\WINDOWS\system32\mountvol.exe
- 2004-08-03 22:44:24 124,928 ----a-w C:\WINDOWS\system32\mplay32.exe
+ 2004-08-03 22:44:24 201,728 ----a-w C:\WINDOWS\system32\mplay32.exe
- 2001-10-26 18:29:58 22,016 ----a-w C:\WINDOWS\system32\mpnotify.exe
+ 2001-10-26 18:29:58 66,560 ----a-w C:\WINDOWS\system32\mpnotify.exe
- 2004-08-03 22:44:24 19,968 ----a-w C:\WINDOWS\system32\mqbkup.exe
+ 2004-08-03 22:44:24 31,232 ----a-w C:\WINDOWS\system32\mqbkup.exe
- 2004-08-03 22:44:24 4,608 ----a-w C:\WINDOWS\system32\mqsvc.exe
+ 2004-08-03 22:44:24 15,872 ----a-w C:\WINDOWS\system32\mqsvc.exe
- 2004-08-03 22:44:24 117,248 ----a-w C:\WINDOWS\system32\mqtgsvc.exe
+ 2004-08-03 22:44:24 128,512 ----a-w C:\WINDOWS\system32\mqtgsvc.exe
- 2001-10-26 18:29:58 13,824 ----a-w C:\WINDOWS\system32\mrinfo.exe
+ 2001-10-26 18:29:58 25,088 ----a-w C:\WINDOWS\system32\mrinfo.exe
- 2004-08-03 22:44:24 6,144 ----a-w C:\WINDOWS\system32\msdtc.exe
+ 2004-08-03 22:44:24 17,408 ----a-w C:\WINDOWS\system32\msdtc.exe
- 2001-10-26 18:29:58 22,528 ----a-w C:\WINDOWS\system32\msg.exe
+ 2001-10-26 18:29:58 99,840 ----a-w C:\WINDOWS\system32\msg.exe
- 2004-08-03 22:44:24 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2004-08-03 22:44:24 73,728 ----a-w C:\WINDOWS\system32\mshta.exe
- 2005-05-04 12:45:36 90,112 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 12:45:36 188,416 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2001-10-26 18:29:58 6,656 ----a-w C:\WINDOWS\system32\msswchx.exe
+ 2001-10-26 18:29:58 17,920 ----a-w C:\WINDOWS\system32\msswchx.exe
- 2004-08-03 22:44:26 12,288 ----a-w C:\WINDOWS\system32\mstinit.exe
+ 2004-08-03 22:44:26 89,600 ----a-w C:\WINDOWS\system32\mstinit.exe
- 2004-08-03 22:44:26 55,296 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2004-08-03 22:44:26 66,560 ----a-w C:\WINDOWS\system32\narrator.exe
- 2001-10-26 18:29:58 21,504 ----a-w C:\WINDOWS\system32\nbtstat.exe
+ 2001-10-26 18:29:58 32,768 ----a-w C:\WINDOWS\system32\nbtstat.exe
- 2004-08-03 22:44:26 4,096 ----a-w C:\WINDOWS\system32\nddeapir.exe
+ 2004-08-03 22:44:26 15,360 ----a-w C:\WINDOWS\system32\nddeapir.exe
- 2004-08-03 22:44:26 42,496 ----a-w C:\WINDOWS\system32\net.exe
+ 2004-08-03 22:44:26 87,040 ----a-w C:\WINDOWS\system32\net.exe
- 2004-08-03 22:44:26 124,928 ----a-w C:\WINDOWS\system32\net1.exe
+ 2004-08-03 22:44:26 136,192 ----a-w C:\WINDOWS\system32\net1.exe
- 2004-08-03 22:44:26 114,688 ----a-w C:\WINDOWS\system32\netdde.exe
+ 2004-08-03 22:44:26 191,488 ----a-w C:\WINDOWS\system32\netdde.exe
- 2004-08-03 22:46:50 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
+ 2004-08-03 22:46:50 347,136 ----a-w C:\WINDOWS\system32\netsetup.exe
- 2004-08-03 22:44:26 87,040 ----a-w C:\WINDOWS\system32\netsh.exe
+ 2004-08-03 22:44:26 98,304 ----a-w C:\WINDOWS\system32\netsh.exe
- 2004-08-03 22:44:26 38,400 ----a-w C:\WINDOWS\system32\netstat.exe
+ 2004-08-03 22:44:26 49,664 ----a-w C:\WINDOWS\system32\netstat.exe
- 2001-10-26 18:30:00 31,744 ----a-w C:\WINDOWS\system32\ntsd.exe
+ 2001-10-26 18:30:00 76,288 ----a-w C:\WINDOWS\system32\ntsd.exe
- 2004-08-03 22:44:26 420,352 ----a-w C:\WINDOWS\system32\ntvdm.exe
+ 2004-08-03 22:44:26 464,384 ----a-w C:\WINDOWS\system32\ntvdm.exe
- 2001-10-26 18:30:00 128,512 ----a-w C:\WINDOWS\system32\nwscript.exe
+ 2001-10-26 18:30:00 172,544 ----a-w C:\WINDOWS\system32\nwscript.exe
- 2004-08-03 22:44:26 69,632 ----a-w C:\WINDOWS\system32\odbcconf.exe
+ 2004-08-03 22:44:26 81,920 ----a-w C:\WINDOWS\system32\odbcconf.exe
- 2004-08-03 22:44:26 70,144 ----a-w C:\WINDOWS\system32\openfiles.exe
+ 2004-08-03 22:44:26 81,408 ----a-w C:\WINDOWS\system32\openfiles.exe
- 2001-10-26 18:30:00 41,472 ----a-w C:\WINDOWS\system32\osuninst.exe
+ 2001-10-26 18:30:00 52,736 ----a-w C:\WINDOWS\system32\osuninst.exe
- 2004-08-03 22:44:26 59,392 ----a-w C:\WINDOWS\system32\packager.exe
+ 2004-08-03 22:44:26 70,656 ----a-w C:\WINDOWS\system32\packager.exe
- 2001-10-26 18:30:00 22,528 ----a-w C:\WINDOWS\system32\pathping.exe
+ 2001-10-26 18:30:00 99,328 ----a-w C:\WINDOWS\system32\pathping.exe
- 2001-10-26 18:30:00 15,360 ----a-w C:\WINDOWS\system32\pentnt.exe
+ 2001-10-26 18:30:00 92,160 ----a-w C:\WINDOWS\system32\pentnt.exe
- 2004-08-03 22:44:26 15,872 ----a-w C:\WINDOWS\system32\perfmon.exe
+ 2004-08-03 22:44:26 27,136 ----a-w C:\WINDOWS\system32\perfmon.exe
- 2004-08-03 22:44:26 30,208 ----a-w C:\WINDOWS\system32\ping.exe
+ 2004-08-03 22:44:26 62,976 ----a-w C:\WINDOWS\system32\ping.exe
- 2001-10-26 18:30:00 33,792 ----a-w C:\WINDOWS\system32\ping6.exe
+ 2001-10-26 18:30:00 110,592 ----a-w C:\WINDOWS\system32\ping6.exe
- 2004-08-03 22:44:26 49,152 ----a-w C:\WINDOWS\system32\powercfg.exe
+ 2004-08-03 22:44:26 125,952 ----a-w C:\WINDOWS\system32\powercfg.exe
- 2001-10-26 18:30:00 9,216 ----a-w C:\WINDOWS\system32\print.exe
+ 2001-10-26 18:30:00 86,016 ----a-w C:\WINDOWS\system32\print.exe
- 2004-08-03 22:44:26 109,568 ----a-w C:\WINDOWS\system32\progman.exe
+ 2004-08-03 22:44:26 153,600 ----a-w C:\WINDOWS\system32\progman.exe
- 2004-08-03 22:44:26 50,688 ----a-w C:\WINDOWS\system32\proquota.exe
+ 2004-08-03 22:44:26 127,488 ----a-w C:\WINDOWS\system32\proquota.exe
- 2004-08-03 22:44:26 9,728 ----a-w C:\WINDOWS\system32\proxycfg.exe
+ 2004-08-03 22:44:26 20,992 ----a-w C:\WINDOWS\system32\proxycfg.exe
- 2004-08-03 22:44:26 20,992 ----a-w C:\WINDOWS\system32\qprocess.exe
+ 2004-08-03 22:44:26 65,024 ----a-w C:\WINDOWS\system32\qprocess.exe
- 2001-10-26 18:30:00 22,528 ----a-w C:\WINDOWS\system32\qwinsta.exe
+ 2001-10-26 18:30:00 66,560 ----a-w C:\WINDOWS\system32\qwinsta.exe
- 2001-10-26 18:30:00 11,776 ----a-w C:\WINDOWS\system32\rasdial.exe
+ 2001-10-26 18:30:00 23,040 ----a-w C:\WINDOWS\system32\rasdial.exe
- 2004-08-03 22:44:26 56,832 ----a-w C:\WINDOWS\system32\rasphone.exe
+ 2004-08-03 22:44:26 68,096 ----a-w C:\WINDOWS\system32\rasphone.exe
- 2004-08-03 22:44:26 22,016 ----a-w C:\WINDOWS\system32\rcp.exe
+ 2004-08-03 22:44:26 33,280 ----a-w C:\WINDOWS\system32\rcp.exe
- 2004-08-03 22:44:26 62,464 ----a-w C:\WINDOWS\system32\rdpclip.exe
+ 2004-08-03 22:44:26 73,728 ----a-w C:\WINDOWS\system32\rdpclip.exe
- 2004-08-03 22:44:26 13,824 ----a-w C:\WINDOWS\system32\rdsaddin.exe
+ 2004-08-03 22:44:26 57,856 ----a-w C:\WINDOWS\system32\rdsaddin.exe
- 2004-08-03 22:44:26 67,072 ----a-w C:\WINDOWS\system32\rdshost.exe
+ 2004-08-03 22:44:26 78,336 ----a-w C:\WINDOWS\system32\rdshost.exe
- 2001-10-26 18:30:00 7,168 ----a-w C:\WINDOWS\system32\recover.exe
+ 2001-10-26 18:30:00 18,432 ----a-w C:\WINDOWS\system32\recover.exe
- 2004-08-03 22:44:28 53,248 ----a-w C:\WINDOWS\system32\reg.exe
+ 2004-08-03 22:44:28 64,512 ----a-w C:\WINDOWS\system32\reg.exe
- 2001-10-26 18:30:00 3,584 ----a-w C:\WINDOWS\system32\regedt32.exe
+ 2001-10-26 18:30:00 14,848 ----a-w C:\WINDOWS\system32\regedt32.exe
- 2001-10-26 18:30:00 33,792 ----a-w C:\WINDOWS\system32\regini.exe
+ 2001-10-26 18:30:00 45,056 ----a-w C:\WINDOWS\system32\regini.exe
- 2001-10-26 18:30:00 4,608 ----a-w C:\WINDOWS\system32\regwiz.exe
+ 2001-10-26 18:30:00 15,872 ----a-w C:\WINDOWS\system32\regwiz.exe
- 2001-10-26 18:30:00 33,792 ----a-w C:\WINDOWS\system32\relog.exe
+ 2001-10-26 18:30:00 77,824 ----a-w C:\WINDOWS\system32\relog.exe
- 2001-10-26 18:30:00 12,800 ----a-w C:\WINDOWS\system32\replace.exe
+ 2001-10-26 18:30:00 89,600 ----a-w C:\WINDOWS\system32\replace.exe
- 2001-10-26 18:30:00 9,728 ----a-w C:\WINDOWS\system32\reset.exe
+ 2001-10-26 18:30:00 53,760 ----a-w C:\WINDOWS\system32\reset.exe
- 2004-08-03 22:44:28 14,336 ----a-w C:\WINDOWS\system32\rexec.exe
+ 2004-08-03 22:44:28 25,600 ----a-w C:\WINDOWS\system32\rexec.exe
- 2001-10-26 18:03:18 25,600 ----a-w C:\WINDOWS\system32\routemon.exe
+ 2001-10-26 18:03:18 102,400 ----a-w C:\WINDOWS\system32\routemon.exe
- 2004-08-03 22:44:28 15,360 ----a-w C:\WINDOWS\system32\rsh.exe
+ 2004-08-03 22:44:28 26,624 ----a-w C:\WINDOWS\system32\rsh.exe
- 2001-10-26 18:30:02 54,272 ----a-w C:\WINDOWS\system32\rsm.exe
+ 2001-10-26 18:30:02 65,536 ----a-w C:\WINDOWS\system32\rsm.exe
- 2001-10-26 18:30:02 24,576 ----a-w C:\WINDOWS\system32\rsmsink.exe
+ 2001-10-26 18:30:02 35,840 ----a-w C:\WINDOWS\system32\rsmsink.exe
- 2001-10-26 18:30:02 49,152 ----a-w C:\WINDOWS\system32\rsmui.exe
+ 2001-10-26 18:30:02 60,416 ----a-w C:\WINDOWS\system32\rsmui.exe
- 2004-08-03 22:44:28 107,520 ----a-w C:\WINDOWS\system32\rsnotify.exe
+ 2004-08-03 22:44:28 184,320 ----a-w C:\WINDOWS\system32\rsnotify.exe
- 2001-10-26 18:30:02 62,976 ----a-w C:\WINDOWS\system32\rsopprov.exe
+ 2001-10-26 18:30:02 107,008 ----a-w C:\WINDOWS\system32\rsopprov.exe
- 2001-10-26 18:30:02 132,608 ----a-w C:\WINDOWS\system32\rsvp.exe
+ 2001-10-26 18:30:02 176,640 ----a-w C:\WINDOWS\system32\rsvp.exe
- 2004-08-03 22:44:28 77,824 ----a-w C:\WINDOWS\system32\rtcshare.exe
+ 2004-08-03 22:44:28 89,088 ----a-w C:\WINDOWS\system32\rtcshare.exe
- 2001-10-26 18:30:02 16,896 ----a-w C:\WINDOWS\system32\runas.exe
+ 2001-10-26 18:30:02 93,696 ----a-w C:\WINDOWS\system32\runas.exe
- 2004-08-03 22:44:28 25,600 ----a-w C:\WINDOWS\system32\runonce.exe
+ 2004-08-03 22:44:28 58,368 ----a-w C:\WINDOWS\system32\runonce.exe
- 2001-10-26 18:30:02 16,384 ----a-w C:\WINDOWS\system32\rwinsta.exe
+ 2001-10-26 18:30:02 60,416 ----a-w C:\WINDOWS\system32\rwinsta.exe
- 2004-08-03 22:44:28 13,824 ----a-w C:\WINDOWS\system32\savedump.exe
+ 2004-08-03 22:44:28 57,856 ----a-w C:\WINDOWS\system32\savedump.exe
- 2001-10-26 18:30:02 31,232 ----a-w C:\WINDOWS\system32\sc.exe
+ 2001-10-26 18:30:02 75,264 ----a-w C:\WINDOWS\system32\sc.exe
- 2004-08-03 22:44:28 98,304 ----a-w C:\WINDOWS\system32\scardsvr.exe
+ 2004-08-03 22:44:28 109,568 ----a-w C:\WINDOWS\system32\scardsvr.exe
- 2004-08-03 22:44:28 128,000 ----a-w C:\WINDOWS\system32\schtasks.exe
+ 2004-08-03 22:44:28 139,264 ----a-w C:\WINDOWS\system32\schtasks.exe
- 2004-08-03 22:44:28 77,824 ----a-w C:\WINDOWS\system32\sdbinst.exe
+ 2004-08-03 22:44:28 121,856 ----a-w C:\WINDOWS\system32\sdbinst.exe
- 2004-08-03 22:44:28 18,944 ----a-w C:\WINDOWS\system32\secedit.exe
+ 2004-08-03 22:44:28 30,208 ----a-w C:\WINDOWS\system32\secedit.exe
- 2004-08-03 22:44:28 141,824 ----a-w C:\WINDOWS\system32\sessmgr.exe
