HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 16:08:20, on 2007-05-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\user\Moje dokumenty\Naprawa\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_74.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179496232156
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_46.cab
O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/eng/makao_2_0_0_23.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_49.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/eng/wordssingle_2_0_0_46.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_31.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\user\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeSilent Runners
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ClamWin" = ""C:\Program Files\ClamWin\bin\ClamTray.exe" --logon" ["alch"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ClamWin\(Default) = "{65713842-C410-4f44-8383-BFE01A398C90}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ClamWin\(Default) = "{65713842-C410-4f44-8383-BFE01A398C90}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "user" & "All Users" startup folders:
------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Messenger Sharing Folders USN Journal Reader service, usnjsvc, ""C:\Program Files\MSN Messenger\usnsvc.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 29 seconds, including 3 seconds for message boxes)VundoFix
VundoFix V6.4.1
Checking Java version...
Sun Java not detected
Scan started at 15:36:44 2007-05-27
Listing files found while scanning....
No infected files were found.
Combofix
"user" - 2007-05-27 16:10:22 Dodatek Service Pack 2
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\user\Moje dokumenty\Naprawa\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-27 ))))))))))))))))))))))))))))))))))
2007-05-27 16:00 <DIR> d-------- C:\avenger
2007-05-26 21:44 530 --a------ C:\delete.bat
2007-05-26 21:20 2,060 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-26 18:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-26 18:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-26 18:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-25 23:24 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-05-25 22:57 <DIR> d-------- C:\VundoFix Backups
2007-05-25 14:01 <DIR> d-------- C:\Program Files\SkanerOnline
2007-05-25 09:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Adobe Systems
2007-05-23 11:52 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-23 07:01 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\AdobeUM
2007-05-22 21:05 <DIR> d-------- C:\Program Files\AP Tuner
2007-05-21 15:05 <DIR> d-------- C:\Program Files\Damian Pasternak
2007-05-21 01:53 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2007-05-21 01:53 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-05-21 01:48 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-20 23:12 <DIR> d-------- C:\Program Files\Ganymede
2007-05-20 21:39 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-05-19 15:12 <DIR> d-------- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
2007-05-19 14:52 647,168 --a------ C:\WINDOWS\2M-Nature-vol3.scr
2007-05-19 14:52 <DIR> d-------- C:\Program Files\2MScreenSaver
2007-05-19 10:53 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Lavasoft
2007-05-19 10:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-19 10:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-19 10:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Messenger Plus!
2007-05-19 08:16 <DIR> d-------- C:\Program Files\wma load debug
2007-05-19 08:16 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-05-19 08:16 <DIR> d-------- C:\Program Files\Adverts
2007-05-19 02:08 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-05-19 01:50 <DIR> d-------- C:\Program Files\eMule
2007-05-18 23:03 995,056 --a------ C:\WINDOWS\system\MSAJT200.DLL
2007-05-18 23:03 92,576 --a------ C:\WINDOWS\system\ODBCINST.DLL
2007-05-18 23:03 88,896 --a------ C:\WINDOWS\system\ODBCCURS.DLL
2007-05-18 23:03 64,080 --a------ C:\WINDOWS\system\ODBCTL16.DLL
2007-05-18 23:03 6,464 --a------ C:\WINDOWS\ODBCADM.EXE
2007-05-18 23:03 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2007-05-18 23:03 56,240 --a------ C:\WINDOWS\system\ODBC.DLL
2007-05-18 23:03 51,712 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2007-05-18 23:03 322,384 --a------ C:\WINDOWS\system\MFC250.DLL
2007-05-18 23:03 302,592 --a------ C:\WINDOWS\system\OLE2.DLL
2007-05-18 23:03 298,880 --a------ C:\WINDOWS\system\VBAR2.DLL
2007-05-18 23:03 27,632 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2007-05-18 23:03 27,026 --a------ C:\WINDOWS\system\OLE2.REG
2007-05-18 23:03 246,928 --a------ C:\WINDOWS\system\ODBCJT16.DLL
2007-05-18 23:03 177,216 --a------ C:\WINDOWS\system\TYPELIB.DLL
2007-05-18 23:03 164,832 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2007-05-18 23:03 157,696 --a------ C:\WINDOWS\system\STORAGE.DLL
2007-05-18 23:03 150,976 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2007-05-18 23:03 15,936 --a------ C:\WINDOWS\system\MSJETINT.DLL
2007-05-18 23:03 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
2007-05-18 23:03 125,856 --a------ C:\WINDOWS\system\MFCO250.DLL
2007-05-18 23:03 11,232 --a------ C:\WINDOWS\system\MSJETERR.DLL
2007-05-18 23:03 108,544 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2007-05-18 23:03 10,304 --a------ C:\WINDOWS\system\MSCPXLT.DLL
2007-05-18 23:03 1,984 --a------ C:\WINDOWS\system\VBAJET.DLL
2007-05-18 23:03 <DIR> d-------- C:\YDPDICT
2007-05-18 23:02 271,248 --a------ C:\WINDOWS\ISUN16.EXE
2007-05-18 23:02 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-05-18 23:02 <DIR> d-------- C:\DOCUME~1\user\WINDOWS
2007-05-18 21:53 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Gadu-Gadu
2007-05-18 21:14 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Ahead
2007-05-18 19:43 <DIR> d-------- C:\DOCUME~1\user\Contacts
2007-05-18 19:40 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-18 19:36 4 --a------ C:\WINDOWS\system32\proc861054894.bin
