Niedziała menedzer zadan, komp muli

Khaleb · 24 Marzec 2008 11:07

Witam, niedziala mi menedzer zadan i cos mi zzera pamiec albo procesor bo komp muli a bez menedzera niemoge sprawdzic co to jest:/

Oto logi

Logfile of HijackThis v1.99.1 Scan saved at 11:58:33, on 2008-03-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\outlook\outlook.exe C:\Program Files\Creative\Shared Files\CTSched.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE E:\D\Programy\internet\trojany itd\HijackThis.exe O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [nvchost] C:\WINDOWS\winlogon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM…\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKCU…\Run: [CreativeTaskScheduler] “C:\Program Files\Creative\Shared Files\CTSched.exe” /logon O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CreativeTaskScheduler" = ""C:\Program Files\Creative\Shared Files\CTSched.exe" /logon" ["Creative Technology Ltd"]

"AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"EM_EXEC" = "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [null data]

"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" ["HP"]

"DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"nvchost" = "C:\WINDOWS\winlogon.exe" [file not found]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"CTSysVol" = "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]

"P17Helper" = "Rundll32 P17.dll,P17Helper" [MS]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"outlook" = "C:\Program Files\outlook\outlook.exe /auto" ["InstallShield Software Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll" ["Alcohol Soft Development Team"]

"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"

  -> {HKLM...CLSID} = "SmartFTP Shell Extension DLL"

                   \InProcServer32\(Default) = "C:\Program Files\SmartFTP Client 2.0\smarthook.dll" ["SmartFTP"]

"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"

  -> {HKLM...CLSID} = "UIContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]


HKLM\System\CurrentControlSet\Control\Session Manager\

INFECTION WARNING! "BootExecute" = "autocheck autochk * lsdelete" [file not found], [MS], [file not found], [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"

  -> {HKLM...CLSID} = "MShellExtMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"

  -> {HKLM...CLSID} = "MShellExtMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]

UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"

  -> {HKLM...CLSID} = "UIContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"

  -> {HKLM...CLSID} = "MShellExtMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]

UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"

  -> {HKLM...CLSID} = "UIContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies [Description] {enabled Group Policy setting}:

------------------------------------------------------------


HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

HIJACK WARNING! "HomePage"=dword:00000001 

[disables the Home page field in Internet Options|General (tab)]

{User Configuration|Administrative Templates|Windows Components|

Internet Explorer|Disable changing home page settings}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Tomek\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp"



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)

  -> {HKLM...CLSID} = "Megaupload Toolbar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll" ["Sun Microsystems, Inc."]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"



Miscellaneous IE Hijack Points

------------------------------


HKLM\Software\Microsoft\Internet Explorer\AboutURLs\


Missing lines (compared with English-language version):

HIJACK WARNING! "Tabs" = "C:\Documents and Settings\Tomek\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html" [null data]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]

StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]

Sunbelt Personal Firewall 4, SPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Keyboard Driver Filters:

------------------------


HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\

"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech, Inc."]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 62 seconds, including 2 seconds for message boxes)