+ 2004-08-03 22:44:28 185,856 ----a-w C:\WINDOWS\system32\sessmgr.exe
- 2004-08-03 22:44:28 32,768 ----a-w C:\WINDOWS\system32\sethc.exe
+ 2004-08-03 22:44:28 76,800 ----a-w C:\WINDOWS\system32\sethc.exe
- 2004-08-03 22:44:28 23,040 ----a-w C:\WINDOWS\system32\setup.exe
+ 2004-08-03 22:44:28 34,304 ----a-w C:\WINDOWS\system32\setup.exe
- 2001-10-26 18:30:02 9,728 ----a-w C:\WINDOWS\system32\sfc.exe
+ 2001-10-26 18:30:02 86,528 ----a-w C:\WINDOWS\system32\sfc.exe
- 2001-10-26 18:30:02 15,360 ----a-w C:\WINDOWS\system32\shadow.exe
+ 2001-10-26 18:30:02 59,392 ----a-w C:\WINDOWS\system32\shadow.exe
- 2004-08-03 22:44:28 78,336 ----a-w C:\WINDOWS\system32\shrpubw.exe
+ 2004-08-03 22:44:28 122,368 ----a-w C:\WINDOWS\system32\shrpubw.exe
- 2004-08-03 22:44:28 20,480 ----a-w C:\WINDOWS\system32\shutdown.exe
+ 2004-08-03 22:44:28 31,744 ----a-w C:\WINDOWS\system32\shutdown.exe
- 2004-08-03 22:44:28 70,656 ----a-w C:\WINDOWS\system32\sigverif.exe
+ 2004-08-03 22:44:28 81,920 ----a-w C:\WINDOWS\system32\sigverif.exe
- 2004-08-03 22:44:28 8,192 ----a-w C:\WINDOWS\system32\smbinst.exe
+ 2004-08-03 22:44:28 84,992 ----a-w C:\WINDOWS\system32\smbinst.exe
- 2004-08-03 22:44:28 91,136 ----a-w C:\WINDOWS\system32\smlogsvc.exe
+ 2004-08-03 22:44:28 102,400 ----a-w C:\WINDOWS\system32\smlogsvc.exe
- 2001-10-26 18:30:02 68,096 ----a-w C:\WINDOWS\system32\sort.exe
+ 2001-10-26 18:30:02 166,400 ----a-w C:\WINDOWS\system32\sort.exe
- 2004-08-03 20:59:36 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
+ 2004-08-03 20:59:36 89,600 ----a-w C:\WINDOWS\system32\spiisupd.exe
- 2004-08-03 22:44:28 11,776 ----a-w C:\WINDOWS\system32\spnpinst.exe
+ 2004-08-03 22:44:28 23,040 ----a-w C:\WINDOWS\system32\spnpinst.exe
- 2004-08-03 22:44:28 14,848 ----a-w C:\WINDOWS\system32\stimon.exe
+ 2004-08-03 22:44:28 26,112 ----a-w C:\WINDOWS\system32\stimon.exe
- 2001-10-26 18:30:02 9,216 ----a-w C:\WINDOWS\system32\subst.exe
+ 2001-10-26 18:30:02 86,016 ----a-w C:\WINDOWS\system32\subst.exe
- 2001-10-26 18:30:02 51,200 ----a-w C:\WINDOWS\system32\syncapp.exe
+ 2001-10-26 18:30:02 62,464 ----a-w C:\WINDOWS\system32\syncapp.exe
- 2001-10-26 18:30:02 37,376 ----a-w C:\WINDOWS\system32\syskey.exe
+ 2001-10-26 18:30:02 81,408 ----a-w C:\WINDOWS\system32\syskey.exe
- 2004-08-03 22:44:28 107,008 ----a-w C:\WINDOWS\system32\sysocmgr.exe
+ 2004-08-03 22:44:28 151,040 ----a-w C:\WINDOWS\system32\sysocmgr.exe
- 2001-10-26 18:30:02 70,144 ----a-w C:\WINDOWS\system32\systeminfo.exe
+ 2001-10-26 18:30:02 114,176 ----a-w C:\WINDOWS\system32\systeminfo.exe
- 2001-10-26 18:30:02 3,072 ----a-w C:\WINDOWS\system32\systray.exe
+ 2001-10-26 18:30:02 79,872 ----a-w C:\WINDOWS\system32\systray.exe
- 2001-10-26 18:30:02 74,752 ----a-w C:\WINDOWS\system32\taskkill.exe
+ 2001-10-26 18:30:02 118,784 ----a-w C:\WINDOWS\system32\taskkill.exe
- 2001-10-26 18:30:02 73,728 ----a-w C:\WINDOWS\system32\tasklist.exe
+ 2001-10-26 18:30:02 84,992 ----a-w C:\WINDOWS\system32\tasklist.exe
- 2001-10-26 18:30:02 15,360 ----a-w C:\WINDOWS\system32\taskman.exe
+ 2001-10-26 18:30:02 92,160 ----a-w C:\WINDOWS\system32\taskman.exe
- 2001-10-26 18:30:02 13,312 ----a-w C:\WINDOWS\system32\tcmsetup.exe
+ 2001-10-26 18:30:02 24,576 ----a-w C:\WINDOWS\system32\tcmsetup.exe
- 2001-10-26 18:30:02 19,456 ----a-w C:\WINDOWS\system32\tcpsvcs.exe
+ 2001-10-26 18:30:02 30,720 ----a-w C:\WINDOWS\system32\tcpsvcs.exe
- 2004-08-03 22:44:28 77,312 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2004-08-03 22:44:28 154,624 ----a-w C:\WINDOWS\system32\telnet.exe
- 2001-10-26 18:30:02 16,896 ----a-w C:\WINDOWS\system32\tftp.exe
+ 2001-10-26 18:30:02 94,208 ----a-w C:\WINDOWS\system32\tftp.exe
- 2004-08-03 22:44:28 63,488 ----a-w C:\WINDOWS\system32\tlntadmn.exe
+ 2004-08-03 22:44:28 107,520 ----a-w C:\WINDOWS\system32\tlntadmn.exe
- 2004-08-03 22:44:28 80,384 ----a-w C:\WINDOWS\system32\tlntsess.exe
+ 2004-08-03 22:44:28 124,416 ----a-w C:\WINDOWS\system32\tlntsess.exe
- 2004-08-03 22:44:28 75,264 ----a-w C:\WINDOWS\system32\tlntsvr.exe
+ 2004-08-03 22:44:28 86,528 ----a-w C:\WINDOWS\system32\tlntsvr.exe
- 2004-08-03 22:44:28 260,096 ----a-w C:\WINDOWS\system32\tracerpt.exe
+ 2004-08-03 22:44:28 271,360 ----a-w C:\WINDOWS\system32\tracerpt.exe
- 2004-08-03 22:44:28 12,800 ----a-w C:\WINDOWS\system32\tracert.exe
+ 2004-08-03 22:44:28 24,064 ----a-w C:\WINDOWS\system32\tracert.exe
- 2001-10-26 18:30:04 32,256 ----a-w C:\WINDOWS\system32\tracert6.exe
+ 2001-10-26 18:30:04 43,520 ----a-w C:\WINDOWS\system32\tracert6.exe
- 2001-10-26 18:30:04 15,360 ----a-w C:\WINDOWS\system32\tscon.exe
+ 2001-10-26 18:30:04 59,392 ----a-w C:\WINDOWS\system32\tscon.exe
- 2004-08-03 22:33:20 44,544 ----a-w C:\WINDOWS\system32\tscupgrd.exe
+ 2004-08-03 22:33:20 55,808 ----a-w C:\WINDOWS\system32\tscupgrd.exe
- 2001-10-26 18:30:04 15,360 ----a-w C:\WINDOWS\system32\tsdiscon.exe
+ 2001-10-26 18:30:04 92,160 ----a-w C:\WINDOWS\system32\tsdiscon.exe
- 2001-10-26 18:30:04 16,384 ----a-w C:\WINDOWS\system32\tskill.exe
+ 2001-10-26 18:30:04 60,416 ----a-w C:\WINDOWS\system32\tskill.exe
- 2001-10-26 18:30:04 17,920 ----a-w C:\WINDOWS\system32\tsshutdn.exe
+ 2001-10-26 18:30:04 62,464 ----a-w C:\WINDOWS\system32\tsshutdn.exe
- 2007-05-03 17:37:08 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
+ 2007-05-03 17:37:08 80,896 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
- 2001-10-26 18:30:04 36,864 ----a-w C:\WINDOWS\system32\typeperf.exe
+ 2001-10-26 18:30:04 48,128 ----a-w C:\WINDOWS\system32\typeperf.exe
- 2002-08-15 15:36:38 135,168 ----a-w C:\WINDOWS\system32\unaddrv.exe
+ 2002-08-15 15:36:38 147,456 ----a-w C:\WINDOWS\system32\unaddrv.exe
- 2001-10-26 18:30:04 4,096 ----a-w C:\WINDOWS\system32\unlodctr.exe
+ 2001-10-26 18:30:04 15,360 ----a-w C:\WINDOWS\system32\unlodctr.exe
- 2004-08-03 22:44:28 16,896 ----a-w C:\WINDOWS\system32\upnpcont.exe
+ 2004-08-03 22:44:28 28,160 ----a-w C:\WINDOWS\system32\upnpcont.exe
- 2004-08-03 22:44:30 18,432 ----a-w C:\WINDOWS\system32\ups.exe
+ 2004-08-03 22:44:30 29,696 ----a-w C:\WINDOWS\system32\ups.exe
- 2001-10-26 19:03:24 77,891 ----a-w C:\WINDOWS\system32\usrmlnka.exe
+ 2001-10-26 19:03:24 90,179 ----a-w C:\WINDOWS\system32\usrmlnka.exe
- 2001-10-26 19:03:24 61,508 ----a-w C:\WINDOWS\system32\usrprbda.exe
+ 2001-10-26 19:03:24 73,796 ----a-w C:\WINDOWS\system32\usrprbda.exe
- 2001-10-26 19:03:24 69,700 ----a-w C:\WINDOWS\system32\usrshuta.exe
+ 2001-10-26 19:03:24 114,756 ----a-w C:\WINDOWS\system32\usrshuta.exe
- 2001-10-26 18:30:04 102,400 ----a-w C:\WINDOWS\system32\verifier.exe
+ 2001-10-26 18:30:04 113,664 ----a-w C:\WINDOWS\system32\verifier.exe
- 2001-10-26 18:30:04 33,792 ----a-w C:\WINDOWS\system32\vssadmin.exe
+ 2001-10-26 18:30:04 45,056 ----a-w C:\WINDOWS\system32\vssadmin.exe
- 2004-08-03 22:44:30 291,840 ----a-w C:\WINDOWS\system32\vssvc.exe
+ 2004-08-03 22:44:30 303,104 ----a-w C:\WINDOWS\system32\vssvc.exe
- 2001-10-26 18:30:06 51,200 ----a-w C:\WINDOWS\system32\w32tm.exe
+ 2001-10-26 18:30:06 95,232 ----a-w C:\WINDOWS\system32\w32tm.exe
- 2001-10-26 18:30:06 13,824 ----a-w C:\WINDOWS\system32\wbem\winmgmt.exe
+ 2001-10-26 18:30:06 25,088 ----a-w C:\WINDOWS\system32\wbem\winmgmt.exe
- 2004-08-03 22:44:30 66,048 ----a-w C:\WINDOWS\system32\wextract.exe
+ 2004-08-03 22:44:30 142,848 ----a-w C:\WINDOWS\system32\wextract.exe
- 2001-10-26 18:30:06 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe
+ 2001-10-26 18:30:06 52,224 ----a-w C:\WINDOWS\system32\winhlp32.exe
- 2001-10-26 18:30:06 11,776 ----a-w C:\WINDOWS\system32\winmsd.exe
+ 2001-10-26 18:30:06 23,040 ----a-w C:\WINDOWS\system32\winmsd.exe
- 2004-08-03 22:44:30 5,632 ----a-w C:\WINDOWS\system32\winver.exe
+ 2004-08-03 22:44:30 50,176 ----a-w C:\WINDOWS\system32\winver.exe
- 2004-08-03 22:44:30 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe
+ 2004-08-03 22:44:30 43,520 ----a-w C:\WINDOWS\system32\wpabaln.exe
- 2004-08-03 22:44:30 32,768 ----a-w C:\WINDOWS\system32\wpnpinst.exe
+ 2004-08-03 22:44:30 44,032 ----a-w C:\WINDOWS\system32\wpnpinst.exe
- 2001-10-26 18:30:06 5,632 ----a-w C:\WINDOWS\system32\write.exe
+ 2001-10-26 18:30:06 49,664 ----a-w C:\WINDOWS\system32\write.exe
- 2004-08-03 22:44:30 114,688 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2004-08-03 22:44:30 159,744 ----a-w C:\WINDOWS\system32\wscript.exe
- 2004-08-03 22:44:30 168,960 ----a-w C:\WINDOWS\system32\wuauclt1.exe
+ 2004-08-03 22:44:30 180,224 ----a-w C:\WINDOWS\system32\wuauclt1.exe
- 2004-08-03 22:44:30 30,720 ----a-w C:\WINDOWS\system32\xcopy.exe
+ 2004-08-03 22:44:30 41,984 ----a-w C:\WINDOWS\system32\xcopy.exe
- 2001-10-26 18:30:02 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE
+ 2001-10-26 18:30:02 26,624 ----a-w C:\WINDOWS\TASKMAN.EXE
- 2001-10-26 18:30:04 25,600 ----a-w C:\WINDOWS\twunk_32.exe
+ 2001-10-26 18:30:04 36,864 ----a-w C:\WINDOWS\twunk_32.exe
- 2000-08-31 06:00:00 65,092 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
- 2004-08-03 22:44:30 285,696 ----a-w C:\WINDOWS\winhlp32.exe
+ 2004-08-03 22:44:30 296,960 ----a-w C:\WINDOWS\winhlp32.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{695B6A28-181B-4CB0-A6D2-A38CAFEE6F15}]
2007-10-16 13:41 93184 --a------ C:\WINDOWS\system32\ativcox.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88A967BF-1675-41D1-B3C7-711556B90FC4}]
2007-10-16 13:41 93184 --a------ C:\WINDOWS\system32\ativcox.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 26624]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-11-14 11:12 1849032]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 976384]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-07-17 15:50 2599224]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1678848]
"IPLA!"="C:\Program Files\ipla\ipla.exe" [2008-09-19 19:25 2438392]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 49263]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-08-03 09:12 2879510]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 167936]
"rs32net"="C:\WINDOWS\System32\rs32net.exe" [2008-09-24 19:33 164864]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16244224 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 26624]