2007-05-18 19:36 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-05-18 19:36 <DIR> d-------- C:\DOCUME~1\user\Gadu-Gadu
2007-05-18 19:36 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\GanymedeNet
2007-05-18 19:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2007-05-18 19:17 <DIR> d-------- C:\Program Files\Skype
2007-05-18 19:17 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-18 19:17 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\Skype
2007-05-18 19:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype
2007-05-18 16:33 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-18 16:33 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-18 16:33 <DIR> d-------- C:\Program Files\Google
2007-05-18 16:32 <DIR> d-------- C:\Program Files\Prime95
2007-05-18 16:32 <DIR> d-------- C:\Program Files\Picasa2
2007-05-18 16:14 <DIR> d-------- C:\Program Files\ffdshow
2007-05-18 16:12 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-18 16:11 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-18 16:10 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-18 16:10 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-05-18 16:10 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys
2007-05-18 16:09 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-18 16:09 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-18 16:09 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-18 16:09 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-18 16:09 <DIR> d-a------ C:\Program Files
2007-05-18 16:09 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-18 16:09 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-18 16:09 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-05-18 16:08 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-18 16:08 9,168 --a------ C:\WINDOWS\system\VER.DLL
2007-05-18 16:08 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-18 16:08 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-18 16:08 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-18 16:08 75,776 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-18 16:08 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-05-18 16:08 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-18 16:08 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-05-18 16:08 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-05-18 16:08 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-18 16:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-18 16:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-18 16:08 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-18 16:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-18 16:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-18 16:08 5,632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-05-18 16:08 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-18 16:08 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-18 16:08 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-18 16:08 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-18 16:08 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-18 16:08 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-18 16:08 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-18 16:08 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-18 16:08 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-18 16:08 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-18 16:08 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-18 16:08 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-18 16:08 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-18 16:08 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne
2007-05-18 16:08 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji
2007-05-18 16:08 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji
2007-05-18 16:08 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start
2007-05-18 16:08 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start
2007-05-18 16:08 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty
2007-05-18 16:08 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony
2007-05-18 16:08 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony
2007-05-18 16:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-18 16:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione
2007-05-18 16:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit
2007-05-18 16:07 <DIR> d--hs---- C:\System Volume Information
2007-05-18 16:07 <DIR> d-------- C:\Documents and Settings
2007-05-18 16:02 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-18 16:02 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-18 16:02 <DIR> dr------- C:\WINDOWS\Web
2007-05-18 16:02 <DIR> d--h----- C:\WINDOWS\inf
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1045
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\system
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\security
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Resources
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\repair
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Provisioning
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\PeerNet
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\pchealth
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\mui
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\msapps
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\msagent
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Media
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\ime
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Help
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\ehome
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Debug
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\Config
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS\addins
2007-05-18 16:02 <DIR> d-------- C:\WINDOWS
2007-05-18 16:00 851,968 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-05-18 16:00 782,336 --a------ C:\WINDOWS\system32\nwiz.exe
2007-05-18 16:00 454,656 --a------ C:\WINDOWS\system32\nvshell.dll
2007-05-18 16:00 401,408 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-05-18 16:00 315,392 --a------ C:\WINDOWS\system32\keystone.exe
