sory za pytanie, ale jak włączyć tryb awaryjny ? Jak klikam F8 to nie reaguje, przy starcie systemu też nic nie wyskakuje z pytaniem jak chce go uruchomić
/index.php?showtopic=5075
Przestarzałe tematy dotyczące sprawdzania logów
Rozpoczęty przez
warrez
, 12 01 2007 23:57
-
Temat jest zamknięty
180 odpowiedzi w tym temacie
#101
Trivelt
-
-
- 406 postów
Unix fan
Napisano 19 05 2007 - 18:46
/index.php?showtopic=5075
#102
czikaka
-
-
- 4 postów
Nowy
Napisano 22 05 2007 - 15:26
witam.
jestem swieżo po formacie, i zainstalowalem innego firewall'a (przedtem używałem Kerio, a teraz ZoneAlarm)...
pare godzinek po instalacji systemu ZoneAlarm zaczal informowac mnie ze zablokowal jakies próby poczaczenia z moim kompem z zewnątrz...
Wklejam tutaj 5 okienek ktore mi sie pokazaly...
I teraz pytania;
to byly proby wlamania na mojego PC'ta?
jezeli tak to czy moge dojsc po IP kto to? (w czwartym okienku widac host neostrady)
czy mozliwe jest juz to ze mam jakiegos "szpiega" w kompie?
czym najskuteczniej sprawdzic czy aby na moim HD nie znajduja sie jakies podejrzane pliki etc. ?
cyzm najlepiej sie zabezbieczyc przed takimi sku*wysynami?
pozdrawiam
jestem swieżo po formacie, i zainstalowalem innego firewall'a (przedtem używałem Kerio, a teraz ZoneAlarm)...
pare godzinek po instalacji systemu ZoneAlarm zaczal informowac mnie ze zablokowal jakies próby poczaczenia z moim kompem z zewnątrz...
Wklejam tutaj 5 okienek ktore mi sie pokazaly...
I teraz pytania;
to byly proby wlamania na mojego PC'ta?
jezeli tak to czy moge dojsc po IP kto to? (w czwartym okienku widac host neostrady)
czy mozliwe jest juz to ze mam jakiegos "szpiega" w kompie?
czym najskuteczniej sprawdzic czy aby na moim HD nie znajduja sie jakies podejrzane pliki etc. ?
cyzm najlepiej sie zabezbieczyc przed takimi sku*wysynami?
pozdrawiam
#103
CatchMe
-
-
- 6 postów
Obserwator
Napisano 22 05 2007 - 18:13
Nie ma czym się martwić. Z tego co widać na załączonych obrazkach to ZoneAlarm świetnie sobie radzi z atakami i skutecznie je blokuje.
Dla pewności:
1. Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg
Niestety nie dojdziesz kto robi Tobie takie przykrości
System sprawdzić możemy poprzez logi. Na początek wklej: HijackThis + Silent Runners.
Najlepszym zabezpieczeniem systemu jest zapora (firewall) - w tym przypadku masz bdb, antiwirus, antispyware + ciągłe uaktualnienia z Windows Update.
Dla pewności:
1. Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg
Niestety nie dojdziesz kto robi Tobie takie przykrości
System sprawdzić możemy poprzez logi. Na początek wklej: HijackThis + Silent Runners. Najlepszym zabezpieczeniem systemu jest zapora (firewall) - w tym przypadku masz bdb, antiwirus, antispyware + ciągłe uaktualnienia z Windows Update.
#104
czikaka
-
-
- 4 postów
Nowy
Napisano 22 05 2007 - 21:37
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\c21\Pulpit\bez tytułu.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Startup items in "c21" & "All Users" startup folders:
-----------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 39 seconds.
---------- (total run time: 89 seconds)Logfile of HijackThis v1.99.1
Scan saved at 21:22:11, on 2007-05-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\c21\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
#106
czikaka
-
-
- 4 postów
Nowy
Napisano 22 05 2007 - 21:45
czyste powiadasz, wiec w 100% niemam szpiega na kompie?
#107
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 22 05 2007 - 22:36
Z tych logów tak wynika.
Pokaż log z ComboFix.
Pokaż log z ComboFix.
#108
czikaka
-
-
- 4 postów
Nowy
Napisano 22 05 2007 - 22:53
ComboFix 07-05.21.6.V
"c21" - 2007-05-22 22:50:16 Dodatek Service Pack 2 ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\c21\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 )))))))))))))))))))))))))))))))))) 2007-05-22 17:43 <DIR> d-------- C:\WINDOWS\AM 2007-05-22 17:43 <DIR> d-------- C:\Program Files\AidemMedia 2007-05-22 16:59 <DIR> d---s---- C:\DOCUME~1\c21\UserData 2007-05-22 13:17 <DIR> d-------- C:\Ajt Soft 2007-05-22 11:55 <DIR> d-------- C:\Program Files\Grupa33 2007-05-22 11:41 <DIR> d-------- C:\DOCUME~1\c21\DANEAP~1\Gadu-Gadu 2007-05-22 11:39 <DIR> d-------- C:\Program Files\Gadu-Gadu 2007-05-22 11:39 <DIR> d-------- C:\DOCUME~1\c21\Gadu-Gadu 2007-05-22 10:32 <DIR> d-------- C:\Program Files\foobar2000 2007-05-22 10:32 <DIR> d-------- C:\DOCUME~1\c21\DANEAP~1\foobar2000 2007-05-22 10:25 <DIR> d-------- C:\Program Files\Opera 2007-05-22 10:25 <DIR> d-------- C:\DOCUME~1\c21\DANEAP~1\Opera 2007-05-22 10:19 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-05-22 10:18 75,512 --a------ C:\WINDOWS\zllsputility.exe 2007-05-22 10:18 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-05-22 10:18 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-05-22 10:18 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-05-22 10:17 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-05-22 10:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-05-22 10:12 <DIR> d--hs---- C:\RECYCLER 2007-05-22 10:03 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-05-22 10:03 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-05-22 10:03 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-05-22 10:03 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-05-22 10:03 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-05-22 10:03 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-05-22 10:03 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-05-22 10:02 853,888 -ra------ C:\WINDOWS\system32\drivers\nvmcp.sys 2007-05-22 10:02 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-05-22 10:02 77,824 -ra------ C:\WINDOWS\system32\nvuaudio.exe 2007-05-22 10:02 66,816 -ra------ C:\WINDOWS\system32\drivers\nvarm.sys 2007-05-22 10:02 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-05-22 10:02 6,144 -ra------ C:\WINDOWS\system32\nvack.dll 2007-05-22 10:02 5,120 -ra------ C:\WINDOWS\system32\ALut.dll 2007-05-22 10:02 44,032 -ra------ C:\WINDOWS\system32\OpenAL32.dll 2007-05-22 10:02 44,032 -ra------ C:\WINDOWS\system32\nvopenal.dll 2007-05-22 10:02 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-05-22 10:02 30,208 -ra------ C:\WINDOWS\system32\nvasio.dll 2007-05-22 10:02 29,696 -ra------ C:\WINDOWS\system32\drivers\nvax.sys 2007-05-22 10:02 282,880 -ra------ C:\WINDOWS\system32\drivers\nvapu.sys 2007-05-22 10:02 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-05-22 10:01 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys 2007-05-22 10:01 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-05-22 10:01 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-05-22 10:01 13,568 -ra------ C:\WINDOWS\system32\drivers\nv_agp.SYS 2007-05-22 10:01 126,976 --------- C:\WINDOWS\system32\NVNFINST.DLL 2007-05-22 10:01 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin 2007-05-22 10:01 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin 2007-05-22 02:41 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-05-22 02:40 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-05-22 02:40 3,910,016 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-05-22 02:40 3,199,328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-05-22 02:39 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-05-22 02:38 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-05-22 02:38 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-05-22 02:38 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-05-22 02:38 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-05-22 02:38 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-05-22 02:38 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-05-22 02:38 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-05-22 02:38 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-05-22 02:38 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-05-22 02:38 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-05-22 02:38 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-05-22 02:38 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-05-22 02:38 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-05-22 02:38 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-05-22 02:38 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-05-22 02:38 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-05-22 02:38 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-05-22 02:38 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-05-22 02:38 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-05-22 02:38 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-05-22 02:38 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-05-22 02:38 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-05-22 02:38 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-05-22 02:38 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-05-22 02:38 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-05-22 02:38 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-05-22 02:38 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-05-22 02:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-05-22 02:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-05-22 02:38 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-05-22 02:38 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-05-22 02:38 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-05-22 02:38 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-05-22 02:38 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-05-22 02:38 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-05-22 02:38 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-05-22 02:38 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-05-22 02:38 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-05-22 02:38 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-05-22 02:38 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-05-22 02:38 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-05-22 02:38 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-05-22 02:38 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-05-22 02:38 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-05-22 02:38 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-05-22 02:38 <DIR> dr------- C:\Program Files 2007-05-22 02:38 <DIR> d--hs---- C:\WINDOWS\Installer 2007-05-22 02:38 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines 2007-05-22 02:38 <DIR> d-------- C:\Program Files\Common Files\ODBC 2007-05-22 02:37 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-05-22 02:37 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-05-22 02:37 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-05-22 02:37 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-05-22 02:37 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne 2007-05-22 02:37 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji 2007-05-22 02:37 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji 2007-05-22 02:37 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start 2007-05-22 02:37 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start 2007-05-22 02:37 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty 2007-05-22 02:37 <DIR> d--hs---- C:\System Volume Information 2007-05-22 02:37 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony 2007-05-22 02:37 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony 2007-05-22 02:37 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-05-22 02:37 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-05-22 02:37 <DIR> d-------- C:\Documents and Settings 2007-05-22 02:37 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione 2007-05-22 02:37 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit 2007-05-22 02:37 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty 2007-05-22 02:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione 2007-05-22 02:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit 2007-05-22 02:31 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache 2007-05-22 02:31 <DIR> dr--s---- C:\WINDOWS\Fonts 2007-05-22 02:31 <DIR> dr------- C:\WINDOWS\Web 2007-05-22 02:31 <DIR> d--h----- C:\WINDOWS\inf 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\WinSxS 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\twain_32 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\wins 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\wbem 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\usmt 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\spool 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\ShellExt 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\Setup 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\ras 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\oobe 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\npp 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\mui 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\inetsrv 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\IME 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\icsxml 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\ias 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\export 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\drivers\etc 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\drivers 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\dhcp 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\config 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\3com_dmi 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\3076 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\2052 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\1054 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\1045 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\1042 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\1041 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\1037 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\1033 