C:\Documents and Settings\Konrad\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-09-19 19:28:20 624416]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-06 19:08:23 974949]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.avis"= ff_acm.acm
"VIDC.VP40"= vp4vfw.dll
"vidc.X264"= x264vfw.dll
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.YV12"= yv12vfw.dll
"VIDC.MSUD"= msulvc05.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7bqxx.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"D:\\MuOnline\\KLIENT 97D\\Mu Trilogy\\Launcher.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"D:\\Nowy folder\\Mupie\\1hh\\MuPie X.exe"=
"C:\\WINDOWS\\system32\\regsvr32.exe"=
"C:\\WINDOWS\\explorer.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"= C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22243:TCP"= 22243:TCP:BitComet 22243 TCP
"22243:UDP"= 22243:UDP:BitComet 22243 UDP

R0 ati7bqxx;ati7bqxx;C:\WINDOWS\system32\Drivers\ati7bqxx.sys [2008-09-24 20:47]
R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 11:04]
S2 BITSdmserver;Usługa inteligentnego transferu w tle BITSdmserver;C:\WINDOWS\system32\17.tmp [2008-09-24 20:49]
S2 lanmanworkstationThemes;Stacja robocza lanmanworkstationThemes;C:\WINDOWS\system32\F7.tmp []
S2 oruvrqro;oruvrqro;C:\WINDOWS\system32\drivers\oruvrqro.sys [2008-09-24 20:49]
S2 WZCSVCShellHWDetection;Konfiguracja zerowej sieci bezprzewodowej WZCSVCShellHWDetection;C:\WINDOWS\system32\6to4svca.exe [2008-09-24 19:10]