2007-05-18 16:00 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-05-18 16:00 1,335,296 --a------ C:\WINDOWS\system32\nview.dll
2007-05-18 16:00 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-05-18 16:00 <DIR> d-------- C:\WINDOWS\nview
2007-05-18 15:56 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-18 15:56 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-18 15:56 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-18 15:53 <DIR> d-------- C:\NVIDIA Display Driver
2007-05-18 15:51 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-18 15:51 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-18 15:50 <DIR> d---s---- C:\DOCUME~1\user\UserData
2007-05-18 15:50 <DIR> d-------- C:\Program Files\ClamWin
2007-05-18 15:50 <DIR> d-------- C:\DOCUME~1\user\DANEAP~1\.clamwin
2007-05-18 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\.clamwin
2007-05-18 15:44 2,916,352 --------- C:\WINDOWS\UNNMP.exe
2007-05-18 15:42 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-05-18 15:42 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2007-05-18 15:42 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-05-18 15:42 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-05-18 15:41 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-05-18 15:41 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-05-18 15:41 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-05-18 15:41 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-05-18 15:41 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-05-18 15:41 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-05-18 15:41 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-05-18 15:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-18 15:41 <DIR> d-------- C:\Program Files\Ahead
2007-05-18 15:41 <DIR> d-------- C:\install
2007-05-18 15:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Ahead
2007-05-18 15:32 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-18 15:31 <DIR> d-------- C:\Program Files\Realtek AC97
2007-05-18 15:30 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-05-18 15:28 <DIR> d-------- C:\Program Files\Microsoft Works
2007-05-18 15:27 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-18 15:24 <DIR> dr-h----- C:\MSOCache
2007-05-18 15:13 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-18 15:13 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-18 15:13 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-18 15:13 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-18 15:13 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-18 15:13 577,536 --a------ C:\WINDOWS\soundman.exe
2007-05-18 15:13 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-18 15:13 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-18 15:13 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-18 15:13 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-05-18 15:13 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-18 15:13 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-18 15:13 4,027,840 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-05-18 15:13 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-18 15:13 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-18 15:13 147,456 -ra------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-05-18 15:13 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-18 15:13 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-05-18 15:13 10,528,768 -ra------ C:\WINDOWS\system32\RTLCPL.EXE
2007-05-18 15:13 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-05-18 15:13 <DIR> d-------- C:\Program Files\AvRack
2007-05-18 15:12 315,392 -r------- C:\WINDOWS\alcupd.exe
2007-05-18 15:12 217,088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-05-18 15:00 9,216 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2007-05-18 15:00 102,912 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2007-05-18 15:00 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-18 15:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-18 15:00 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-18 14:59 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2007-05-18 14:59 <DIR> d-------- C:\Program Files\VIA
2007-05-18 14:59 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-05-18 14:52 <DIR> d--hs---- C:\RECYCLER
2007-05-18 14:47 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-18 14:34 2,621,440 --ah----- C:\DOCUME~1\user\NTUSER.DAT
2007-05-18 14:34 <DIR> dr-h----- C:\DOCUME~1\user\Dane aplikacji
2007-05-18 14:34 <DIR> dr------- C:\DOCUME~1\user\Ulubione
2007-05-18 14:34 <DIR> dr------- C:\DOCUME~1\user\Moje dokumenty
2007-05-18 14:34 <DIR> dr------- C:\DOCUME~1\user\Menu Start
2007-05-18 14:34 <DIR> d--h----- C:\DOCUME~1\user\Ustawienia lokalne
2007-05-18 14:34 <DIR> d--h----- C:\DOCUME~1\user\Szablony
2007-05-18 14:34 <DIR> d-------- C:\DOCUME~1\user\Pulpit
2007-05-18 14:33 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-18 14:32 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-18 14:32 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-18 14:32 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Ustawienia lokalne
2007-05-18 14:32 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Ustawienia lokalne
2007-05-18 14:32 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-18 14:32 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dane aplikacji
2007-05-18 14:32 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dane aplikacji
2007-05-18 14:30 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-05-18 14:30 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-05-18 14:27 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-18 14:27 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-18 14:27 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-18 14:26 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-18 14:26 0 -rahs---- C:\MSDOS.SYS
2007-05-18 14:26 0 -rahs---- C:\IO.SYS
2007-05-18 14:26 0 --a------ C:\CONFIG.SYS
2007-05-18 14:26 0 --a------ C:\AUTOEXEC.BAT