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\1031 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\1028 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32\1025 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system32 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\system 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\security 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\Resources 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\repair 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\Provisioning 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\PeerNet 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\pchealth 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\mui 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\msapps 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\msagent 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\Media 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\ime 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\Help 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\ehome 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\Driver Cache 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\Debug 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\Cursors 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\Connection Wizard 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\Config 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\AppPatch 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS\addins 2007-05-22 02:31 <DIR> d-------- C:\WINDOWS 2007-05-22 00:56 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-05-22 00:56 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups 2007-05-22 00:56 <DIR> d-------- C:\WINDOWS\nview 2007-05-22 00:55 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2007-05-22 00:55 <DIR> d-------- C:\NVIDIA 2007-05-22 00:54 786,432 --ah----- C:\DOCUME~1\c21\NTUSER.DAT 2007-05-22 00:54 <DIR> dr-h----- C:\DOCUME~1\c21\Dane aplikacji 2007-05-22 00:54 <DIR> dr------- C:\DOCUME~1\c21\Ulubione 2007-05-22 00:54 <DIR> dr------- C:\DOCUME~1\c21\Moje dokumenty 2007-05-22 00:54 <DIR> dr------- C:\DOCUME~1\c21\Menu Start 2007-05-22 00:54 <DIR> d--h----- C:\DOCUME~1\c21\Ustawienia lokalne 2007-05-22 00:54 <DIR> d--h----- C:\DOCUME~1\c21\Szablony 2007-05-22 00:54 <DIR> d-------- C:\DOCUME~1\c21\Pulpit 2007-05-22 00:53 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-05-22 00:53 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Ustawienia lokalne 2007-05-22 00:53 <DIR> d-------- C:\WINDOWS\SoftwareDistribution 2007-05-22 00:53 <DIR> d-------- C:\WINDOWS\Prefetch 2007-05-22 00:53 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dane aplikacji 2007-05-22 00:52 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-05-22 00:52 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Ustawienia lokalne 2007-05-22 00:52 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dane aplikacji 2007-05-22 00:48 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-05-22 00:48 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-05-22 00:48 0 -rahs---- C:\MSDOS.SYS 2007-05-22 00:48 0 -rahs---- C:\IO.SYS 2007-05-22 00:48 0 --a------ C:\CONFIG.SYS 2007-05-22 00:48 0 --a------ C:\AUTOEXEC.BAT 2007-05-22 00:48 <DIR> d-------- C:\WINDOWS\system32\xircom 2007-05-22 00:48 <DIR> d-------- C:\Program Files\microsoft frontpage 2007-05-22 00:47 <DIR> dr------- C:\WINDOWS\Offline Web Pages 2007-05-22 00:47 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM 2007-05-22 00:47 <DIR> d--h----- C:\Program Files\WindowsUpdate 2007-05-22 00:47 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2007-05-22 00:47 <DIR> d-------- C:\Program Files\Usugi online 2007-05-22 00:46 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-05-22 00:46 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-05-22 00:46 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-05-22 00:46 <DIR> d-------- C:\WINDOWS\system32\DirectX 2007-05-22 00:45 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2007-05-22 00:45 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-05-22 00:45 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-05-22 00:45 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-05-22 00:45 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-05-22 00:45 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-05-22 00:45 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-05-22 00:45 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-22 00:45 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-05-22 00:45 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-05-22 00:45 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-05-22 00:45 49,664 --a------ C:\WINDOWS\system32\inetres.dll 2007-05-22 00:45 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-05-22 00:45 431,616 --a------ C:\WINDOWS\system32\wuapi.dll 2007-05-22 00:45 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-05-22 00:45 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-05-22 00:45 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-05-22 00:45 36,864 --a------ C:\WINDOWS\system32\wups.dll 2007-05-22 00:45 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-05-22 00:45 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-05-22 00:45 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-05-22 00:45 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-05-22 00:45 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-05-22 00:45 278,528 --a------ C:\WINDOWS\system32\mstask.dll 2007-05-22 00:45 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-05-22 00:45 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-05-22 00:45 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-05-22 00:45 22,528 --a------ C:\WINDOWS\system32\fltMc.exe 2007-05-22 00:45 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-05-22 00:45 184,320 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-05-22 00:45 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-05-22 00:45 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2007-05-22 00:45 168,960 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-05-22 00:45 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-05-22 00:45 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-05-22 00:45 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2007-05-22 00:45 120,320 --a------ C:\WINDOWS\system32\wuweb.dll 2007-05-22 00:45 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-05-22 00:45 113,664 --a------ C:\WINDOWS\system32\wucltui.dll 2007-05-22 00:45 112,128 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-05-22 00:45 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-05-22 00:45 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-05-22 00:45 <DIR> d---s---- C:\WINDOWS\Tasks 2007-05-22 00:45 <DIR> d-------- C:\WINDOWS\system32\Restore 2007-05-22 00:45 <DIR> d-------- C:\WINDOWS\system32\Macromed 2007-05-22 00:45 <DIR> d-------- C:\WINDOWS\srchasst 2007-05-22 00:45 <DIR> d-------- C:\Program Files\Movie Maker 2007-05-22 00:45 <DIR> d-------- C:\Program Files\Common Files\MSSoap 2007-05-22 00:44 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-05-22 00:44 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-05-22 00:44 <DIR> d-------- C:\WINDOWS\Registration 2007-05-22 00:44 <DIR> d-------- C:\Program Files\MSN Gaming Zone 2007-05-22 00:44 <DIR> d-------- C:\Program Files\Messenger 2007-05-22 00:43 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-05-22 00:43 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-05-22 00:43 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-05-22 00:43 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-05-22 00:43 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-05-22 00:43 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-05-22 00:43 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-05-22 00:43 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-05-22 00:43 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-05-22 00:43 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-05-22 00:43 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-05-22 00:43 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-05-22 00:43 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-05-22 00:43 62,464 --a------ C:\WINDOWS\system32\colbact.dll 2007-05-22 00:43 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-05-22 00:43 60,928 --a------ C:\WINDOWS\system32\remotepg.dll 2007-05-22 00:43 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-05-22 00:43 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-05-22 00:43 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-05-22 00:43 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-05-22 00:43 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-05-22 00:43 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-05-22 00:43 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-05-22 00:43 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-05-22 00:43 539,136 --a------ C:\WINDOWS\system32\spider.exe 2007-05-22 00:43 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-05-22 00:43 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-05-22 00:43 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-05-22 00:43 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-05-22 00:43 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-05-22 00:43 408,576 --a------ C:\WINDOWS\system32\mstsc.exe 2007-05-22 00:43 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-05-22 00:43 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-05-22 00:43 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-05-22 00:43 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-05-22 00:43 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-05-22 00:43 349,696 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-05-22 00:43 345,088 --a------ C:\WINDOWS\system32\mspaint.exe 2007-05-22 00:43 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-05-22 00:43 296,448 --a------ C:\WINDOWS\system32\termsrv.dll 2007-05-22 00:43 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-05-22 00:43 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-05-22 00:43 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-05-22 00:43 229,888 --a------ C:\WINDOWS\system32\catsrv.dll 2007-05-22 00:43 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-05-22 00:43 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-05-22 00:43 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-05-22 00:43 20,992 --a------ C:\WINDOWS\system32\qprocess.exe 2007-05-22 00:43 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-05-22 00:43 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-05-22 00:43 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-05-22 00:43 187,904 --a------ C:\WINDOWS\system32\cmprops.dll 2007-05-22 00:43 187,904 --a------ C:\WINDOWS\system32\accwiz.exe 2007-05-22 00:43 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-05-22 00:43 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-05-22 00:43 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-05-22 00:43 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-05-22 00:43 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-05-22 00:43 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-05-22 00:43 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-05-22 00:43 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-05-22 00:43 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-05-22 00:43 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-05-22 00:43 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-05-22 00:43 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-05-22 00:43 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-05-22 00:43 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-05-22 00:43 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-05-22 00:43 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-05-22 00:43 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-05-22 00:43 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-05-22 00:43 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-05-22 00:43 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-05-22 00:43 124,928 --a------ C:\WINDOWS\system32\mplay32.exe 2007-05-22 00:43 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-05-22 00:43 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-05-22 00:43 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-05-22 00:43 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-05-22 00:43 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-05-22 00:43 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-05-22 00:43 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-05-22 00:43 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-05-22 00:43 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-05-22 00:43 <DIR> d-------- C:\WINDOWS\system32\MsDtc 2007-05-22 00:43 <DIR> d-------- C:\WINDOWS\system32\Com 2007-05-22 00:43 <DIR> d-------- C:\Program Files\Windows NT (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-22 08:12:13 -------- d-----w C:\Program Files\Usługi online 2007-05-21 22:55:15 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-21 22:55:15 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 08:30] "nwiz"="nwiz.exe" [2005-08-02 08:30 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 08:30] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44] *Newly Created Service* -PROCEXP90 ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-22 22:51:28 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-22 22:52:06 --- E O F --- ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 ))))))))))))))))))))))))))))))))))
#109
fraidycat
-
-
- 6 postów
Obserwator
Napisano 23 05 2007 - 12:31
Od pewnego czasu ciągle otwiera mi się reklama CiD... Proszę o sprawdzenie loga i pomoc... W tych sprawach jestem kompletnie zielona...