CF log

ComboFix 08-03-26.3 - Tomek 2008-03-27 20:42:00.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.498 [GMT 1:00] Running from: D:\Image\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ADS - svchost.exe: deleted 68 bytes in 1 streams. ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams. ADS - explorer.exe: deleted 132 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\Documents and Settings\Tomek\Dane aplikacji\Adssite Advanced Toolbar C:\Documents and Settings\Tomek\Dane aplikacji\Adssite Advanced Toolbar\advertbuttons.xml C:\Documents and Settings\Tomek\Dane aplikacji\Adssite Advanced Toolbar\selected.xml C:\onoes.exe C:\Program Files\outlook C:\Program Files\outlook\outlook.exe C:\Program Files\outlook\p.zip C:\Program Files\outlook\v.tmp C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\cmd.com C:\WINDOWS\system32\netstat.com C:\WINDOWS\system32\ping.com C:\WINDOWS\system32\regedit.com C:\WINDOWS\system32\taskkill.com C:\WINDOWS\system32\tasklist.com C:\WINDOWS\system32\tracert.com D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))) . 2008-03-25 20:55 . 2008-03-25 20:55 2008-03-17 19:22 . 2008-03-17 19:22 2008-03-13 14:42 . 2008-03-13 14:42 2008-03-13 14:42 . 2008-03-13 14:42 2008-03-06 19:13 . 2008-03-06 19:31 14,334,045 --a------ C:\rocky.flv 2008-03-06 17:59 . 2008-03-14 08:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-06 17:59 . 2008-03-06 17:59 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-06 13:45 . 2008-03-06 13:45 2008-03-06 13:44 . 2008-03-06 13:44 2008-03-06 13:40 . 2008-03-06 13:41 3,974,544 --a------ C:\wpkontakt312.exe 2008-03-05 17:15 . 2008-03-04 13:26 312,270 --a------ C:\421 opila 19.jpg 2008-03-05 16:59 . 2008-03-05 16:59 2008-03-05 12:36 . 2008-03-05 13:04 23,947,870 --a------ C:\zbiorka.flv 2008-03-05 11:43 . 2008-03-05 12:03 18,622,481 --a------ C:\mucha.flv 2008-03-05 11:33 . 2008-03-05 11:34 5,702,502 --a------ C:\crazy skills.3GP 2008-03-05 11:23 . 2008-03-05 11:31 10,931,597 --a------ C:\golebie.flv 2008-03-05 11:08 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe 2008-03-05 11:08 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll 2008-03-05 11:08 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2008-03-05 11:08 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe 2008-03-05 11:08 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-03-05 11:08 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2008-03-05 11:08 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe 2008-03-05 11:08 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2008-03-05 11:07 . 2008-03-05 11:07 2008-03-05 11:00 . 2007-08-10 23:50 28,088,869 --a------ C:\Super Convertor.exe 2008-03-05 10:59 . 2008-03-05 11:14 19,384,613 --a------ C:\blondynka3.flv 2008-03-05 00:07 . 2008-03-05 00:07 43,520 --ahs---- C:\Thumbs.db 2008-03-05 00:07 . 2008-03-05 00:07 8,192 --ahs---- C:\WINDOWS\Thumbs.db 2008-03-04 23:29 . 2008-03-04 23:29 14,904 --a------ C:\wamech_m.jpg 2008-03-04 22:20 . 2008-03-04 22:39 17,296,301 --a------ C:\praca w radiu2.flv 2008-03-04 22:19 . 2008-03-04 22:42 28,088,952 --a------ C:\Super_Convertor_up_by_chesio.rar 2008-03-04 21:54 . 2008-03-04 22:06 18,409,557 --a------ C:\mumio full.flv 2008-03-04 21:48 . 2008-03-04 21:56 8,092,391 --a------ C:\blondynka paranienormalni.flv 2008-03-04 21:03 . 2006-02-14 21:06 88,928 --a------ C:\gg test.exe 2008-03-04 21:03 . 2005-08-17 15:21 28,672 --a------ C:\gg.dll 2008-03-04 21:02 . 2008-03-04 21:02 2008-03-04 21:02 . 2008-03-04 21:02 95,393 --a------ C:\ggtest.rar 2008-03-04 21:02 . 2005-01-08 19:02 25,808 --a------ C:\bk.exe 2008-03-04 21:02 . 2008-03-04 21:02 0 --a------ C:\Podaj plik lub zakodowaną wiadomość 2008-03-04 21:00 . 2005-04-12 17:36 40,308 --a------ C:\arch.exe 2008-03-04 20:54 . 2008-03-04 20:54 37,810 --a------ C:\arch.rar 2008-03-04 20:54 . 2008-03-04 20:54 17,289 --a------ C:\bannerkiller.rar 2008-03-04 08:22 . 2008-03-04 08:22 10,240 --a------ C:\Stalprodukt.ppt 2008-03-02 19:19 . 2008-03-02 19:19 2008-03-02 19:18 . 2008-03-02 19:18 2008-03-02 19:18 . 2008-03-02 19:22 2008-03-02 19:17 . 2008-03-02 19:17 2008-03-02 19:16 . 2008-03-03 08:23 2008-03-02 19:16 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-03-02 19:15 . 2008-03-02 19:15 2008-03-02 15:52 . 