2007-05-18 14:25 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-18 14:24 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-18 14:24 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-05-18 14:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-18 14:24 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-18 14:24 <DIR> d-------- C:\Program Files\Usugi online
2007-05-18 14:23 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-18 14:23 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-18 14:23 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-05-18 14:23 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-18 14:23 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-18 14:23 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-05-18 14:23 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-18 14:23 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-18 14:23 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-18 14:23 67,584 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-18 14:23 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-18 14:23 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-18 14:23 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-18 14:23 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-18 14:23 49,664 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-18 14:23 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-18 14:23 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-18 14:23 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-18 14:23 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-18 14:23 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-18 14:23 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-18 14:23 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-18 14:23 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-18 14:23 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-18 14:23 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-18 14:23 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-18 14:23 278,528 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-18 14:23 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-18 14:23 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-18 14:23 240,128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-18 14:23 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-05-18 14:23 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-05-18 14:23 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-18 14:23 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-18 14:23 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-18 14:23 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-18 14:23 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-18 14:23 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-05-18 14:23 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-18 14:23 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-05-18 14:23 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-18 14:23 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-18 14:23 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-18 14:23 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-18 14:23 1,710,936 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-18 14:23 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-18 14:23 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-18 14:23 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-18 14:23 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-18 14:23 <DIR> d-------- C:\Program Files\Movie Maker
2007-05-18 14:23 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-05-18 14:22 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-18 14:21 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-18 14:21 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-18 14:21 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-18 14:21 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-05-18 14:21 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-18 14:21 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-18 14:21 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-18 14:21 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-18 14:21 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-18 14:21 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-18 14:21 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-18 14:21 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-05-18 14:21 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-18 14:21 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-18 14:21 60,928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-18 14:21 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-05-18 14:21 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-18 14:21 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-18 14:21 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-05-18 14:21 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-18 14:21 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-18 14:21 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-05-18 14:21 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-18 14:21 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-18 14:21 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-18 14:21 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-18 14:21 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-18 14:21 408,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-18 14:21 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-18 14:21 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-18 14:21 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-18 14:21 351,744 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-18 14:21 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-18 14:21 345,088 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-18 14:21 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-18 14:21 296,448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-18 14:21 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-18 14:21 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-18 14:21 231,424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-18 