Z góry wielkie dzięki
Logfile of HijackThis v1.99.1
Scan saved at 11:47:55, on 2007-05-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\user\Pulpit\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [proxy platform multi intra] C:\Documents and Settings\All Users\Dane aplikacji\mess [beeep] proxy platform\logostore.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [log size] C:\DOCUME~1\user\DANEAP~1\WMALOA~1\DOWNLOAD THUNK.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_74.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179496232156
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_46.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_49.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/eng/wordssingle_2_0_0_46.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\user\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeZ góry wielkie dzięki
#110
CatchMe
-
-
- 6 postów
Obserwator
Napisano 23 05 2007 - 15:01
Pobierz i uruchom narzędzie : The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:
Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/wpisy:
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:
Folders to delete:
C:\Documents and Settings\All Users\Dane aplikacji\mess [beeep] proxy platform
C:\DOCUME~1\user\DANEAP~1\WMALOA~1
Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/wpisy:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [proxy platform multi intra] C:\Documents and Settings\All Users\Dane aplikacji\mess [beeep] proxy platform\logostore.exe
O4 - HKCU\..\Run: [log size] C:\DOCUME~1\user\DANEAP~1\WMALOA~1\DOWNLOAD THUNK.exe
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix
#111
fraidycat
-
-
- 6 postów
Obserwator
Napisano 23 05 2007 - 16:02
Dziękuję za szybką odpowiedź
Avenger
HijackThis
Silent Runners
Combofix
Avenger
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\fdieprdc ******************* Script file located at: \??\C:\sjghxrrd.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Folder C:\Documents and Settings\All Users\Dane aplikacji\mess [beeep] proxy platform deleted successfully. Folder C:\DOCUME~1\user\DANEAP~1\WMALOA~1 deleted successfully. Completed script processing. ******************* Finished! Terminate.
HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 15:51:15, on 2007-05-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\Moje dokumenty\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_74.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179496232156
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_46.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_49.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/eng/wordssingle_2_0_0_46.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\user\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeSilent Runners
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ClamWin" = ""C:\Program Files\ClamWin\bin\ClamTray.exe" --logon" ["alch"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ClamWin\(Default) = "{65713842-C410-4f44-8383-BFE01A398C90}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ClamWin\(Default) = "{65713842-C410-4f44-8383-BFE01A398C90}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "user" & "All Users" startup folders:
------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Enabled Scheduled Tasks:
------------------------
"A41E4E879191C977" -> launches: "c:\docume~1\user\daneap~1\wmaloa~1\exitstartbib.exe" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Messenger Sharing Folders USN Journal Reader service, usnjsvc, ""C:\Program Files\MSN Messenger\usnsvc.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 44 seconds, including 18 seconds for message boxes)Combofix
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-23 ))))))))))))))))))))))))))))))))))
2007-05-23 15:36 <DIR> d-------- C:\avenger
2007-05-23 11:52 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-23 07:01 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\AdobeUM
2007-05-22 21:05 <DIR> d-------- C:\Program Files\AP Tuner
2007-05-21 15:05 <DIR> d-------- C:\Program Files\Damian Pasternak
2007-05-21 01:53 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2007-05-21 01:53 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-05-21 01:48 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-20 23:12 <DIR> d-------- C:\Program Files\Ganymede
2007-05-20 21:39 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-05-19 15:12 <DIR> d-------- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
2007-05-19 14:52 647,168 --a------ C:\WINDOWS\2M-Nature-vol3.scr
2007-05-19 14:52 <DIR> d-------- C:\Program Files\2MScreenSaver
2007-05-19 10:53 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Lavasoft
2007-05-19 10:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-19 10:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-19 10:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Messenger Plus!
2007-05-19 08:16 <DIR> d-------- C:\Program Files\wma load debug
2007-05-19 08:16 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-05-19 08:16 <DIR> d-------- C:\Program Files\Adverts
2007-05-19 02:08 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-05-19 01:50 <DIR> d-------- C:\Program Files\eMule
2007-05-18 23:03 995,056 --a------ C:\WINDOWS\system\MSAJT200.DLL
2007-05-18 23:03 92,576 --a------ C:\WINDOWS\system\ODBCINST.DLL
2007-05-18 23:03 88,896 --a------ C:\WINDOWS\system\ODBCCURS.DLL
2007-05-18 23:03 64,080 --a------ C:\WINDOWS\system\ODBCTL16.DLL
2007-05-18 23:03 6,464 --a------ C:\WINDOWS\ODBCADM.EXE
2007-05-18 23:03 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2007-05-18 23:03 56,240 --a------ C:\WINDOWS\system\ODBC.DLL
2007-05-18 23:03 51,712 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2007-05-18 23:03 322,384 --a------ C:\WINDOWS\system\MFC250.DLL
2007-05-18 23:03 302,592 --a------ C:\WINDOWS\system\OLE2.DLL
2007-05-18 23:03 298,880 --a------ C:\WINDOWS\system\VBAR2.DLL
2007-05-18 23:03 27,632 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2007-05-18 23:03 27,026 --a------ C:\WINDOWS\system\OLE2.REG
2007-05-18 23:03 246,928 --a------ C:\WINDOWS\system\ODBCJT16.DLL
2007-05-18 23:03 177,216 --a------ C:\WINDOWS\system\TYPELIB.DLL
2007-05-18 23:03 164,832 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2007-05-18 23:03 157,696 --a------ C:\WINDOWS\system\STORAGE.DLL
2007-05-18 23:03 150,976 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2007-05-18 23:03 15,936 --a------ C:\WINDOWS\system\MSJETINT.DLL
2007-05-18 23:03 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
2007-05-18 23:03 125,856 --a------ C:\WINDOWS\system\MFCO250.DLL
2007-05-18 23:03 11,232 --a------ C:\WINDOWS\system\MSJETERR.DLL
2007-05-18 23:03 108,544 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2007-05-18 23:03 10,304 --a------ C:\WINDOWS\system\MSCPXLT.DLL
2007-05-18 23:03 1,984 --a------ C:\WINDOWS\system\VBAJET.DLL
2007-05-18 23:03 <DIR> d-------- C:\YDPDICT
2007-05-18 23:02 271,248 --a------ C:\WINDOWS\ISUN16.EXE
2007-05-18 23:02 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-05-18 23:02 <DIR> d-------- C:\DOCUME~1\user\WINDOWS
2007-05-18 21:53 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Gadu-Gadu
2007-05-18 21:14 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Ahead
2007-05-18 19:43 <DIR> d-------- C:\DOCUME~1\user\Contacts
2007-05-18 19:40 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-18 19:36 4 --a------ C:\WINDOWS\system32\proc861054894.bin
2007-05-18 19:36 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-05-18 19:36 <DIR> d-------- C:\DOCUME~1\user\Gadu-Gadu
2007-05-18 19:36 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\GanymedeNet
2007-05-18 19:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2007-05-18 19:17 <DIR> d-------- C:\Program Files\Skype
2007-05-18 19:17 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-18 19:17 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Skype
2007-05-18 19:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype
2007-05-18 16:33 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-18 16:33 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-18 16:33 <DIR> d-------- C:\Program Files\Google
2007-05-18 16:32 <DIR> d-------- C:\Program Files\Prime95
2007-05-18 16:32 <DIR> d-------- C:\Program Files\Picasa2
2007-05-18 16:14 <DIR> d-------- C:\Program Files\ffdshow
2007-05-18 16:12 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-18 16:11 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-18 16:10 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-18 16:10 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-05-18 16:10 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys
2007-05-18 16:09 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-18 16:09 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-18 16:09 <DIR> dr------- C:\Program Files
2007-05-18 16:09 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-18 16:09 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-18 16:09 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-05-18 16:08 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-18 16:08 9,168 --a------ C:\WINDOWS\system\VER.DLL
2007-05-18 16:08 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-18 16:08 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-18 16:08 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-18 16:08 75,776 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-18 16:08 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-05-18 16:08 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-18 16:08 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-05-18 16:08 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-18 16:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-18 16:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-18 16:08 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-18 16:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-18 16:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-18 16:08 5,632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-05-18 16:08 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-18 16:08 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-18 16:08 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-18 16:08 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-18 16:08 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-18 16:08 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-18 16:08 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-18 16:08 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-18 16:08 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-18 16:08 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-18 16:08 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-18 16:08 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-18 16:08 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-18 16:08 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne
2007-05-18 16:08 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji
2007-05-18 16:08 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji
2007-05-18 16:08 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start
2007-05-18 16:08 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start
2007-05-18 16:08 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty
2007-05-18 16:08 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony
2007-05-18 16:08 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony
2007-05-18 16:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-18 16:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit
2007-05-18 16:07 <DIR> d--hs---- C:\System Volume Information
2007-05-18 16:07 <DIR> d-------- C:\Documents and Settings
2007-05-18 16:02 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-18 16:02 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-18 16:02 <DIR> dr------- C:\WINDOWS\Web
2007-05-18 16:02 <DIR> d--h----- C:\WINDOWS\inf
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1045
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\security
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Resources
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\repair
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Provisioning
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\PeerNet
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\pchealth
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\mui
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\msapps
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\msagent
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Media
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\ime
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Help
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\ehome
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Debug
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Config
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\addins
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS
2007-05-18 16:00 851,968 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-05-18 16:00 782,336 --a------ C:\WINDOWS\system32\nwiz.exe
2007-05-18 16:00 454,656 --a------ C:\WINDOWS\system32\nvshell.dll
2007-05-18 16:00 401,408 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-05-18 16:00 315,392 --a------ C:\WINDOWS\system32\keystone.exe
2007-05-18 16:00 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-05-18 16:00 1,335,296 --a------ C:\WINDOWS\system32\nview.dll
2007-05-18 16:00 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-05-18 16:00 <DIR> d-------- C:\WINDOWS\nview
2007-05-18 15:56 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-18 15:56 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-18 15:56 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-18 15:53 <DIR> d-------- C:\NVIDIA Display Driver
2007-05-18 15:51 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-18 15:51 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-18 15:50 <DIR> d---s---- C:\DOCUME~1\user\UserData
2007-05-18 15:50 <DIR> d-------- C:\Program Files\ClamWin
2007-05-18 15:50 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\.clamwin
2007-05-18 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\.clamwin
2007-05-18 15:44 2,916,352 --------- C:\WINDOWS\UNNMP.exe
2007-05-18 15:42 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-05-18 15:42 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2007-05-18 15:42 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-05-18 15:42 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-05-18 15:41 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-05-18 15:41 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-05-18 15:41 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-05-18 15:41 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-05-18 15:41 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-05-18 15:41 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-05-18 15:41 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-05-18 15:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-18 15:41 <DIR> d-------- C:\Program Files\Ahead