*Newly Created Service* - JPSMPDUGQMGM
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{EA3775F2-28BE-11D3-9C8D-00105A24ED29} - C:\WINDOWS\temp\IcnOvrly.dll
HKCU-Run-WhenUSave - C:\Program Files\Save\Save.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Konrad\Dane aplikacji\Mozilla\Firefox\Profiles\8rvgx3hs.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 20:52:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\lysfpeoin.sys 30976 bytes executable
C:\WINDOWS\system32\drivers\mzkwvyjn.sys 179200 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adiusbaw]
"ImagePath"="system32\DRIVERS\adiusbaw.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jpsmpdugqmgm]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\lysfpeoin.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mzkwvyjn]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\mzkwvyjn.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITSdmserver]
"ImagePath"="C:\WINDOWS\system32\17.tmp srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationThemes]
"ImagePath"="C:\WINDOWS\system32\F7.tmp srv"
.
Completion time: 2008-09-24 20:52:55
ComboFix-quarantined-files.txt 2008-09-24 18:52:49
ComboFix2.txt 2008-09-24 18:38:22
ComboFix3.txt 2008-09-12 14:49:19
ComboFix4.txt 2008-09-11 18:04:17

Pre-Run: 24,770,080,768 bajtów wolnych
Post-Run: 24,761,180,160 bajtów wolnych

841

logi z HiJackThis juz sie nie mieszcza:/
prosze o pomoc

**Posty:** 18165 · przez **wojtas** 24 Wrz 2008, 21:29

zmien na taki code i daj log z hijacka

**Posty:** 175 · przez **McLeo** 24 Wrz 2008, 21:30

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:33, on 2008-09-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2E029BAB-7667-41D0-9598-B4002371466E} - C:\WINDOWS\system32\ativcox.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: (no name) - {542D26F2-3613-4857-A8E5-0301DF422462} - C:\WINDOWS\system32\atiiiex.dll
O2 - BHO: (no name) - {695B6A28-181B-4CB0-A6D2-A38CAFEE6F15} - C:\WINDOWS\system32\ativcox.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {88A967BF-1675-41D1-B3C7-711556B90FC4} - C:\WINDOWS\system32\ativcox.dll (file missing)
O2 - BHO: (no name) - {D9A73C37-A253-4814-B178-DF07242751E3} - C:\WINDOWS\system32\atiiiex.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0FEB230-D879-4FCB-A2CA-44BDBA284AD5}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Usługa inteligentnego transferu w tle BITSdmserver (BITSdmserver) - Unknown owner - C:\WINDOWS\system32\17.tmp.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Stacja robocza lanmanworkstationThemes (lanmanworkstationThemes) - Unknown owner - C:\WINDOWS\system32\F7.tmp.exe (file missing)
O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego SharedAccesslanmanserver (SharedAccesslanmanserver) - Unknown owner - C:\WINDOWS\system32\2A.tmp.exe (file missing)
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej WZCSVCShellHWDetection (WZCSVCShellHWDetection) - Unknown owner - C:\WINDOWS\system32\6to4svca.exe