2008-03-02 15:52 19 --a------ C:\WINDOWS\SoundConverter.INI 2008-03-02 06:56 . 2008-03-02 06:56 2008-02-29 21:44 . 2008-02-29 21:44 15,817 --a------ C:\D _Image_waldblu9902.part07.rar.htm 2008-02-28 19:14 . 2008-02-28 19:15 50,748 --a------ C:\sotc.png . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-27 05:23 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\MegauploadToolbar 2008-03-24 10:11 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-13 13:54 --------- d-----w C:\Program Files\Opera 2008-03-13 08:06 --------- d-----w C:\Program Files\Gadu-Gadu 2008-03-02 15:20 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-03-02 05:50 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-20 13:44 --------- d-----w C:\Program Files\MegauploadToolbar 2008-02-16 12:42 --------- d-----w C:\Program Files\DVD Decrypter 2008-02-15 19:14 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-02 15:20 --------- d-----w C:\Program Files\FlashFXP 2008-02-01 11:19 437 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-01-30 20:49 --------- d-----w C:\Program Files\SubEdit-Player 2008-01-30 19:01 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\IrfanView 2008-01-30 16:52 --------- d-----w C:\Program Files\SmartFTP Client 2.0 2008-01-27 17:25 --------- d-----w C:\Program Files\Easy RealMedia Tools 2008-01-27 17:25 --------- d-----w C:\Program Files\AviSynth 2.5 2008-01-25 12:37 13,684,322 ----a-w C:\kurso.exe 2008-01-23 20:15 8,557,169 ----a-w C:\ermp_full.zip 2008-01-23 20:11 4,502,920 ----a-w C:\avi_mpg_splitter.exe 2004-12-07 07:13 976,020 -c–a-w C:\Program Files\BDAXP.cab 2004-12-07 07:13 703,080 -c–a-w C:\Program Files\BDA.cab 2004-12-07 07:13 69,832 ----a-w C:\Program Files\DSETUP.dll 2004-12-07 07:13 479,432 -c–a-w C:\Program Files\dxsetup.exe 2004-12-07 07:13 3,578,547 -c–a-w C:\Program Files\ManagedDX.CAB 2004-12-07 07:13 2,249,416 -c–a-w C:\Program Files\dsetup32.dll 2004-12-07 07:13 15,493,481 -c–a-w C:\Program Files\DirectX.cab 2004-12-07 07:13 13,265,040 -c–a-r C:\Program Files\dxnt.cab 2004-12-07 07:13 1,156,363 -c–a-w C:\Program Files\BDANT.cab 2004-12-07 06:47 20,717 -c–a-w C:\Program Files\DirectX SDK EULA.txt 2004-08-03 22:44 93,184 -c–a-w C:\Program Files\IEXPLORE.EXE 2006-05-03 09:06 163,328 --sh–r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh–r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot_2007-09-29_123819,84 ))))))))))))))))))))))))))))))))))))))))) . + 2006-10-06 06:17:34 53,248 -c----w C:\WINDOWS\Ctregrun.exe + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2000-06-06 23:01:00 4,848 -c–a-w C:\WINDOWS\Helper.exe + 2001-10-11 11:40:44 434,688 -c–a-w C:\WINDOWS\InetReg.exe + 2005-06-15 03:07:24 11,264 -c–a-w C:\WINDOWS\INRES.DLL + 2002-12-03 09:16:00 49,152 -c–a-w C:\WINDOWS\MIDIDEF.EXE - 2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe + 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2005-05-03 11:35:56 20,480 -c–a-w C:\WINDOWS\P17DEF.EXE + 1999-01-11 15:26:00 59,392 -c–a-r C:\WINDOWS\PCI128\DRIVERS\Wdmdrv\a3d.dll + 2000-02-02 08:06:42 36,864 -c–a-r C:\WINDOWS\PCI128\DRIVERS\Wdmdrv\sbIoctl.exe + 2004-08-03 22:43:54 159,232 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll + 2004-08-03 22:44:06 52,736 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll + 2004-08-03 22:44:06 201,728 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll + 2004-08-03 22:44:34 356,352 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll + 2004-08-03 22:44:06 246,272 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll + 2004-08-03 22:44:16 27,136 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll + 2004-08-03 22:44:16 23,552 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll + 2004-10-11 10:20:30 161,792 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll + 2004-10-11 10:20:30 25,088 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll + 2004-10-11 10:20:30 169,472 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll + 2004-10-11 10:20:30 360,176 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll + 2004-10-11 10:20:30 311,296 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll + 2004-10-11 10:20:32 28,160 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll + 2004-10-11 10:20:32 