2007-05-18 15:41 <DIR> d-------- C:\install
2007-05-18 15:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Ahead
2007-05-18 15:32 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-18 15:31 <DIR> d-------- C:\Program Files\Realtek AC97
2007-05-18 15:30 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-05-18 15:28 <DIR> d-------- C:\Program Files\Microsoft Works
2007-05-18 15:27 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-18 15:24 <DIR> dr-h----- C:\MSOCache
2007-05-18 15:13 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-18 15:13 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-18 15:13 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-18 15:13 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-18 15:13 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-18 15:13 577,536 --a------ C:\WINDOWS\soundman.exe
2007-05-18 15:13 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-18 15:13 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-18 15:13 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-18 15:13 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-05-18 15:13 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-18 15:13 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-18 15:13 4,027,840 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-05-18 15:13 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-18 15:13 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-18 15:13 147,456 -ra------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-05-18 15:13 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-18 15:13 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-05-18 15:13 10,528,768 -ra------ C:\WINDOWS\system32\RTLCPL.EXE
2007-05-18 15:13 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-05-18 15:13 <DIR> d-------- C:\Program Files\AvRack
2007-05-18 15:12 315,392 -r------- C:\WINDOWS\alcupd.exe
2007-05-18 15:12 217,088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-05-18 15:00 9,216 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2007-05-18 15:00 102,912 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2007-05-18 15:00 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-18 15:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-18 15:00 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-18 14:59 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2007-05-18 14:59 <DIR> d-------- C:\Program Files\VIA
2007-05-18 14:59 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-05-18 14:52 <DIR> d--hs---- C:\RECYCLER
2007-05-18 14:47 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-18 14:34 2,621,440 --ah----- C:\DOCUME~1\user\NTUSER.DAT
2007-05-18 14:34 <DIR> dr-h----- C:\DOCUME~1\user\Dane aplikacji
2007-05-18 14:34 <DIR> dr------- C:\DOCUME~1\user\Ulubione
2007-05-18 14:34 <DIR> dr------- C:\DOCUME~1\user\Moje dokumenty
2007-05-18 14:34 <DIR> dr------- C:\DOCUME~1\user\Menu Start
2007-05-18 14:34 <DIR> d--h----- C:\DOCUME~1\user\Ustawienia lokalne
2007-05-18 14:34 <DIR> d--h----- C:\DOCUME~1\user\Szablony
2007-05-18 14:34 <DIR> d-------- C:\DOCUME~1\user\Pulpit
2007-05-18 14:33 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-18 14:32 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-18 14:32 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-18 14:32 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Ustawienia lokalne
2007-05-18 14:32 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Ustawienia lokalne
2007-05-18 14:32 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-18 14:32 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dane aplikacji
2007-05-18 14:32 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dane aplikacji
2007-05-18 14:30 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-05-18 14:30 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-05-18 14:27 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-18 14:27 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-18 14:27 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-18 14:26 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-18 14:26 0 -rahs---- C:\MSDOS.SYS
2007-05-18 14:26 0 -rahs---- C:\IO.SYS
2007-05-18 14:26 0 --a------ C:\CONFIG.SYS
2007-05-18 14:26 0 --a------ C:\AUTOEXEC.BAT
2007-05-18 14:25 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-18 14:24 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-18 14:24 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-05-18 14:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-18 14:24 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-18 14:24 <DIR> d-------- C:\Program Files\Usugi online
2007-05-18 14:23 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-18 14:23 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-18 14:23 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-05-18 14:23 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-18 14:23 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-18 14:23 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-05-18 14:23 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-18 14:23 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-18 14:23 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-18 14:23 67,584 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-18 14:23 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-18 14:23 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-18 14:23 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-18 14:23 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-18 14:23 49,664 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-18 14:23 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-18 14:23 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-18 14:23 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-18 14:23 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-18 14:23 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-18 14:23 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-18 14:23 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-18 14:23 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-18 14:23 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-18 14:23 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-18 14:23 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-18 14:23 278,528 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-18 14:23 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-18 14:23 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-18 14:23 240,128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-18 14:23 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-05-18 14:23 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-05-18 14:23 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-18 14:23 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-18 14:23 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-18 14:23 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-18 14:23 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-18 14:23 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-05-18 14:23 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-18 14:23 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-05-18 14:23 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-18 14:23 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-18 14:23 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-18 14:23 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-18 14:23 1,710,936 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-18 14:23 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-18 14:23 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-18 14:23 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-18 14:23 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-18 14:23 <DIR> d-------- C:\Program Files\Movie Maker
2007-05-18 14:23 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-05-18 14:22 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-18 14:21 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-18 14:21 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-18 14:21 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-18 14:21 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-05-18 14:21 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-18 14:21 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-18 14:21 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-18 14:21 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-18 14:21 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-18 14:21 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-18 14:21 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-18 14:21 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-05-18 14:21 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-18 14:21 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-18 14:21 60,928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-18 14:21 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-05-18 14:21 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-18 14:21 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-18 14:21 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-05-18 14:21 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-18 14:21 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-18 14:21 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-05-18 14:21 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-18 14:21 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-18 14:21 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-18 14:21 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-18 14:21 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-18 14:21 408,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-18 14:21 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-18 14:21 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-18 14:21 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-18 14:21 351,744 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-18 14:21 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-18 14:21 345,088 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-18 14:21 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-18 14:21 296,448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-18 14:21 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-18 14:21 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-18 14:21 231,424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-18 14:21 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-05-18 14:21 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-18 14:21 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-05-18 14:21 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-18 14:21 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-18 14:21 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-18 14:21 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-18 14:21 187,904 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-18 14:21 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-18 14:21 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-18 14:21 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-18 14:21 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-18 14:21 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-18 14:21 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-18 14:21 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-18 14:21 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-18 14:21 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-18 14:21 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-18 14:21 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-18 14:21 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-18 14:21 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-18 14:21 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-18 14:21 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-18 14:21 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-18 14:21 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-18 14:21 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-18 14:21 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-18 14:21 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-18 14:21 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-18 14:21 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-18 14:21 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-05-18 14:21 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-18 14:21 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-18 14:21 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-18 14:21 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-18 14:21 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-18 14:21 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-18 14:21 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-18 14:21 <DIR> d-------- C:\WINDOWS\Registration
2007-05-18 14:21 <DIR> d-------- C:\Program Files\Windows NT
2007-05-18 14:21 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-05-18 14:21 <DIR> d-------- C:\Program Files\Messenger
2007-05-18 14:20 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-18 14:20 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-18 14:20 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-18 14:20 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-05-18 14:20 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-18 14:20 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-18 14:20 187,904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-18 14:20 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-18 14:20 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-19 22:32:01 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-05-19 22:32:01 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-05-18 13:51:18 -------- d-----w C:\DOCUME~1\user\DANEAP~1\.clamwin
2007-05-18 12:24:31 -------- d-----w C:\Program Files\Usługi online
2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 06:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-04-30 19:17]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-24 10:04]
"nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-03-24 10:04]
"SoundMan"="SOUNDMAN.EXE" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-01 04:52]
"Cmaudio"="cmicnfg.cpl" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-10 16:09]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e3a3ca9-0548-11dc-85cb-806d6172696f}]
AutoRun\command- D:\setup.exe
Contents of the 'Scheduled Tasks' folder
2007-05-23 13:00:00 C:\WINDOWS\tasks\A41E4E879191C977.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-23 15:59:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
imapi.exe [2940]
cmd.exe [3900]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-23 15:59:28
C:\ComboFix-quarantined-files.txt ... 2007-05-23 15:59
C:\ComboFix2.txt ... 2007-05-23 11:52
#113
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 24 05 2007 - 18:02
Logi są czyste.