--
End of file - 6214 bytes

Dodano 24.09.2008 20:31:36:

**Posty:** 18165 · przez **wojtas** 24 Wrz 2008, 21:41

proponuje zaczac:

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 175 · przez **McLeo** 24 Wrz 2008, 21:58

sdfix:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.206 [/b] Run by Konrad on 2008-09-24 at 21:47 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\system32\22.tmp - Deleted C:\WINDOWS\system32\29.tmp - Deleted C:\WINDOWS\system32\11.tmp - Deleted C:\WINDOWS\system32\18.tmp - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 21:50:11 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex\Catalogs\System] "Location"="C:\System Volume Information" "IsIndexingW3Svc"=dword:00000000 "IsIndexingNNTPSvc"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Abiosdsk] "ErrorControl"=dword:00000000 "Group"="Primary disk" "Start"=dword:00000004 "Tag"=dword:00000003 "Type"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adiusbaw] "Type"=dword:00000001 "Start"=dword:00000003 "ErrorControl"=dword:00000001 "Tag"=dword:0000000d "ImagePath"=str(2):"system32\DRIVERS\adiusbaw.sys" "DisplayName"="USB ADSL WAN Adapter" "Group"="NDIS" "TextModeFlags"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abiosdsk] "EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adiusbaw] "EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide] "EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport] "EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus] "Type"=dword:00000001 "Start"=dword:00000003 "ErrorControl"=dword:00000001 "Tag"=dword:00000007 "ImagePath"=str(2):"system32\DRIVERS\HDAudBus.sys" "DisplayName"="Microsoft UAA Bus Driver for High Definition Audio" "Group"="Extended Base" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntelIde] "ErrorControl"=dword:00000001 "Group"="System Bus Extender" "Start"=dword:00000004 "Tag"=dword:00000004 "Type"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JFZVZVRN] "Type"=dword:00000001 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\JFZVZVRN.sys" "DisplayName"="JFZVZVRN" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JFZVZVRN\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jpsmpdugqmgm] "Type"=dword:00000001 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\lysfpeoin.sys" "DisplayName"="jpsmpdugqmgm" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jpsmpdugqmgm\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport] "Type"=dword:00000001 "Start"=dword:00000003 "ErrorControl"=dword:00000001 "ImagePath"=str(2):"system32\DRIVERS\raspptp.sys" "DisplayName"="WAN Miniport (PPTP)" "Description"="WAN Miniport (PPTP)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ContentIndex\Catalogs\System] "Location"="C:\System Volume Information" "IsIndexingW3Svc"=dword:00000000 "IsIndexingNNTPSvc"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Abiosdsk] "ErrorControl"=dword:00000000 "Group"="Primary disk" "Start"=dword:00000004 "Tag"=dword:00000003 "Type"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\adiusbaw] "Type"=dword:00000001 "Start"=dword:00000003 "ErrorControl"=dword:00000001 "Tag"=dword:0000000d "ImagePath"=str(2):"system32\DRIVERS\adiusbaw.sys" "DisplayName"="USB ADSL WAN Adapter" "Group"="NDIS" "TextModeFlags"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\abiosdsk] "EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\adiusbaw] "EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\intelide] "EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\PptpMiniport] "EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HDAudBus] "Type"=dword:00000001 "Start"=dword:00000003 "ErrorControl"=dword:00000001 "Tag"=dword:00000007 "ImagePath"=str(2):"system32\DRIVERS\HDAudBus.sys" "DisplayName"="Microsoft UAA Bus Driver for High Definition Audio" "Group"="Extended Base" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IntelIde] "ErrorControl"=dword:00000001 "Group"="System Bus Extender" "Start"=dword:00000004 "Tag"=dword:00000004 "Type"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\JFZVZVRN] "Type"=dword:00000001 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\JFZVZVRN.sys" "DisplayName"="JFZVZVRN" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\JFZVZVRN\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PptpMiniport] "Type"=dword:00000001 "Start"=dword:00000003 "ErrorControl"=dword:00000001 "ImagePath"=str(2):"system32\DRIVERS\raspptp.sys" "DisplayName"="WAN Miniport (PPTP)" "Description"="WAN Miniport (PPTP)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PptpMiniport\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2] scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\DeluxeCD\Providers] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuRun] "Type"="checkbox" "Text"="@shell32.dll,-30474" "HKeyRoot"=dword:80000001 "RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "ValueName"="StartMenuRun" "CheckedValue"=dword:00000001 "UncheckedValue"=dword:00000000 "DefaultValue"=dword:00000001 "HelpID"="windows.hlp#51142" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowPrinters] "Type"="checkbox" "Text"="@shell32.dll,-30493" "HKeyRoot"=dword:80000001 "RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "ValueName"="Start_ShowPrinters" "CheckedValue"=dword:00000001 "UncheckedValue"=dword:00000000 "DefaultValue"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\AUTOMATIC_ACTIVEX_UI\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2201" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\BBHVR\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2000" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\DOWNLOAD\AUTOMATIC_DOWNLOAD_UI\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2200" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\JAVAPER\JAVA\DISABLE] "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA] "Type"="group" "Text"="PrzesyBanie niezaszyfrowanych danych formularza" "PlugUIText"="@inetcplc.dll,-4797" "Bitmap"="C:\WINDOWS\system32\inetcpl.cpl,4443" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA\ALLOW] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WBcz" "PlugUIText"="@inetcplc.dll,-4803" "ValueName"="1601" "CheckedValue"=dword:00000000 "DefaultValue"=dword:00000003 "Mask"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA\DENY] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="1601" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "Mask"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA\QUERY] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Monituj" "PlugUIText"="@inetcplc.dll,-4804" "ValueName"="1601" "CheckedValue"=dword:00000001 "DefaultValue"=dword:00000003 "Mask"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\MIME_SNIFFING\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2100" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\RESTRICTED_PROTOCOLS\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2300" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\WINDOW_RESTRICTIONS\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2102" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\ZONE_ELEVATION\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2101" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\AUTOMATIC_ACTIVEX_UI\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2201" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\BBHVR\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2000" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\DOWNLOAD\AUTOMATIC_DOWNLOAD_UI\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2200" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\JAVAPER\JAVA\DISABLE] "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz Java" "PlugUIText"="@inetcplc.dll,-4818" "ValueName"="1C00" "CheckedValue"=dword:00000000 "DefaultValue"=dword:00000000 "HKeyRoot"=dword:80000002 "HelpID"="iexplore.hlp#50241" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA] "Type"="group" "Text"="PrzesyBanie niezaszyfrowanych danych formularza" "PlugUIText"="@inetcplc.dll,-4797" "Bitmap"="C:\WINDOWS\system32\inetcpl.cpl,4443" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA\ALLOW] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WBcz" "PlugUIText"="@inetcplc.dll,-4803" "ValueName"="1601" "CheckedValue"=dword:00000000 "DefaultValue"=dword:00000003 "HKeyRoot"=dword:80000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA\DENY] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="1601" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "HKeyRoot"=dword:80000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA\QUERY] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Monituj" "PlugUIText"="@inetcplc.dll,-4804" "ValueName"="1601" "CheckedValue"=dword:00000001 "DefaultValue"=dword:00000003 "HKeyRoot"=dword:80000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\MIME_SNIFFING\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2100" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\RESTRICTED_PROTOCOLS\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2300" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\WINDOW_RESTRICTIONS\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2102" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\ZONE_ELEVATION\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="WyBcz" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2101" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz] "Last used time"=hex(0):50,4a,07,30,f8,06,c9,01 "Days between clean up"=dword:0000003c scanning hidden files ... C:\WINDOWS\system32\drivers\JFZVZVRN.sys 177664 bytes executable C:\WINDOWS\system32\drivers\lysfpeoin.sys 30976 bytes executable scan completed successfully hidden processes: 0 hidden services: 5 hidden files: 2 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Windows Update" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Windows Update" "D:\\MuOnline\\KLIENT 97D\\Mu Trilogy\\Launcher.exe"="D:\\MuOnline\\KLIENT 97D\\Mu Trilogy\\Launcher.exe:*:Enabled:ST anticheat launcher" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client" "D:\\Nowy folder\\Mupie\\1hh\\MuPie X.exe"="D:\\Nowy folder\\Mupie\\1hh\\MuPie X.exe:*:Enabled: " "C:\\WINDOWS\\system32\\regsvr32.exe"="C:\\WINDOWS\\system32\\regsvr32.exe:*:Enabled:Windows Update" "C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:Windows Update" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Windows Update" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Windows Update" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 24 Sep 2008 20,480 A.SH. --- "C:\WINDOWS\system32\1028p.dll" Wed 24 Sep 2008 23,040 A.SH. --- "C:\WINDOWS\system32\2052b.dll" Wed 24 Sep 2008 81,920 A.SHR --- "C:\WINDOWS\system32\6to4svca.exe" Wed 24 Sep 2008 23,552 A.SH. --- "C:\WINDOWS\system32\adadix2kp.dll" Tue 9 Sep 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" [b]Finished![/b]

combofix:

Kod: Zaznacz wszystko: ComboFix 08-08-31.01 - Konrad 2008-09-24 21:52:22.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1587 [GMT 2:00] Running from: D:\Nowy folder (3)\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 ))))))))))))))))))))))))))))))) . 2008-09-24 21:35 . 2004-08-04 00:43 93,184 --a------ C:\WINDOWS\system32\cabine.dll 2008-09-24 21:35 . 2008-09-24 21:35 49,664 --a------ C:\28.tmp 2008-09-24 21:17 . 2008-09-24 21:17 49,664 --a------ C:\17.tmp 2008-09-24 20:53 . 2007-10-16 13:40 93,184 --a------ C:\WINDOWS\system32\atiiiex.dll 2008-09-24 20:53 . 2008-09-24 20:53 49,664 --a------ C:\2D.tmp 2008-09-24 20:48 . 2008-09-24 20:48 49,183 --a------ C:\WINDOWS\system32\drivers\str.sys 2008-09-24 19:34 . 2008-09-24 21:16 32,256 --a------ C:\WINDOWS\system32\drivers\ati7bqxx.sys 2008-09-24 19:33 . 2001-10-26 20:27 93,184 --a------ C:\WINDOWS\system32\comca.dll 2008-09-24 19:33 . 2008-09-24 19:33 49,664 --a------ C:\127.tmp 2008-09-24 19:12 . 2008-09-24 19:12 23,552 --ahs---- C:\WINDOWS\system32\adadix2kp.dll 2008-09-24 19:12 . 2008-09-24 19:12 23,040 --ahs---- C:\WINDOWS\system32\2052b.dll 2008-09-24 19:12 . 2008-09-24 19:12 20,480 --ahs---- C:\WINDOWS\system32\1028p.dll 2008-09-24 19:11 . 2008-09-24 19:10 81,920 -rahs---- C:\WINDOWS\system32\6to4svca.exe 2008-09-24 19:09 . 2008-09-24 19:09 49,664 --a------ C:\FA.tmp 2008-09-24 19:09 . 2008-09-24 21:17 22,528 --a------ C:\WINDOWS\system32\rs32net.exe 2008-09-24 19:09 . 2008-09-24 19:42 636 --a-s---- C:\WINDOWS\system32\2470109395.dat 2008-09-24 19:09 . 2008-09-24 19:09 184 --a------ C:\WINDOWS\system32\F4.tmp 2008-09-24 19:09 . 2008-09-24 19:09 29 --a------ C:\WINDOWS\system32\wrquspad.tmp 2008-09-24 19:09 . 2008-09-24 19:09 18 --a------ C:\WINDOWS\system32\FB.tmp 2008-09-23 18:36 . 2008-09-23 18:36 <DIR> d-------- C:\Program Files\thriXXX 2008-09-20 17:04 . 2008-09-20 17:04 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\Hamachi 2008-09-19 19:28 . 2008-09-19 19:28 <DIR> d-------- C:\Program Files\Hamachi 2008-09-19 19:28 . 2008-09-24 21:51 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Hamachi 2008-09-19 19:28 . 2008-09-19 19:28 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-09-18 19:44 . 2008-09-24 08:16 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-09-18 17:12 . 2008-09-18 17:12 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-09-18 17:12 . 2008-09-22 17:57 <DIR> d-------- C:\Program Files\AskTBar 2008-09-18 17:12 . 2008-09-18 17:12 <DIR> d-------- C:\Program Files\Ahead 2008-09-18 17:12 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2008-09-18 17:12 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2008-09-18 17:12 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2008-09-18 17:12 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2008-09-18 17:12 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2008-09-18 17:12 . 2006-01-12 16:40 167,936 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-09-18 17:12 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2008-09-18 17:12 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-09-18 17:12 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-09-18 13:35 . 2008-09-18 13:35 <DIR> d---s---- C:\Documents and Settings\Konrad\UserData 2008-09-15 17:38 . 2008-09-21 18:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-09-14 20:50 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-09-14 20:50 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-09-14 20:04 . 2008-09-14 20:04 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\Media Player Classic 2008-09-14 17:54 . 2008-09-14 17:54 <DIR> d-------- C:\Program Files\ipla 2008-09-14 17:54 . 2008-09-14 17:54 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\ipla 2008-09-14 17:54 . 2008-09-23 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ipla 2008-09-14 15:21 . 2008-09-14 15:21 <DIR> d-------- C:\WINDOWS\Sun 2008-09-13 19:17 . 2008-09-13 20:45 <DIR> d-------- C:\Games 2008-09-13 19:13 . 2008-09-24 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan 2008-09-13 19:12 . 2008-09-13 19:13 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-09-13 16:37 . 2008-09-13 16:37 <DIR> d-------- C:\WINDOWS\system32\languages 2008-09-13 16:37 . 2008-09-13 16:41 <DIR> d-------- C:\Program Files\Codec Pack - All In 1 2008-09-13 16:32 . 2008-09-13 16:32 <DIR> d-------- C:\Program Files\ffdshow 2008-09-13 16:32 . 2006-12-10 23:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-09-13 16:32 . 2006-12-10 23:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-09-13 16:32 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2008-09-13 16:32 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-09-13 16:32 . 2008-06-12 20:37 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm 2008-09-13 16:32 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-09-13 16:27 . 2008-09-13 16:41 847,872 --a------ C:\WINDOWS\iun6002.exe 2008-09-13 13:33 . 2008-09-13 13:33 <DIR> d-------- C:\Program Files\FLVPlayer 2008-09-12 21:55 . 2008-09-12 21:55 <DIR> d-------- C:\Logs 2008-09-12 16:38 . 2008-09-12 16:38 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-11 20:08 . 2008-09-11 20:08 <DIR> d-------- C:\WINDOWS\ERUNT 2008-09-11 19:55 . 2008-09-24 21:52 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-09-11 19:55 . 2008-09-06 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione 2008-09-11 19:55 . 2008-09-06 18:50 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony 2008-09-11 19:55 . 2008-09-06 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit 2008-09-11 19:55 . 2008-09-06 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2008-09-11 19:55 . 2008-09-06 20:30 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-09-11 19:55 . 2008-09-06 20:30 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2008-09-11 19:55 . 2008-09-11 19:55 <DIR> d-------- C:\Documents and Settings\Administrator 2008-09-11 19:52 . 2008-09-24 21:50 <DIR> d-------- C:\SDFix 2008-09-11 15:56 . 2008-09-11 15:56 80,059 --a------ C:\WINDOWS\RGI3.tmp 2008-09-11 15:56 . 2008-09-11 15:56 80,059 --a------ C:\WINDOWS\RGI2.tmp 2008-09-11 15:56 . 2008-09-11 15:56 80,059 --a------ C:\WINDOWS\RGI1.tmp 2008-09-11 15:15 . 2008-09-11 15:15 <DIR> d-------- C:\Program Files\Bonjour 2008-09-11 15:09 . 2008-09-11 15:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-09-11 14:52 . 2008-09-11 16:00 1,193,596 ---hs---- C:\WINDOWS\system32\obgrejvc.ini 2008-09-11 14:45 . 2008-09-11 14:45 140,800 --a------ C:\ombos.exe 2008-09-11 14:45 . 2008-09-11 14:45 78,848 --a------ C:\hcsu.exe 2008-09-11 14:42 . 2008-09-11 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2008-09-11 12:19 . 2008-09-11 12:19 <DIR> d-------- C:\Program Files\FM Modifier 2.1 2008-09-11 12:19 . 2008-09-11 12:19 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\Sports Interactive 2008-09-10 17:18 . 2008-09-10 17:56 <DIR> d-------- C:\Program Files\DAP 2008-09-10 17:18 . 2008-09-10 17:18 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx 2008-09-10 17:18 . 2008-09-10 17:18 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx 2008-09-10 17:18 . 2008-09-10 17:18 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2008-09-10 14:56 . 2008-09-10 14:56 <DIR> d-------- C:\Program Files\Ray Adams 2008-09-10 14:56 . 2008-09-10 14:56 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\atitray 2008-09-09 20:16 . 2008-09-09 20:16 <DIR> d-------- C:\Program Files\BitComet 2008-09-09 20:16 . 2008-09-09 20:16 <DIR> d-------- C:\Downloads 2008-09-09 15:57 . 2008-09-09 15:57 <DIR> d-------- C:\Program Files\Ares 2008-09-08 19:05 . 2008-09-11 15:15 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-09-08 19:04 . 2008-09-08 19:04 <DIR> d-------- C:\WINDOWS\Cache 2008-09-07 21:37 . 2008-09-07 21:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-09-07 21:21 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-09-07 21:21 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-09-07 21:21 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-09-07 21:21 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-09-07 16:12 . 2008-09-07 16:12 <DIR> d-------- C:\Documents and Settings\Konrad\Dane aplikacji\Media Player Classic 2008-09-07 14:16 . 2008-09-07 14:21 <DIR> d-------- C:\Program Files\n-k_masz_wiadomosc 2008-09-07 11:42 . 2008-09-13 16:36 <DIR> d-------- C:\Program Files\Real Alternative 2008-09-07 09:32 . 2008-09-21 18:32 <DIR> d-------- C:\Documents and Settings\Konrad\Gadu-Gadu 2008-09-07 09:21 . 2008-09-24 20:38 <DIR> d--h----- C:\Documents and Settings\Konrad\Ustawienia lokalne 2008-09-07 09:21 . 2008-09-24 19:10 <DIR> dr------- C:\Documents and Settings\Konrad\Ulubione 2008-09-07 09:21 . 2008-09-06 18:50 <DIR> d--h----- C:\Documents and Settings\Konrad\Szablony 2008-09-07 09:21 . 2008-09-24 21:52 <DIR> d-------- C:\Documents and Settings\Konrad\Pulpit 2008-09-07 09:21 . 2008-09-24 19:10 <DIR> dr------- C:\Documents and Settings\Konrad\Moje dokumenty 2008-09-07 09:21 . 2008-09-06 20:30 <DIR> dr------- C:\Documents and Settings\Konrad\Menu Start 2008-09-07 09:21 . 2008-09-19 19:28 <DIR> dr-h----- C:\Documents and Settings\Konrad\Dane aplikacji 2008-09-07 09:21 . 2008-09-24 20:15 <DIR> d-------- C:\Documents and Settings\Konrad 2008-09-07 09:21 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-09-06 19:51 . 2008-09-06 19:51 1,160 --a------ C:\WINDOWS\mozver.dat 2008-09-06 19:37 . 2008-09-17 19:28 <DIR> d-------- C:\Program Files\eMule 2008-09-06 19:36 . 2008-09-06 19:36 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-09-06 19:36 . 2008-09-06 19:36 <DIR> d-------- C:\Program Files\AVSMedia 2008-09-06 19:34 . 2008-09-06 19:35 <DIR> d-------- C:\Program Files\Winamp 2008-09-06 19:33 . 2008-09-19 08:09 <DIR> d-------- C:\Program Files\CDex_150 2008-09-06 19:29 . 2008-09-06 19:29 <DIR> d-------- C:\Program Files\Lavalys 2008-09-06 19:26 . 2008-09-06 19:26 0 --a------ C:\WINDOWS\nsreg.dat 2008-09-06 19:17 . 2008-09-18 17:10 <DIR> d-------- C:\totalcmd 2008-09-06 19:17 . 2008-09-24 20:46 <DIR> d-------- C:\Documents and Settings\Norbert\Dane aplikacji\Skype 2008-09-06 19:17 . 2003-02-18 05:51 545 --a------ C:\WINDOWS\UC.PIF 2008-09-06 19:17 . 2003-02-18 05:51 545 --a------ C:\WINDOWS\RAR.PIF 2008-09-06 19:17 . 2003-02-18 05:51 545 --a------ C:\WINDOWS\PKZIP.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 17:08 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-09-06 17:01 327,680 ----a-w C:\WINDOWS\HideWin.exe 2008-09-06 17:00 15,600 ----a-w C:\WINDOWS\gdrv.sys 2008-09-06 16:58 --------- d-----w C:\Program Files\Yahoo! 2008-09-06 16:58 --------- d-----w C:\Program Files\Intel 2008-09-06 16:53 --------- d-----w C:\Program Files\microsoft frontpage 2008-09-06 16:52 --------- d-----w C:\Program Files\Usługi online . ------- Sigcheck ------- 2004-08-04 00:44 58368 dd45b05a319d317537d94817f8589793 C:\WINDOWS\system32\svchost.exe 2004-08-04 00:44 58368 7470ce72893f52f7a32cc10ee20331b3 C:\WINDOWS\system32\dllcache\svchost.exe 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys 2004-08-04 00:44 1077760 9450f59dab562fc8d4cbd922cae13250 C:\WINDOWS\explorer.exe 2004-08-04 00:44 1077760 62b55fac421714cd2d3947e6d4e2b7af C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-04 00:44 26624 d9d7b9d8b0b0c8d614afab3d5661201a C:\WINDOWS\system32\ctfmon.exe 2004-08-04 00:44 26624 485b51af56cd0357393cfefa7ad26968 C:\WINDOWS\system32\dllcache\ctfmon.exe 2004-08-04 00:44 167424 2b1cfc1bcbf4032f8173c0e2805db0f8 C:\WINDOWS\system32\spoolsv.exe 2004-08-04 00:44 69120 71ec3753d00bb7e0f4446f596d9ed1d7 C:\WINDOWS\system32\dllcache\spoolsv.exe 2004-08-04 00:44 156160 5d603a87821abb2165e4409c7c7e45ad C:\WINDOWS\system32\wuauclt.exe 2004-08-04 00:44 123392 7516dd0b456ad7a411fedbca9b8b1c26 C:\WINDOWS\system32\dllcache\wuauclt.exe 2004-08-04 00:44 36352 f93fb4bfaae8a81b3989583f0652f346 C:\WINDOWS\system32\userinit.exe 2004-08-04 00:44 36352 6b684540f75121e222b9035f31fa18ac C:\WINDOWS\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( snapshot_2008-09-24_20.52.38.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-17 10:57:07 178,176 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-07-17 10:57:07 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE - 2008-09-24 18:39:12 475,136 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-09-24 19:45:57 3,420,160 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-09-24 18:39:12 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-09-24 19:45:57 98,304 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat - 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 107,520 ----a-w C:\WINDOWS\Nircmd.exe - 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe + 2000-08-31 06:00:00 143,360 ----a-w C:\WINDOWS\sed.exe - 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe + 2000-08-31 06:00:00 173,568 ----a-w C:\WINDOWS\swreg.exe - 2008-09-24 18:48:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-09-24 19:49:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-09-24 19:16:51 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Internet Explorer\MSIMGSIZ.DAT - 2008-09-24 18:48:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2008-09-24 19:49:41 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2008-09-24 18:47:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008092420080925\index.dat + 2008-09-24 19:34:08 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008092420080925\index.dat - 2008-09-24 18:48:33 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2008-09-24 19:49:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2004-08-03 22:44:26 464,384 ----a-w C:\WINDOWS\system32\ntvdm.exe + 2004-08-03 22:44:26 497,152 ----a-w C:\WINDOWS\system32\ntvdm.exe - 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe + 2000-08-31 06:00:00 97,860 ----a-w C:\WINDOWS\VFind.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{542D26F2-3613-4857-A8E5-0301DF422462}] 2007-10-16 13:40 93184 --a------ C:\WINDOWS\system32\atiiiex.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9A73C37-A253-4814-B178-DF07242751E3}] 2007-10-16 13:40 93184 --a------ C:\WINDOWS\system32\atiiiex.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD6A053E-5B20-41D2-999E-E3DD1295E083}] 2007-10-16 13:40 93184 --a------ C:\WINDOWS\system32\atiiiex.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Sample Shell Icon Overlay Identifier] @="{EA3775F2-28BE-11D3-9C8D-00105A24ED29}" [HKEY_CLASSES_ROOT\CLSID\{EA3775F2-28BE-11D3-9C8D-00105A24ED29}] C:\WINDOWS\temp\IcnOvrly.dll [BU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 26624] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-11-14 11:12 1849032] "ares"="C:\Program Files\Ares\Ares.exe" [2007-05-04 02:32 976384] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-07-17 15:50 2599224] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1678848] "IPLA!"="C:\Program Files\ipla\ipla.exe" [2008-09-19 19:25 2438392] "AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 49263] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 167936] "rs32net"="C:\WINDOWS\System32\rs32net.exe" [2008-09-24 21:17 22528] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16244224 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 26624] C:\Documents and Settings\Konrad\Menu Start\Programy\Autostart\ hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-09-19 19:28:20 624416] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-06 19:08:23 974949] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.avis"= ff_acm.acm "VIDC.VP40"= vp4vfw.dll "vidc.X264"= x264vfw.dll "VIDC.DRAW"= DVIDEO.DLL "VIDC.YV12"= yv12vfw.dll "VIDC.MSUD"= msulvc05.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7bqxx.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\DAP\\DAP.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\WINDOWS\\system32\\winver.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "D:\\MuOnline\\KLIENT 97D\\Mu Trilogy\\Launcher.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "D:\\Nowy folder\\Mupie\\1hh\\MuPie X.exe"= "C:\\WINDOWS\\system32\\regsvr32.exe"= "C:\\WINDOWS\\explorer.exe"= C:\\WINDOWS\\Explorer.EXE "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22243:TCP"= 22243:TCP:BitComet 22243 TCP "22243:UDP"= 22243:UDP:BitComet 22243 UDP R0 ati7bqxx;ati7bqxx;C:\WINDOWS\system32\Drivers\ati7bqxx.sys [2008-09-24 21:16] R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 11:04] S2 BITSdmserver;Usługa inteligentnego transferu w tle BITSdmserver;C:\WINDOWS\system32\17.tmp [] S2 lanmanworkstationThemes;Stacja robocza lanmanworkstationThemes;C:\WINDOWS\system32\F7.tmp [] S2 SharedAccesslanmanserver;Zapora systemu Windows/Udostępnianie połączenia internetowego SharedAccesslanmanserver;C:\WINDOWS\system32\2A.tmp [] S2 WZCSVCShellHWDetection;Konfiguracja zerowej sieci bezprzewodowej WZCSVCShellHWDetection;C:\WINDOWS\system32\6to4svca.exe [2008-09-24 19:10] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{2E029BAB-7667-41D0-9598-B4002371466E} - C:\WINDOWS\system32\ativcox.dll BHO-{695B6A28-181B-4CB0-A6D2-A38CAFEE6F15} - C:\WINDOWS\system32\ativcox.dll BHO-{88A967BF-1675-41D1-B3C7-711556B90FC4} - C:\WINDOWS\system32\ativcox.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Konrad\Dane aplikacji\Mozilla\Firefox\Profiles\8rvgx3hs.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 21:52:32 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\JFZVZVRN.sys 177664 bytes executable C:\WINDOWS\system32\drivers\lysfpeoin.sys 30976 bytes executable scan completed successfully hidden files: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk] -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adiusbaw] "ImagePath"="system32\DRIVERS\adiusbaw.sys" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JFZVZVRN] "ImagePath"="\??\C:\WINDOWS\system32\drivers\JFZVZVRN.sys" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITSdmserver] "ImagePath"="C:\WINDOWS\system32\17.tmp srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationThemes] "ImagePath"="C:\WINDOWS\system32\F7.tmp srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccesslanmanserver] "ImagePath"="C:\WINDOWS\system32\2A.tmp srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jpsmpdugqmgm] "ImagePath"="\??\C:\WINDOWS\system32\drivers\lysfpeoin.sys" . Completion time: 2008-09-24 21:53:08 ComboFix-quarantined-files.txt 2008-09-24 19:53:00 ComboFix2.txt 2008-09-24 18:52:56 ComboFix3.txt 2008-09-24 18:38:22 ComboFix4.txt 2008-09-12 14:49:19 ComboFix5.txt 2008-09-24 19:52:15 Pre-Run: 24,554,168,320 bajtów wolnych Post-Run: 24,465,154,048 bajtów wolnych 315