14:21 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-05-18 14:21 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-18 14:21 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-05-18 14:21 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-18 14:21 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-18 14:21 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-18 14:21 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-18 14:21 187,904 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-18 14:21 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-18 14:21 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-18 14:21 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-18 14:21 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-18 14:21 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-18 14:21 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-18 14:21 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-18 14:21 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-18 14:21 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-18 14:21 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-18 14:21 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-18 14:21 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-18 14:21 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-18 14:21 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-18 14:21 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-18 14:21 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-18 14:21 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-18 14:21 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-18 14:21 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-18 14:21 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-18 14:21 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-18 14:21 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-18 14:21 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-05-18 14:21 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-18 14:21 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-18 14:21 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-18 14:21 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-18 14:21 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-18 14:21 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-18 14:21 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-18 14:21 <DIR> d-------- C:\WINDOWS\Registration
2007-05-18 14:21 <DIR> d-------- C:\Program Files\Windows NT
2007-05-18 14:21 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-05-18 14:21 <DIR> d-------- C:\Program Files\Messenger
2007-05-18 14:20 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-18 14:20 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-18 14:20 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-18 14:20 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-05-18 14:20 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-18 14:20 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-18 14:20 187,904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-18 14:20 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-18 14:20 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-19 22:32:01 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-05-19 22:32:01 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-05-18 13:51:18 -------- d-----w C:\DOCUME~1\user\DANEAP~1\.clamwin
2007-05-18 12:24:31 -------- d-----w C:\Program Files\Usługi online
2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 10:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll
2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 06:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-04-30 19:17]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-24 10:04]
"nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-03-24 10:04]
"SoundMan"="SOUNDMAN.EXE" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-01 04:52]
"Cmaudio"="cmicnfg.cpl" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-10 16:09]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e3a3ca9-0548-11dc-85cb-806d6172696f}]
AutoRun\command- D:\setup.exe
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-27 16:11:26
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-27 16:11:44
C:\ComboFix-quarantined-files.txt ... 2007-05-27 16:11
--- E O F ---2007-01-12 22:00 18031 --a------ C:\Qoobox\Quarantine\C\Program Files\Outerinfo\Terms.rtf.vir
2007-05-01 17:35 146432 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir
2007-05-23 13:21 200 --a------ C:\Qoobox\Quarantine\e\Autorun.inf.vir
2007-05-25 10:13 13824 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\max1d1641.exe.vir
2007-05-25 10:13 19456 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winrnt32.dll.vir
2007-05-25 10:13 40960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\retadpu2000352.exe.vir
2007-05-25 23:22 40183 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir
2007-05-25 23:25 2 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wintsu.exe.vir
Zmienna PATH folderu
Numer seryjny woluminu: 7023-05CD
C:\QOOBOX
\---Quarantine
+---C
| +---Program Files
| | +---Common Files
| | | Yazzle1162OinAdmin.exe.vir
| | | Yazzle1162OinUninstaller.exe.vir
| | |
| | \---Outerinfo
| | Terms.rtf.vir
| |
| \---WINDOWS
| | retadpu2000352.exe.vir
| |
| \---system32
| max1d1641.exe.vir
| winrnt32.dll.vir
| wintsu.exe.vir
|
+---e
| Autorun.inf.vir
|
\---Registry_backups
VirtumundoBeGone
[05/28/2007, 0:21:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\user\Moje dokumenty\Naprawa\VirtumundoBeGone.exe" )
[05/28/2007, 0:21:19] - Detected System Information:
[05/28/2007, 0:21:19] - Windows Version: 5.1.2600, Dodatek Service Pack 2
[05/28/2007, 0:21:19] - Current Username: user (Admin)
[05/28/2007, 0:21:19] - Windows is in NORMAL mode.
[05/28/2007, 0:21:19] - Searching for Browser Helper Objects:
[05/28/2007, 0:21:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/28/2007, 0:21:19] - Finished Searching Browser Helper Objects
[05/28/2007, 0:21:19] - Finishing up...
[05/28/2007, 0:21:19] - Nothing found! Exiting...
Temat jest zamknięty