Masz aplikacje NirCmd?
Masz aplikacje NirCmd?
#114
CatchMe
-
-
- 6 postów
Obserwator
Napisano 24 05 2007 - 18:52
Logi NIE są czyste
Maćko do roboty ...
"A41E4E879191C977" -> launches: "c:\docume~1\user\daneap~1\wmaloa~1\exitstartbib.exe" [file not found]
Maćko do roboty ...
#115
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 24 05 2007 - 18:58
W Trybie Awaryjnym => Start => Uruchom => Cmd => Wklep i zatwierdź Enter`em:
DEL C:\WINDOWS\tasks\A41E4E879191C977.job
Dodatkowo:
Pobierz GMER`a.
1. Rootkit => Szukaj => Bez zaznaczania Pokaż Wszystko => Ctrl + V Wklej do posta.
2. Rootkit => Zaznaczone tylko Pokazuj wszystko + Usługi => Szukaj => Kopiuj => Ctrl + V Wklej do posta.
#116
fraidycat
-
-
- 6 postów
Obserwator
Napisano 25 05 2007 - 02:50
GMER 1.0.12.12010 - http://www.gmer.net
Rootkit scan 2007-05-25 02:43:54
Windows 5.1.2600 Dodatek Service Pack 2
---- Kernel code sections - GMER 1.0.12 ----
.text ntdll.dll!NtClose 7C90D586 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 7C90D793 5 Bytes JMP 72033FC8
---- User code sections - GMER 1.0.12 ----
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001B70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 27001AE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001A60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001CD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] ADVAPI32.dll!CryptDeriveKey 77DDA685 7 Bytes JMP 27001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] ADVAPI32.dll!CryptDecrypt 77DDA7B1 2 Bytes JMP 27001050 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] ADVAPI32.dll!CryptDecrypt + 3 77DDA7B4 4 Bytes [ 22, AF, CC, CC ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 27003A20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 27003330 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] USER32.dll!SetWindowRgn 7E36FFB2 7 Bytes JMP 27004D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] USER32.dll!CreateDialogParamW 7E377D4F 5 Bytes JMP 27004E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] USER32.dll!SetWindowPlacement 7E37D84C 5 Bytes JMP 27004CA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 27004F80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] USER32.dll!TrackPopupMenuEx 7E3BCD28 5 Bytes JMP 270041F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] WS2_32.dll!send 71A5428A 5 Bytes JMP 27009150 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 27008F40 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] WS2_32.dll!recv 71A5615A 5 Bytes JMP 27008DB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 270092D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 270094E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] SHELL32.dll!Shell_NotifyIconW 7CA21B6A 5 Bytes JMP 27002B10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] ole32.dll!CoInitializeEx 774EEF6B 5 Bytes JMP 27001D30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] ole32.dll!CoRegisterClassObject 77508720 5 Bytes JMP 27001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] WININET.dll!HttpOpenRequestA 771B36AD 5 Bytes JMP 27007D00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] WININET.dll!InternetCloseHandle 771B4D6C 5 Bytes JMP 27007FE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] WININET.dll!HttpSendRequestA 771B6249 5 Bytes JMP 27007F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1616] WININET.dll!InternetReadFile 771B80F4 5 Bytes JMP 27007E60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\user\Pulpit\bestplayer1.0.exe:SummaryInformation
ADS C:\Documents and Settings\user\Pulpit\bestplayer1.0.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
---- EOF - GMER 1.0.12 ----GMER 1.0.12.12010 - http://www.gmer.net
Rootkit scan 2007-05-25 02:47:38
Windows 5.1.2600 Dodatek Service Pack 2
---- Services - GMER 1.0.12 ----
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service C:\WINDOWS\system32\DRIVERS\amdk7.sys [SYSTEM] AmdK7
Service [DISABLED] amsint
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub
Service BattC
Service [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS
Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser
Service [DISABLED] cbidf2k
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service [DISABLED] CmdIde
Service C:\WINDOWS\system32\drivers\cmuda.sys [MANUAL] cmuda
Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem
Service [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [SYSTEM] Fips
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr
Service [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [MANUAL] gusvc
Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb
Service C:\DOCUME~1\user\USTAWI~1\Temp\hpdj.exe [AUTO] hpdj
Service [DISABLED] hpn
Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts
Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger
Service [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service C:\WINDOWS\system32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service [BOOT] Mup
Service [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla
Service [SYSTEM] Npfs
Service [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv
Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr
Service [AUTO] ParVdm
Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump
Service [DISABLED] PCIIde
Service [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service RDPNP
Service [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys [SYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry
Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP
Service C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [MANUAL] rtl8029
Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum
Service C:\WINDOWS\system32\DRIVERS\serial.sys [SYSTEM] Serial
Service [SYSTEM] Sfloppy
Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service C:\WINDOWS\system32\DRIVERS\sr.sys [BOOT] sr
Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice
Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv
Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc
Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service TSDDD
Service C:\WINDOWS\system32\DRIVERS\uagp35.sys [BOOT] uagp35
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf
Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci
Service C:\Program Files\MSN Messenger\usnsvc.exe [MANUAL] usnjsvc
Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service C:\WINDOWS\system32\DRIVERS\viaide.sys [BOOT] ViaIde
Service C:\WINDOWS\system32\DRIVERS\viamraid.sys [BOOT] viamraid
Service C:\WINDOWS\system32\DRIVERS\videX32.sys [BOOT] videX32
Service [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc
Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv
Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC
Service xfilt
Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov
Service {B0474C40-E651-4BCF-93AA-A2C2645637E5}
---- EOF - GMER 1.0.12 ----...pobrać NirCmd?
#117
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 25 05 2007 - 10:26
Ja w logach nic nie widzę.
Masz aplikacje NirCmd?
#118
fraidycat
-
-
- 6 postów
Obserwator
Napisano 25 05 2007 - 12:10
Nie mam aplikacji NirCmd... ale znowu jest coś nie tak pozbyłam się reklamy CiD... teraz z kolei inne wyskakują... w dodatku pojawia mi się cały czas w dole ekranu chmurka, której nie mogę zlikwidować
"Your computer is infected!
Windows has detected spyware infection which corrupted the registry.
It is recommended to load update to prevent data loss.
Windows will now download and install the most up-to-date software for you."
Dodam, że w trakcie skanowania ClamWin'em wyskakuje powiadomienie że nastapił problem z services.exe i aplikacja zosatanie zamknięta, po czym gdy zamknę to okno komputer sam się restartuje
Jakbyś mógł spojrzeć jeszcze raz na aktualne logi:
HijackThis
Silent Runners
pozbyłam się reklamy CiD... teraz z kolei inne wyskakują... w dodatku pojawia mi się cały czas w dole ekranu chmurka, której nie mogę zlikwidować"Your computer is infected!
Windows has detected spyware infection which corrupted the registry.
It is recommended to load update to prevent data loss.
Windows will now download and install the most up-to-date software for you."
Dodam, że w trakcie skanowania ClamWin'em wyskakuje powiadomienie że nastapił problem z services.exe i aplikacja zosatanie zamknięta, po czym gdy zamknę to okno komputer sam się restartuje
Jakbyś mógł spojrzeć jeszcze raz na aktualne logi:
HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 15:16:21, on 2007-05-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\retadpu2000352.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ipmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Moje dokumenty\Naprawa\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ntogfmfw.dll",realset
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aoar] "C:\DOCUME~1\user\MOJEDO~1\ASKS~1\nopdb.exe" -vt yazb
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_74.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179496232156
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_46.cab
O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/eng/makao_2_0_0_23.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_49.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/eng/wordssingle_2_0_0_46.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_31.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\user\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeSilent Runners
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"Aoar" = ""C:\DOCUME~1\user\MOJEDO~1\ASKS~1\nopdb.exe" -vt yazb" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ClamWin" = ""C:\Program Files\ClamWin\bin\ClamTray.exe" --logon" ["alch"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"runner1" = "C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310" [empty string]
"ipmon" = "ipmon.exe" [MS]
"setup" = "rundll32.exe "C:\WINDOWS\system32\ntogfmfw.dll",realset" [MS]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{55DB983C-BDBF-426f-86F0-187B02DDA39B}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ebkhdduf.dll" [file not found]
{709AFF26-6BB0-4AD3-A3A3-1286592465D6}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ljjgecc.dll" [null data]
{B09637FF-82A3-403D-9D89-BB8A7C704A1B}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ddccb.dll" [null data]
{b5146c40-189a-4311-bda9-fbae3e023187}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Multi_Media toolbar"
\InProcServer32\(Default) = "C:\Program Files\Multi_Media\tbMult.dll" ["Conduit Ltd."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
#119
Maciej13
-
-
- 261 postów
SecurityMaster
Napisano 26 05 2007 - 10:31
Odinstaluj Multi_Media z Panelu Sterowania w Trybie Awaryjnym.
Użyj Windows Worms Doors Cleaner. Wszystkie znaczki przestawiasz tak, aby były na zielono. Po użyciu resetujesz komputer!