HiJackThis:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:53:56, on 2008-09-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\rs32net.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\ipla\ipla.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: (no name) - {4F92A077-46D4-4BDD-B370-E5AB0E494390} - C:\WINDOWS\system32\atiiiex.dll O2 - BHO: (no name) - {542D26F2-3613-4857-A8E5-0301DF422462} - C:\WINDOWS\system32\atiiiex.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {D9A73C37-A253-4814-B178-DF07242751E3} - C:\WINDOWS\system32\atiiiex.dll O2 - BHO: (no name) - {FD6A053E-5B20-41D2-999E-E3DD1295E083} - C:\WINDOWS\system32\atiiiex.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'SYSTEM') O4 - .DEFAULT Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (User 'Default user') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F0FEB230-D879-4FCB-A2CA-44BDBA284AD5}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Usługa inteligentnego transferu w tle BITSdmserver (BITSdmserver) - Unknown owner - C:\WINDOWS\system32\17.tmp.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Stacja robocza lanmanworkstationThemes (lanmanworkstationThemes) - Unknown owner - C:\WINDOWS\system32\F7.tmp.exe (file missing) O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego SharedAccesslanmanserver (SharedAccesslanmanserver) - Unknown owner - C:\WINDOWS\system32\2A.tmp.exe (file missing) O23 - Service: Konfiguracja zerowej sieci bezprzewodowej WZCSVCShellHWDetection (WZCSVCShellHWDetection) - Unknown owner - C:\WINDOWS\system32\6to4svca.exe -- End of file - 6362 bytes