W Trybie Awaryjnym - Użyj SmitFraudFix z opcji 2 + NoLop + Deljob + FindLop + VundoFix + FixVundo + VirtumundoBeGone.
Po pracy pokaż log z Hijack This + Silent Runners + ComboFix + SmitFraudFix + FixVundo + VirtumundoBeGone + C:\Vundofix.txt + NoLop + Deljob + FindLop.
Użyj Windows Worms Doors Cleaner. Wszystkie znaczki przestawiasz tak, aby były na zielono. Po użyciu resetujesz komputer!
W Trybie Awaryjnym - Użyj SmitFraudFix z opcji 2 + NoLop + Deljob + FindLop + VundoFix + FixVundo + VirtumundoBeGone.
Po pracy pokaż log z Hijack This + Silent Runners + ComboFix + SmitFraudFix + FixVundo + VirtumundoBeGone + C:\Vundofix.txt + NoLop + Deljob + FindLop.
#120
fraidycat
-
-
- 6 postów
Obserwator
Napisano 26 05 2007 - 23:06
W międzyczasie doradzono mi przeskanowanie VundoFix, FixVundo i VirtumundoBeGone (przepraszam, nie mogłam czekać - komputer restartował się zbyt często). Pojawiająca się 'chmurka' już się nie pojawia, a komputer już się nie restartuje... Do tej pory pozostał tylko problem z wyskakującym oknem reklamowym z takim adresem lub przekierowaniem: ad.oinadserver.com
Przeskanowałam komputer jeszcze raz programami o których pisałeś, ale nadal pojawia się okno reklamowe...
Oto logi:
HijackThis
Silent Runners
Combofix
SmitFraudFix
FixVundo
VirtumundoBeGone
NoLop
Deljob
FindLop (tylko tyle)
Do tej pory pozostał tylko problem z wyskakującym oknem reklamowym z takim adresem lub przekierowaniem: ad.oinadserver.comPrzeskanowałam komputer jeszcze raz programami o których pisałeś, ale nadal pojawia się okno reklamowe...
Oto logi:
HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 22:31:01, on 2007-05-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\SSTEM~1\winword.exe
C:\WINDOWS\M?crosoft\l?gonui.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Moje dokumenty\Naprawa\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\yeotogqf.dll (file missing)
O2 - BHO: (no name) - {709AFF26-6BB0-4AD3-A3A3-1286592465D6} - C:\WINDOWS\system32\ljjgecc.dll (file missing)
O2 - BHO: (no name) - {E00F4D1D-D0A3-AB2F-D90B-89ADA9BB779C} - C:\WINDOWS\system32\hqwdf.dll
O2 - BHO: (no name) - {ECC582B6-F7EF-4A67-BD84-5F40DDC1576D} - C:\WINDOWS\system32\ddccb.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aoar] "C:\WINDOWS\system32\SSTEM~1\winword.exe" -vt yazb
O4 - HKCU\..\Run: [Tnzessj] C:\WINDOWS\M?crosoft\l?gonui.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_74.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179496232156
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_46.cab
O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/eng/makao_2_0_0_23.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_49.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/eng/wordssingle_2_0_0_46.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_31.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\user\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeSilent Runners
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Aoar" = ""C:\WINDOWS\system32\SSTEM~1\winword.exe" -vt yazb" [null data]
"Tnzessj" = "C:\WINDOWS\M*crosoft\l*gonui.exe" (unwritable string) [null data]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ClamWin" = ""C:\Program Files\ClamWin\bin\ClamTray.exe" --logon" ["alch"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"ipmon" = "ipmon.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4B646AFB-9341-4330-8FD1-C32485AEE619}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\yeotogqf.dll" [file not found]
{709AFF26-6BB0-4AD3-A3A3-1286592465D6}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ljjgecc.dll" [file not found]
{E00F4D1D-D0A3-AB2F-D90B-89ADA9BB779C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\hqwdf.dll" [null data]
{ECC582B6-F7EF-4A67-BD84-5F40DDC1576D}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ddccb.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ClamWin\(Default) = "{65713842-C410-4f44-8383-BFE01A398C90}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ClamWin\(Default) = "{65713842-C410-4f44-8383-BFE01A398C90}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "user" & "All Users" startup folders:
------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 27 seconds, including 2 seconds for message boxes)Combofix
"user" - 2007-05-26 22:46:24 Dodatek Service Pack 2
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\user\Moje dokumenty\Naprawa\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-26 ))))))))))))))))))))))))))))))))))
2007-05-26 21:44 212 --a------ C:\delete.bat
2007-05-26 21:20 2,060 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-26 18:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-26 18:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-26 18:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-26 08:42 <DIR> d-------- C:\WINDOWS\system32\s?stem
2007-05-26 01:05 <DIR> d-------- C:\avenger
2007-05-25 23:24 60,928 --a------ C:\WINDOWS\system32\hqwdf.dll
2007-05-25 23:24 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-05-25 22:57 <DIR> d-------- C:\VundoFix Backups
2007-05-25 14:01 <DIR> d-------- C:\Program Files\SkanerOnline
2007-05-25 09:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Adobe Systems
2007-05-23 11:52 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-23 07:01 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\AdobeUM
2007-05-22 21:05 <DIR> d-------- C:\Program Files\AP Tuner
2007-05-21 15:05 <DIR> d-------- C:\Program Files\Damian Pasternak
2007-05-21 01:53 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2007-05-21 01:53 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-05-21 01:48 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-20 23:12 <DIR> d-------- C:\Program Files\Ganymede
2007-05-20 21:39 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-05-19 15:12 <DIR> d-------- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
2007-05-19 14:52 647,168 --a------ C:\WINDOWS\2M-Nature-vol3.scr
2007-05-19 14:52 <DIR> d-------- C:\Program Files\2MScreenSaver
2007-05-19 10:53 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Lavasoft
2007-05-19 10:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-19 10:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-19 10:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Messenger Plus!
2007-05-19 08:16 <DIR> d-------- C:\Program Files\wma load debug
2007-05-19 08:16 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-05-19 08:16 <DIR> d-------- C:\Program Files\Adverts
2007-05-19 02:08 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-05-19 01:50 <DIR> d-------- C:\Program Files\eMule
2007-05-18 23:03 995,056 --a------ C:\WINDOWS\system\MSAJT200.DLL
2007-05-18 23:03 92,576 --a------ C:\WINDOWS\system\ODBCINST.DLL
2007-05-18 23:03 88,896 --a------ C:\WINDOWS\system\ODBCCURS.DLL
2007-05-18 23:03 64,080 --a------ C:\WINDOWS\system\ODBCTL16.DLL
2007-05-18 23:03 6,464 --a------ C:\WINDOWS\ODBCADM.EXE
2007-05-18 23:03 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2007-05-18 23:03 56,240 --a------ C:\WINDOWS\system\ODBC.DLL
2007-05-18 23:03 51,712 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2007-05-18 23:03 322,384 --a------ C:\WINDOWS\system\MFC250.DLL
2007-05-18 23:03 302,592 --a------ C:\WINDOWS\system\OLE2.DLL
2007-05-18 23:03 298,880 --a------ C:\WINDOWS\system\VBAR2.DLL
2007-05-18 23:03 27,632 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2007-05-18 23:03 27,026 --a------ C:\WINDOWS\system\OLE2.REG
2007-05-18 23:03 246,928 --a------ C:\WINDOWS\system\ODBCJT16.DLL
2007-05-18 23:03 177,216 --a------ C:\WINDOWS\system\TYPELIB.DLL
2007-05-18 23:03 164,832 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2007-05-18 23:03 157,696 --a------ C:\WINDOWS\system\STORAGE.DLL
2007-05-18 23:03 150,976 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2007-05-18 23:03 15,936 --a------ C:\WINDOWS\system\MSJETINT.DLL
2007-05-18 23:03 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
2007-05-18 23:03 125,856 --a------ C:\WINDOWS\system\MFCO250.DLL
2007-05-18 23:03 11,232 --a------ C:\WINDOWS\system\MSJETERR.DLL
2007-05-18 23:03 108,544 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2007-05-18 23:03 10,304 --a------ C:\WINDOWS\system\MSCPXLT.DLL
2007-05-18 23:03 1,984 --a------ C:\WINDOWS\system\VBAJET.DLL
2007-05-18 23:03 <DIR> d-------- C:\YDPDICT
2007-05-18 23:02 271,248 --a------ C:\WINDOWS\ISUN16.EXE
2007-05-18 23:02 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-05-18 23:02 <DIR> d-------- C:\DOCUME~1\user\WINDOWS
2007-05-18 21:53 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Gadu-Gadu
2007-05-18 21:14 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Ahead
2007-05-18 19:43 <DIR> d-------- C:\DOCUME~1\user\Contacts
2007-05-18 19:40 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-18 19:36 4 --a------ C:\WINDOWS\system32\proc861054894.bin
2007-05-18 19:36 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-05-18 19:36 <DIR> d-------- C:\DOCUME~1\user\Gadu-Gadu
2007-05-18 19:36 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\GanymedeNet
2007-05-18 19:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2007-05-18 19:17 <DIR> d-------- C:\Program Files\Skype
2007-05-18 19:17 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-18 19:17 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Skype
2007-05-18 19:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype
2007-05-18 16:33 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-18 16:33 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-18 16:33 <DIR> d-------- C:\Program Files\Google
2007-05-18 16:32 <DIR> d-------- C:\Program Files\Prime95
2007-05-18 16:32 <DIR> d-------- C:\Program Files\Picasa2
2007-05-18 16:14 <DIR> d-------- C:\Program Files\ffdshow
2007-05-18 16:12 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-18 16:11 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-18 16:10 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-18 16:10 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-05-18 16:10 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys
2007-05-18 16:09 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-18 16:09 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-18 16:09 <DIR> d-a------ C:\Program Files
2007-05-18 16:09 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-18 16:09 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-18 16:09 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-05-18 16:08 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-18 16:08 9,168 --a------ C:\WINDOWS\system\VER.DLL
2007-05-18 16:08 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-18 16:08 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-18 16:08 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-18 16:08 75,776 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-18 16:08 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-05-18 16:08 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-18 16:08 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-05-18 16:08 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-18 16:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-18 16:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-18 16:08 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-18 16:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-18 16:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-18 16:08 5,632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-05-18 16:08 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-18 16:08 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-18 16:08 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-18 16:08 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-18 16:08 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-18 16:08 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-18 16:08 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-18 16:08 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-18 16:08 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-18 16:08 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-18 16:08 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-18 16:08 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-18 16:08 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-18 16:08 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne
2007-05-18 16:08 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji
2007-05-18 16:08 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji
2007-05-18 16:08 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start
2007-05-18 16:08 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start
2007-05-18 16:08 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty
2007-05-18 16:08 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony
2007-05-18 16:08 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony
2007-05-18 16:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-18 16:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit
2007-05-18 16:07 <DIR> d--hs---- C:\System Volume Information
2007-05-18 16:07 <DIR> d-------- C:\Documents and Settings
2007-05-18 16:02 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-18 16:02 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-18 16:02 <DIR> dr------- C:\WINDOWS\Web
2007-05-18 16:02 <DIR> d--h----- C:\WINDOWS\inf
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1045
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\security
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Resources
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\repair
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Provisioning
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\PeerNet
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\pchealth
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\mui
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\msapps
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\msagent
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Media
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\ime
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Help
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\ehome
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Debug
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Config
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\addins
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS
2007-05-18 16:00 851,968 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-05-18 16:00 782,336 --a------ C:\WINDOWS\system32\nwiz.exe
2007-05-18 16:00 454,656 --a------ C:\WINDOWS\system32\nvshell.dll
2007-05-18 16:00 401,408 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-05-18 16:00 315,392 --a------ C:\WINDOWS\system32\keystone.exe
2007-05-18 16:00 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-05-18 16:00 1,335,296 --a------ C:\WINDOWS\system32\nview.dll
2007-05-18 16:00 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-05-18 16:00 <DIR> d-------- C:\WINDOWS\nview
2007-05-18 15:56 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-18 15:56 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-18 15:56 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-18 15:53 <DIR> d-------- C:\NVIDIA Display Driver
2007-05-18 15:51 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-18 15:51 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-18 15:50 <DIR> d---s---- C:\DOCUME~1\user\UserData
2007-05-18 15:50 <DIR> d-------- C:\Program Files\ClamWin
2007-05-18 15:50 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\.clamwin
2007-05-18 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\.clamwin
2007-05-18 15:44 2,916,352 --------- C:\WINDOWS\UNNMP.exe
2007-05-18 15:42 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-05-18 15:42 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2007-05-18 15:42 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-05-18 15:42 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-05-18 15:41 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-05-18 15:41 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-05-18 15:41 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-05-18 15:41 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-05-18 15:41 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-05-18 15:41 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-05-18 15:41 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-05-18 15:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-18 15:41 <DIR> d-------- C:\Program Files\Ahead
2007-05-18 15:41 <DIR> d-------- C:\install
2007-05-18 15:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Ahead
2007-05-18 15:32 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-18 15:31 <DIR> d-------- C:\Program Files\Realtek AC97
2007-05-18 15:30 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-05-18 15:28 <DIR> d-------- C:\Program Files\Microsoft Works
2007-05-18 15:27 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-18 15:24 <DIR> dr-h----- C:\MSOCache
2007-05-18 15:13 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-18 15:13 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-18 15:13 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-18 15:13 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-18 15:13 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-18 15:13 577,536 --a------ C:\WINDOWS\soundman.exe
2007-05-18 15:13 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-18 15:13 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-18 15:13 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-18 15:13 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-05-18 15:13 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-18 15:13 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-18 15:13 4,027,840 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-05-18 15:13 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-18 15:13 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-18 15:13 147,456 -ra------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-05-18 15:13 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-18 15:13 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-05-18 15:13 10,528,768 -ra------ C:\WINDOWS\system32\RTLCPL.EXE
2007-05-18 15:13 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-05-18 15:13 <DIR> d-------- C:\Program Files\AvRack
2007-05-18 15:12 315,392 -r------- C:\WINDOWS\alcupd.exe
2007-05-18 15:12 217,088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-05-18 15:00 9,216 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2007-05-18 15:00 102,912 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2007-05-18 15:00 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-18 15:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-18 15:00 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-18 14:59 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2007-05-18 14:59 <DIR> d-------- C:\Program Files\VIA
2007-05-18 14:59 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-05-18 14:52 <DIR> d--hs---- C:\RECYCLER
2007-05-18 14:47 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-18 14:34 2,621,440 --ah----- C:\DOCUME~1\user\NTUSER.DAT
2007-05-18 14:34 <DIR> dr-h----- C:\DOCUME~1\user\Dane aplikacji
2007-05-18 14:34 <DIR> dr------- C:\DOCUME~1\user\Ulubione
2007-05-18 14:34 <DIR> dr------- C:\DOCUME~1\user\Moje dokumenty
2007-05-18 14:34 <DIR> dr------- C:\DOCUME~1\user\Menu Start
2007-05-18 14:34 <DIR> d--h----- C:\DOCUME~1\user\Ustawienia lokalne
2007-05-18 14:34 <DIR> d--h----- C:\DOCUME~1\user\Szablony
2007-05-18 14:34 <DIR> d-------- C:\DOCUME~1\user\Pulpit
2007-05-18 14:33 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-18 14:32 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-18 14:32 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-18 14:32 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Ustawienia lokalne
2007-05-18 14:32 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Ustawienia lokalne
2007-05-18 14:32 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-18 14:32 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dane aplikacji
2007-05-18 14:32 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dane aplikacji
2007-05-18 14:30 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-05-18 14:30 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-05-18 14:27 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-18 14:27 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-18 14:27 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-18 14:26 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-18 14:26 0 -rahs---- C:\MSDOS.SYS
2007-05-18 14:26 0 -rahs---- C:\IO.SYS
2007-05-18 14:26 0 --a------ C:\CONFIG.SYS
2007-05-18 14:26 0 --a------ C:\AUTOEXEC.BAT
2007-05-18 14:25 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-18 14:24 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-18 14:24 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-05-18 14:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-18 14:24 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-18 14:24 <DIR> d-------- C:\Program Files\Usugi online
2007-05-18 14:23 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-18 14:23 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-18 14:23 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-05-18 14:23 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-18 14:23 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-18 14:23 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-05-18 14:23 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-18 14:23 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-18 14:23 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-18 14:23 67,584 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-18 14:23 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-18 14:23 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-18 14:23 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-18 14:23 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-18 14:23 49,664 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-18 14:23 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-18 14:23 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-18 14:23 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-18 14:23 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-18 14:23 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-18 14:23 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-18 14:23 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-18 14:23 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-18 14:23 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-18 14:23 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-18 14:23 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-18 14:23 278,528 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-18 14:23 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-18 14:23 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-18 14:23 240,128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-18 14:23 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-05-18 14:23 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-05-18 14:23 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-18 14:23 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-18 14:23 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-18 14:23 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-18 14:23 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-18 14:23 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-05-18 14:23 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-18 14:23 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-05-18 14:23 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-18 14:23 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-18 14:23 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-18 14:23 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-18 14:23 1,710,936 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-18 14:23 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-18 14:23 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-18 14:23 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-18 14:23 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-18 14:23 <DIR> d-------- C:\Program Files\Movie Maker
2007-05-18 14:23 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-05-18 14:22 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-18 14:21 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-18 14:21 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-18 14:21 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-18 14:21 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-05-18 14:21 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-18 14:21 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-18 14:21 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-18 14:21 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-18 14:21 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-18 14:21 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-18 14:21 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-18 14:21 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-05-18 14:21 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-18 14:21 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-18 14:21 60,928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-18 14:21 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-05-18 14:21 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-18 14:21 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-18 14:21 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-05-18 14:21 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-18 14:21 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-18 14:21 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-05-18 14:21 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-18 14:21 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-18 14:21 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-18 14:21 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-18 14:21 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-18 14:21 408,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-18 14:21 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-18 14:21 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-18 14:21 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-18 14:21 351,744 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-18 14:21 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-18 14:21 345,088 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-18 14:21 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-18 14:21 296,448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-18 14:21 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-18 14:21 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-18 14:21 231,424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-18 14:21 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-05-18 14:21 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-18 14:21 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-05-18 14:21 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-18 14:21 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-18 14:21 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-18 14:21 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-18 14:21 187,904 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-18 14:21 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-18 14:21 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-18 14:21 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-18 14:21 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-18 14:21 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-18 14:21 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-18 14:21 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-18 14:21 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-18 14:21 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-18 14:21 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-18 14:21 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-18 14:21 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-18 14:21 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-18 14:21 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-18 14:21 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-18 14:21 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-18 14:21 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-18 14:21 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-18 14:21 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-18 14:21 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-18 14:21 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-18 14:21 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-18 14:21 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-05-18 14:21 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-18 14:21 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-18 14:21 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-18 14:21 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-18 14:21 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-18 14:21 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-18 14:21 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-18 14:21 <DIR> d-------- C:\WINDOWS\Registration
2007-05-18 14:21 <DIR> d-------- C:\Program Files\Windows NT
2007-05-18 14:21 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-05-18 14:21 <DIR> d-------- C:\Program Files\Messenger
2007-05-18 14:20 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-18 14:20 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-18 14:20 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-18 14:20 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-05-18 14:20 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-18 14:20 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-18 14:20 187,904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-18 14:20 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-18 14:20 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-19 22:32:01 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-05-19 22:32:01 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-05-18 13:51:18 -------- d-----w C:\DOCUME~1\user\DANEAP~1\.clamwin
2007-05-18 12:24:31 -------- d-----w C:\Program Files\Usługi online
2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 10:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll
2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 06:12]
{4B646AFB-9341-4330-8FD1-C32485AEE619}=C:\WINDOWS\system32\yeotogqf.dll []
{709AFF26-6BB0-4AD3-A3A3-1286592465D6}=C:\WINDOWS\system32\ljjgecc.dll []
{E00F4D1D-D0A3-AB2F-D90B-89ADA9BB779C}=C:\WINDOWS\system32\hqwdf.dll [2007-05-21 15:59]
{ECC582B6-F7EF-4A67-BD84-5F40DDC1576D}=C:\WINDOWS\system32\ddccb.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-04-30 19:17]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-24 10:04]
"nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-03-24 10:04]
"SoundMan"="SOUNDMAN.EXE" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-01 04:52]
"Cmaudio"="cmicnfg.cpl" []
"ipmon"="ipmon.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-10 16:09]
"Aoar"="C:\WINDOWS\system32\SSTEM~1\winword.exe" [2007-05-26 08:42]
"Tnzessj"="C:\WINDOWS\M?crosoft\l?gonui.exe" [2007-05-21 16:00]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e3a3ca9-0548-11dc-85cb-806d6172696f}]
AutoRun\command- D:\setup.exe
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 22:47:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-26 22:47:46
C:\ComboFix-quarantined-files.txt ... 2007-05-26 22:47
C:\ComboFix2.txt ... 2007-05-26 01:08
C:\ComboFix3.txt ... 2007-05-25 23:25
--- E O F ---SmitFraudFix
SmitFraudFix v2.188
Scan done at 22:50:27,93, 2007-05-26
Run from C:\Documents and Settings\user\Pulpit\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Karta Realtek RTL8029(AS) PCI Ethernet Adapter - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B0474C40-E651-4BCF-93AA-A2C2645637E5}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B0474C40-E651-4BCF-93AA-A2C2645637E5}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B0474C40-E651-4BCF-93AA-A2C2645637E5}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» EndFixVundo
Symantec Trojan.Vundo Removal Tool 1.5.0
C:\Documents and Settings\user\Moje dokumenty\?asks: (not scanned)
C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Messenger\marta.lipka@interia.pl\SharingMetadata\trudyann645@hotmail.com\DFSR\Staging\CS{59343444-E352-8C0E-5F59-3D036F30CCCD}1\10-{59343444-E352-8C0E-5F59-3D036F30CCCD}-v1-{6F3C243A-C5C5-41CE-AC64-6A3D140ED04A}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Messenger\marta.lipka@interia.pl\SharingMetadata\trudyann645@hotmail.com\DFSR\Staging\CS{59343444-E352-8C0E-5F59-3D036F30CCCD}\18\35-{4CA58428-2CE9-4041-9153-C1D3399F3D4C}-v18-{4CA58428-2CE9-4041-9153-C1D3399F3D4C}-v35-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
C:\WINDOWS\M?crosoft: (not scanned)
C:\WINDOWS\system32\s?stem: (not scanned)
Trojan.Vundo has not been found on your computer.VirtumundoBeGone
[05/26/2007, 21:54:13] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\user\Pulpit\VirtumundoBeGone.exe" )
[05/26/2007, 21:54:24] - Detected System Information:
[05/26/2007, 21:54:24] - Windows Version: 5.1.2600, Dodatek Service Pack 2
[05/26/2007, 21:54:24] - Current Username: user (Admin)
[05/26/2007, 21:54:24] - Windows is in SAFE mode with Networking.
[05/26/2007, 21:54:24] - Searching for Browser Helper Objects:
[05/26/2007, 21:54:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/26/2007, 21:54:24] - BHO 2: {4B646AFB-9341-4330-8FD1-C32485AEE619} ()
[05/26/2007, 21:54:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2007, 21:54:24] - Checking for HKLM\...\Winlogon\Notify\yeotogqf
[05/26/2007, 21:54:24] - Key not found: HKLM\...\Winlogon\Notify\yeotogqf, continuing.
[05/26/2007, 21:54:24] - BHO 3: {709AFF26-6BB0-4AD3-A3A3-1286592465D6} ()
[05/26/2007, 21:54:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2007, 21:54:24] - Checking for HKLM\...\Winlogon\Notify\ljjgecc
[05/26/2007, 21:54:24] - Key not found: HKLM\...\Winlogon\Notify\ljjgecc, continuing.
[05/26/2007, 21:54:24] - BHO 4: {E00F4D1D-D0A3-AB2F-D90B-89ADA9BB779C} ()
[05/26/2007, 21:54:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2007, 21:54:24] - Checking for HKLM\...\Winlogon\Notify\hqwdf
[05/26/2007, 21:54:24] - Key not found: HKLM\...\Winlogon\Notify\hqwdf, continuing.
[05/26/2007, 21:54:24] - BHO 5: {ECC582B6-F7EF-4A67-BD84-5F40DDC1576D} ()
[05/26/2007, 21:54:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2007, 21:54:24] - Checking for HKLM\...\Winlogon\Notify\ddccb
[05/26/2007, 21:54:24] - Key not found: HKLM\...\Winlogon\Notify\ddccb, continuing.
[05/26/2007, 21:54:24] - Finished Searching Browser Helper Objects
[05/26/2007, 21:54:24] - Finishing up...
[05/26/2007, 21:54:24] - Nothing found! Exiting...VundoFix V6.4.1 Checking Java version... Sun Java not detected Scan started at 22:57:57 2007-05-25 Listing files found while scanning.... C:\WINDOWS\system32\bccdd.bak1 C:\WINDOWS\system32\bccdd.bak2 C:\WINDOWS\system32\bccdd.ini C:\WINDOWS\system32\ddccb.dll C:\WINDOWS\system32\ebkhdduf.dll C:\WINDOWS\system32\ljjgecc.dll C:\WINDOWS\system32\ntogfmfw.dll C:\WINDOWS\system32\oqtss.ini C:\WINDOWS\system32\sstqo.dll C:\WINDOWS\system32\wfmfgotn.ini C:\WINDOWS\system32\ywjwceqe.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\bccdd.bak1 C:\WINDOWS\system32\bccdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\bccdd.bak2 C:\WINDOWS\system32\bccdd.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\bccdd.ini C:\WINDOWS\system32\bccdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ddccb.dll C:\WINDOWS\system32\ddccb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ljjgecc.dll C:\WINDOWS\system32\ljjgecc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ntogfmfw.dll C:\WINDOWS\system32\ntogfmfw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\oqtss.ini C:\WINDOWS\system32\oqtss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\sstqo.dll C:\WINDOWS\system32\sstqo.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wfmfgotn.ini C:\WINDOWS\system32\wfmfgotn.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ywjwceqe.dll C:\WINDOWS\system32\ywjwceqe.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.4.1 Checking Java version... Sun Java not detected Scan started at 21:46:28 2007-05-26 Listing files found while scanning.... No infected files were found.
NoLop
NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\user\Pulpit [2007-05-26] [23:02:01] ---Infection Files Found/Removed--- NO INFECTION FILES FOUND - Cleaning Aborted. ---Listing AppData sub directories---
Deljob
-------------------------------------------------------- No LOP jobs found -------------------------------------------------------- Files remaining after cleaning -------------------------------------------------------- App data folders Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 7023-05CD Katalog: C:\Documents and Settings\user\Dane aplikacji 2007-05-23 15:35 <DIR> . 2007-05-23 15:35 <DIR> .. 2007-05-18 15:51 <DIR> CLAMWI~1 .clamwin 2007-05-25 19:46 <DIR> Adobe 2007-05-23 07:01 <DIR> AdobeUM 2007-05-18 21:14 <DIR> Ahead 2007-05-18 21:53 <DIR> GADU-G~1 Gadu-Gadu 2007-05-20 23:56 <DIR> GANYME~1 GanymedeNet 2007-05-18 14:34 <DIR> IDENTI~1 Identities 2007-05-19 10:53 <DIR> Lavasoft 2007-05-18 14:48 <DIR> MACROM~1 Macromedia 2007-05-26 09:43 <DIR> MICROS~1 Microsoft 2007-05-26 21:32 <DIR> Skype 0 plik(˘w) 0 bajt˘w 13 katalog(˘w) 5˙493˙592˙064 bajt˘w wolnych Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 7023-05CD Katalog: C:\Documents and Settings\All Users --------------------------------------------------------
FindLop (tylko tyle)
[TRACE] Enumerating jobs and queues
Użytkownicy przeglądający ten temat: 1
0 użytkowników, 1 gości, 0 anonimowych