**Posty:** 7956 · przez **Magik** 24 Wrz 2008, 23:17

na fix w HJT w trybie awaryjnym

Kod: Zaznacz wszystko: C:\WINDOWS\System32\rs32net.exe O2 - BHO: (no name) - {4F92A077-46D4-4BDD-B370-E5AB0E494390} - C:\WINDOWS\system32\atiiiex.dll O2 - BHO: (no name) - {542D26F2-3613-4857-A8E5-0301DF422462} - C:\WINDOWS\system32\atiiiex.dll O2 - BHO: (no name) - {D9A73C37-A253-4814-B178-DF07242751E3} - C:\WINDOWS\system32\atiiiex.dll O2 - BHO: (no name) - {FD6A053E-5B20-41D2-999E-E3DD1295E083} - C:\WINDOWS\system32\atiiiex.dll O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O23 - Service: Usługa inteligentnego transferu w tle BITSdmserver (BITSdmserver) - Unknown owner - C:\WINDOWS\system32\17.tmp.exe (file missing) O23 - Service: Stacja robocza lanmanworkstationThemes (lanmanworkstationThemes) - Unknown owner - C:\WINDOWS\system32\F7.tmp.exe (file missing) O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego SharedAccesslanmanserver (SharedAccesslanmanserver) - Unknown owner - C:\WINDOWS\system32\2A.tmp.exe (file missing)

wklej do notatnika

Kod: Zaznacz wszystko: FILE:: C:\WINDOWS\system32\cabine.dll C:\28.tmp C:\17.tmp C:\WINDOWS\system32\atiiiex.dll C:\2D.tmp C:\WINDOWS\system32\drivers\str.sys C:\WINDOWS\system32\drivers\ati7bqxx.sys C:\WINDOWS\system32\comca.dll C:\127.tmp C:\WINDOWS\system32\adadix2kp.dll C:\WINDOWS\system32\2052b.dll C:\WINDOWS\system32\1028p.dll C:\WINDOWS\system32\6to4svca.exe C:\FA.tmp C:\WINDOWS\system32\rs32net.exe C:\WINDOWS\system32\F4.tmp C:\WINDOWS\system32\wrquspad.tmp C:\WINDOWS\system32\FB.tmp C:\WINDOWS\RGI3.tmp C:\WINDOWS\RGI2.tmp C:\WINDOWS\RGI1.tmp C:\WINDOWS\system32\obgrejvc.ini C:\ombos.exe C:\hcsu.exe C:\WINDOWS\system32\drivers\lysfpeoin.sys C:\WINDOWS\system32\drivers\JFZVZVRN.sys Driver:: ati7bqxx oruvrqro DirLook:: C:\Program Files\thriXXX

zapisz jako CFScript.txt. Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe i daj nowego loga z combofixa

i odpal
program-szukajacy-trojanow-i-malware-vt97108.html

Duży upload:/

Duży upload:/

Duży upload:/

Duży upload:/

Duży upload:/

Re: duży upload:/

Duży upload:/

Kto jest na forum