33,792 -c–a-w C:\WINDOWS\RegisteredPackages{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll + 2004-10-11 10:20:30 47,104 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe + 2004-10-11 10:20:30 15,872 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll + 2004-10-11 10:20:30 38,912 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe + 2004-10-11 10:20:38 38,912 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll + 2004-10-11 10:20:38 61,952 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll + 2004-10-11 10:20:38 114,176 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll + 2004-10-11 10:20:38 331,776 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll + 2004-10-11 10:20:38 66,560 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll + 2004-10-11 10:20:38 327,680 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll + 2004-10-11 10:20:38 10,752 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll + 2004-10-11 10:20:38 18,944 -c–a-w C:\WINDOWS\RegisteredPackages{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys + 2004-08-03 22:44:16 408,064 -c–a-w C:\WINDOWS\RegisteredPackages{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll + 2004-08-03 22:44:16 759,296 -c–a-w C:\WINDOWS\RegisteredPackages{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll + 2004-08-03 22:44:16 484,864 -c–a-w C:\WINDOWS\RegisteredPackages{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll + 2004-08-03 22:44:16 809,984 -c–a-w C:\WINDOWS\RegisteredPackages{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll + 2004-10-11 10:20:30 379,120 -c–a-w C:\WINDOWS\RegisteredPackages{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll + 2004-10-11 10:20:34 773,368 -c–a-w C:\WINDOWS\RegisteredPackages{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll + 2004-10-11 10:20:34 531,192 -c–a-w C:\WINDOWS\RegisteredPackages{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll + 2004-10-11 10:20:36 1,181,944 -c–a-w C:\WINDOWS\RegisteredPackages{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll + 2004-10-11 10:20:36 868,600 -c–a-w C:\WINDOWS\RegisteredPackages{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll + 2004-08-03 22:44:02 6,656 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll + 2004-08-03 22:44:22 103,936 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe + 2004-08-03 22:44:10 237,568 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll + 2004-08-03 22:44:16 670,720 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll + 2004-08-03 22:44:16 230,400 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll + 2004-08-03 22:44:16 151,552 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll + 2004-08-03 22:44:16 1,050,624 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll + 2004-08-03 22:44:16 1,119,744 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll + 2004-08-03 22:44:16 896,512 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll + 2004-08-03 22:44:36 2,105,344 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll + 2004-08-03 22:44:16 1,001,472 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll + 2004-10-11 10:20:30 6,656 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll + 2004-10-11 10:20:30 96,768 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe + 2004-10-11 10:20:30 221,184 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll + 2004-10-11 10:20:30 712,704 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll + 2004-10-11 10:20:30 224,256 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll + 2004-10-11 10:20:32 344,064 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll + 2004-10-11 10:20:32 290,816 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll + 2004-10-11 10:20:32 150,016 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll + 2004-10-11 10:20:32 1,026,048 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll + 2004-10-11 10:20:34 1,116,160 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll + 2004-10-11 10:20:36 936,960 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll + 2004-10-11 10:20:36 1,509,376 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL + 2004-10-11 10:20:36 2,362,104 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll + 2004-10-11 10:20:38 999,424 -c–a-w C:\WINDOWS\RegisteredPackages{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll + 2004-08-03 22:43:54 286,208 -c–a-w C:\WINDOWS\RegisteredPackages{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll + 2004-08-03 22:44:36 299,520 -c–a-w C:\WINDOWS\RegisteredPackages{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll + 2004-08-03 22:43:56 87,040 -c–a-w C:\WINDOWS\RegisteredPackages{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll + 2004-08-03 22:44:34 695,296 -c–a-w C:\WINDOWS\RegisteredPackages{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll + 2004-08-03 22:44:32 259,072 -c–a-w C:\WINDOWS\RegisteredPackages{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll + 2004-10-11 10:20:30 230,912 -c–a-w C:\WINDOWS\RegisteredPackages{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll + 2004-10-11 10:20:30 253,688 -c–a-w C:\WINDOWS\RegisteredPackages{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll + 2004-10-11 10:20:30 95,232 -c–a-w C:\WINDOWS\RegisteredPackages{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll + 2004-10-11 10:20:30 533,504 -c–a-w C:\WINDOWS\RegisteredPackages{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll + 2004-10-11 10:20:30 141,312 -c–a-w C:\WINDOWS\RegisteredPackages{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll + 1999-01-11 15:26:00 59,392 -c–a-r C:\WINDOWS\system\a3d.dll + 2001-10-26 16:45:18 73,616 -c–a-w C:\WINDOWS\system\MCIAVI.DRV + 2001-10-26 16:45:18 25,296 -c–a-w C:\WINDOWS\system\MCISEQ.DRV + 2001-10-26 16:45:18 28,160 -c–a-w C:\WINDOWS\system\MCIWAVE.DRV + 2001-08-17 22:36:30 3,360 -c–a-w C:\WINDOWS\system\SYSTEM.DRV + 2001-10-26 17:51:12 4,096 -c–a-w C:\WINDOWS\system\TIMER.DRV + 2001-08-17 22:36:54 13,600 -c–a-w C:\WINDOWS\system\WFWNET.DRV + 2004-08-03 22:44:32 146,432 -c–a-w C:\WINDOWS\system\WINSPOOL.DRV - 2001-01-03 04:12:26 78,948 ----a-r C:\WINDOWS\system32\a3d.dll + 2002-04-11 01:41:06 65,536 ----a-r C:\WINDOWS\system32\A3d.dll + 2007-05-17 16:30:48 318,976 ----a-w C:\WINDOWS\system32\avisynth.dll - 2004-08-03 22:43:54 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll + 2004-10-11 10:20:30 230,912 -c–a-w C:\WINDOWS\system32\blackbox.dll - 2004-08-03 22:43:54 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll + 2004-10-11 10:20:30 161,792 -c–a-w C:\WINDOWS\system32\cewmdm.dll + 2007-12-15 17:44:45 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll + 2001-08-17 22:36:36 10,544 -c–a-w C:\WINDOWS\system32\comm.drv + 2005-06-27 10:37:22 133,632 -c–a-r C:\WINDOWS\system32\CtDvInst.dll + 2000-07-30 23:00:00 130,048 -c–a-w C:\WINDOWS\system32\ctpcir32.dll + 1999-12-12 17:01:00 44,032 ----a-w C:\WINDOWS\system32\CTSVCCDA.EXE + 1999-11-17 17:00:00 25,088 -c----w C:\WINDOWS\system32\CTSVCCTL.EXE + 2005-02-05 18:45:26 2,222,800 -c–a-w C:\WINDOWS\system32\d3dx9_24.dll + 2005-03-18 16:19:58 2,337,488 -c–a-w C:\WINDOWS\system32\d3dx9_25.dll + 2005-05-26 14:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll + 2005-07-22 18:59:04 2,319,568 -c–a-w C:\WINDOWS\system32\d3dx9_27.dll + 2005-12-05 17:09:18 2,323,664 -c–a-w C:\WINDOWS\system32\d3dx9_28.dll + 2006-02-03 07:43:16 2,332,368 -c–a-w C:\WINDOWS\system32\d3dx9_29.dll + 2006-03-31 11:40:58 2,388,176 -c–a-w C:\WINDOWS\system32\d3dx9_30.dll + 2004-02-23 13:41:30 719,872 -c–a-w C:\WINDOWS\system32\devil.dll - 2001-01-03 04:12:26 78,948 -c–a-w C:\WINDOWS\system32\dllcache\a3d.dll + 2002-04-11 01:41:06 65,536 -c–a-w C:\WINDOWS\system32\dllcache\a3d.dll - 2004-08-03 22:43:54 286,208 -c–a-w C:\WINDOWS\system32\dllcache\blackbox.dll + 2004-10-11 10:20:30 230,912 -c–a-w C:\WINDOWS\system32\dllcache\blackbox.dll - 2004-08-03 22:43:54 159,232 -c–a-w C:\WINDOWS\system32\dllcache\cewmdm.dll + 2004-10-11 10:20:30 161,792 -c–a-w C:\WINDOWS\system32\dllcache\cewmdm.dll - 2004-08-03 22:44:36 299,520 -c–a-w C:\WINDOWS\system32\dllcache\drmclien.dll + 2004-10-11 10:20:30 253,688 -c–a-w C:\WINDOWS\system32\dllcache\drmclien.dll - 2004-08-03 21:08:00 60,288 -c–a-w C:\WINDOWS\system32\dllcache\drmk.sys + 2004-08-03 22:08:00 60,288 -c–a-w C:\WINDOWS\system32\dllcache\drmk.sys - 2004-08-03 22:43:56 87,040 -c–a-w C:\WINDOWS\system32\dllcache\drmstor.dll + 2004-10-11 10:20:30 95,232 -c–a-w C:\WINDOWS\system32\dllcache\drmstor.dll - 2004-08-03 22:44:34 695,296 -c–a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll + 2004-10-11 10:20:30 533,504 -c–a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll + 2001-08-17 18:19:34 40,704 -c–a-w C:\WINDOWS\system32\dllcache\es1371mp.sys - 2004-08-03 21:15:22 140,928 -c–a-w C:\WINDOWS\system32\dllcache\ks.sys + 2004-08-03 22:15:22 140,928 -c–a-w C:\WINDOWS\system32\dllcache\ks.sys - 2004-08-03 22:44:02 4,096 -c–a-w C:\WINDOWS\system32\dllcache\ksuser.dll + 2004-08-03 23:44:02 4,096 -c–a-w C:\WINDOWS\system32\dllcache\ksuser.dll - 2004-08-03 22:44:02 6,656 -c–a-w C:\WINDOWS\system32\dllcache\laprxy.dll + 2004-10-11 10:20:30 6,656 -c–a-w C:\WINDOWS\system32\dllcache\laprxy.dll - 2004-08-03 22:44:22 103,936 -c–a-w C:\WINDOWS\system32\dllcache\logagent.exe + 2004-10-11 10:20:30 96,768 -c–a-w C:\WINDOWS\system32\dllcache\logagent.exe + 2001-10-26 16:45:18 73,616 -c–a-w C:\WINDOWS\system32\dllcache\mciavi.drv + 2001-10-26 16:45:18 25,296 -c–a-w C:\WINDOWS\system32\dllcache\mciseq.drv + 2001-10-26 16:45:18 28,160 -c–a-w C:\WINDOWS\system32\dllcache\mciwave.drv - 2004-08-03 22:44:32 259,072 -c–a-w C:\WINDOWS\system32\dllcache\msnetobj.dll + 2004-10-11 10:20:30 141,312 -c–a-w C:\WINDOWS\system32\dllcache\msnetobj.dll - 2004-08-03 22:44:06 52,736 -c–a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll + 2004-10-11 10:20:30 25,088 -c–a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll - 2004-08-03 22:44:06 201,728 -c–a-w C:\WINDOWS\system32\dllcache\mspmsp.dll + 2004-10-11 10:20:30 169,472 -c–a-w C:\WINDOWS\system32\dllcache\mspmsp.dll - 2004-08-03 22:44:34 356,352 -c–a-w C:\WINDOWS\system32\dllcache\msscp.dll + 2004-10-11 10:20:30 360,176 -c–a-w C:\WINDOWS\system32\dllcache\msscp.dll - 2004-08-03 22:44:06 246,272 -c–a-w C:\WINDOWS\system32\dllcache\mswmdm.dll + 2004-10-11 10:20:30 311,296 -c–a-w C:\WINDOWS\system32\dllcache\mswmdm.dll - 2004-08-03 21:15:50 145,792 -c–a-w C:\WINDOWS\system32\dllcache\portcls.sys + 2004-08-03 22:15:50 145,792 -c–a-w C:\WINDOWS\system32\dllcache\portcls.sys - 2004-08-03 22:44:10 237,568 -c–a-w C:\WINDOWS\system32\dllcache\qasf.dll + 2004-10-11 10:20:30 221,184 -c–a-w C:\WINDOWS\system32\dllcache\qasf.dll - 2004-08-03 21:08:04 48,640 -c–a-w C:\WINDOWS\system32\dllcache\stream.sys + 2004-08-03 22:08:04 48,640 -c–a-w C:\WINDOWS\system32\dllcache\stream.sys + 2001-08-17 22:36:30 3,360 -c–a-w C:\WINDOWS\system32\dllcache\system.drv + 2001-10-26 17:51:12 4,096 -c–a-w C:\WINDOWS\system32\dllcache\timer.drv + 2001-08-17 22:36:54 13,600 -c–a-w C:\WINDOWS\system32\dllcache\wfwnet.drv + 2004-08-03 22:44:32 146,432 -c–a-w C:\WINDOWS\system32\dllcache\winspool.drv - 2004-08-03 22:44:16 408,064 -c–a-w C:\WINDOWS\system32\dllcache\wmadmod.dll + 2004-10-11 10:20:30 379,120 -c–a-w C:\WINDOWS\system32\dllcache\wmadmod.dll - 2004-08-03 22:44:16 670,720 -c–a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll + 2004-10-11 10:20:30 712,704 -c–a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll - 2004-08-03 22:44:16 230,400 -c–a-w C:\WINDOWS\system32\dllcache\wmasf.dll + 2004-10-11 10:20:30 224,256 -c–a-w C:\WINDOWS\system32\dllcache\wmasf.dll - 2004-08-03 22:44:16 27,136 -c–a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll + 2004-10-11 10:20:32 28,160 -c–a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll - 2004-08-03 22:44:16 23,552 -c–a-w C:\WINDOWS\system32\dllcache\wmdmps.dll + 2004-10-11 10:20:32 33,792 -c–a-w C:\WINDOWS\system32\dllcache\wmdmps.dll - 2004-08-03 22:44:16 151,552 -c–a-w C:\WINDOWS\system32\dllcache\wmidx.dll + 2004-10-11 10:20:32 150,016 -c–a-w C:\WINDOWS\system32\dllcache\wmidx.dll - 2004-08-03 22:44:16 1,050,624 -c–a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll + 2004-10-11 10:20:32 1,026,048 -c–a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll - 2004-08-03 22:44:16 759,296 -c–a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll + 2004-10-11 10:20:34 773,368 -c–a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll - 2004-08-03 22:44:16 1,119,744 -c–a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll + 2004-10-11 10:20:34 1,116,160 -c–a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll - 2004-08-03 22:44:16 484,864 -c–a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll + 2004-10-11 10:20:34 531,192 -c–a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll - 2004-08-03 22:44:16 896,512 -c–a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll + 2004-10-11 10:20:36 936,960 -c–a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll - 2004-08-03 22:44:36 2,105,344 -c–a-w C:\WINDOWS\system32\dllcache\wmvcore.dll + 2004-10-11 10:20:36 2,362,104 -c–a-w C:\WINDOWS\system32\dllcache\wmvcore.dll - 2004-08-03 22:44:16 809,984 -c–a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll + 2004-10-11 10:20:36 868,600 -c–a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll - 2004-08-03 22:44:16 1,001,472 -c–a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll + 2004-10-11 10:20:38 999,424 -c–a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll + 2005-01-10 10:15:30 106,496 ----a-r C:\WINDOWS\system32\drivers\ctoss2k.sys + 2005-01-10 10:15:24 138,752 ----a-r C:\WINDOWS\system32\drivers\ctsfm2k.sys - 2004-08-03 21:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys + 2004-08-03 22:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys + 2001-08-17 18:19:34 40,704 ----a-w C:\WINDOWS\system32\drivers\es1371mp.sys + 2007-12-26 14:54:39 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys - 2004-08-03 21:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys + 2004-08-03 22:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys + 2005-07-07 08:14:30 1,389,056 ----a-r C:\WINDOWS\system32\drivers\P17.sys + 2004-12-22 11:58:14 8,704 ----a-r C:\WINDOWS\system32\drivers\Pfmodnt.sys - 2004-08-03 21:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys + 2004-08-03 22:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys + 2001-10-25 23:00:00 492,672 ----a-w C:\WINDOWS\system32\drivers\sbpci.sys - 2004-08-03 21:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys + 2004-08-03 22:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys + 2004-10-11 10:20:38 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys - 2004-08-03 22:44:36 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll + 2004-10-11 10:20:30 253,688 ----a-w C:\WINDOWS\system32\drmclien.dll - 2004-08-03 22:43:56 87,040 ----a-w C:\WINDOWS\system32\drmstor.dll + 2004-10-11 10:20:30 95,232 -c–a-w C:\WINDOWS\system32\drmstor.dll - 2004-08-03 22:44:34 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll + 2004-10-11 10:20:30 533,504 -c–a-w C:\WINDOWS\system32\drmv2clt.dll + 2003-04-02 07:13:32 139,264 -c–a-w C:\WINDOWS\system32\EAX.DLL + 2000-08-31 07:00:00 73,728 ----a-w C:\WINDOWS\system32\fdsv.exe + 2007-06-03 13:31:28 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll + 2000-08-31 07:00:00 80,412 ----a-w C:\WINDOWS\system32\grep.exe - 2007-07-11 23:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2007-09-24 20:30:28 135,168 -c–a-w C:\WINDOWS\system32\java.exe - 2007-07-11 23:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-09-24 20:30:30 135,168 -c–a-w C:\WINDOWS\system32\javaw.exe - 2007-07-12 00:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2007-09-24 21:31:42 139,264 -c–a-w C:\WINDOWS\system32\javaws.exe - 2004-08-03 22:44:02 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll + 2004-08-03 23:44:02 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll + 2001-10-26 16:45:18 223,680 -c–a-w C:\WINDOWS\system32\lanman.drv - 2004-08-03 22:44:02 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll + 2004-10-11 10:20:30 6,656 -c–a-w C:\WINDOWS\system32\laprxy.dll - 2004-08-03 22:44:22 103,936 ----a-w C:\WINDOWS\system32\logagent.exe + 2004-10-11 10:20:30 96,768 -c–a-w C:\WINDOWS\system32\logagent.exe + 2007-06-11 11:04:38 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe - 2007-09-17 05:09:55 45,218 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe + 2007-11-29 22:46:59 45,218 -c–a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe + 2001-10-26 16:45:18 73,616 -c–a-w C:\WINDOWS\system32\mciavi.drv + 2001-10-26 16:45:18 25,296 -c–a-w C:\WINDOWS\system32\mciseq.drv + 2001-10-26 16:45:18 28,160 -c–a-w C:\WINDOWS\system32\mciwave.drv + 2001-10-26 18:30:08 20,992 ----a-w C:\WINDOWS\system32\msacm32.drv + 2004-08-03 22:44:32 188,416 ----a-w C:\WINDOWS\system32\msh261.drv + 2004-08-03 22:54:52 294,912 ----a-w C:\WINDOWS\system32\msh263.drv - 2004-08-03 22:44:32 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll + 2004-10-11 10:20:30 141,312 -c–a-w C:\WINDOWS\system32\msnetobj.dll - 2004-08-03 22:44:06 52,736 ----a-w C:\WINDOWS\system32\mspmsnsv.dll + 2004-10-11 10:20:30 25,088 -c–a-w C:\WINDOWS\system32\MsPMSNSv.dll - 2004-08-03 22:44:06 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll + 2004-10-11 10:20:30 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll - 2004-08-03 22:44:34 356,352 ----a-w C:\WINDOWS\system32\msscp.dll + 2004-10-11 10:20:30 360,176 -c–a-w C:\WINDOWS\system32\MSSCP.dll - 2004-08-03 22:44:06 246,272 ----a-w C:\WINDOWS\system32\mswmdm.dll + 2004-10-11 10:20:30 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll + 2003-03-28 03:24:48 159,744 -c–a-w C:\WINDOWS\system32\OPENAL32.DLL + 2005-05-03 11:38:42 64,512 ----a-r C:\WINDOWS\system32\P17.dll + 2003-10-02 10:48:18 53,248 -c–a-r C:\WINDOWS\system32\P17CPI.dll + 2005-06-13 05:03:00 137,728 ----a-r C:\WINDOWS\system32\P17res.dll - 2007-08-15 09:16:03 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-10-28 16:06:43 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-08-15 09:16:03 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat + 2007-10-28 16:06:43 49,492 -c–a-w C:\WINDOWS\system32\perfc015.dat - 2007-08-15 09:16:03 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-10-28 16:06:43 311,604 -c–a-w C:\WINDOWS\system32\perfh009.dat - 2007-08-15 09:16:03 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-10-28 16:06:43 355,486 -c–a-w C:\WINDOWS\system32\perfh015.dat - 2001-06-22 23:31:20 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll + 2001-06-23 00:31:20 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll - 1998-03-26 02:57:34 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll + 1998-03-26 03:57:34 6,656 -c–a-w C:\WINDOWS\system32\pndx5016.dll - 1998-05-12 18:36:44 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll + 1998-05-12 19:36:44 5,632 -c–a-w C:\WINDOWS\system32\pndx5032.dll - 2004-08-03 22:44:10 237,568 ----a-w C:\WINDOWS\system32\qasf.dll + 2004-10-11 10:20:30 221,184 ----a-w C:\WINDOWS\system32\qasf.dll + 2004-08-03 21:08:00 60,288 -c–a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\drmk.sys + 2001-08-17 18:19:34 40,704 -c–a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\es1371mp.sys + 2004-08-03 21:15:22 140,928 -c–a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\ks.sys + 2004-08-03 22:44:02 4,096 -c–a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\ksuser.dll + 2004-08-03 21:15:50 145,792 -c–a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\portcls.sys + 2004-08-03 21:08:04 48,640 -c–a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\stream.sys + 2004-08-03 22:54:52 23,552 -c–a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\wdmaud.drv - 2006-01-28 00:55:26 176,167 ----a-w C:\WINDOWS\system32\rmoc3260.dll + 2006-10-07 04:18:32 185,952 -c–a-w C:\WINDOWS\system32\rmoc3260.dll + 2001-03-14 23:00:00 86,016 -c–a-w C:\WINDOWS\system32\sbres32.dll + 2000-08-31 07:00:00 98,816 ----a-w C:\WINDOWS\system32\sed.exe + 2005-01-10 10:15:26 20,992 -c–a-r C:\WINDOWS\system32\sfman32.dll + 2005-01-10 10:15:26 115,200 -c–a-r C:\WINDOWS\system32\sfms32.dll - 2007-07-22 16:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe - 2006-11-29 15:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe + 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe - 2006-12-01 03:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe + 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe + 2001-08-17 22:36:30 3,360 -c–a-w C:\WINDOWS\system32\system.drv + 2001-10-26 17:51:12 4,096 -c–a-w C:\WINDOWS\system32\timer.drv + 2004-10-11 10:20:30 47,104 -c–a-w C:\WINDOWS\system32\uwdf.exe - 2006-11-27 00:34:46 49,152 ----a-w C:\WINDOWS\system32\VFind.exe + 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe + 2004-10-11 10:20:30 15,872 -c–a-w C:\WINDOWS\system32\wdfapi.dll + 2004-10-11 10:20:30 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe + 2004-08-03 22:54:52 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv + 2001-08-17 22:36:54 13,600 -c–a-w C:\WINDOWS\system32\wfwnet.drv + 2004-08-03 22:44:32 146,432 ----a-w C:\WINDOWS\system32\winspool.drv - 2004-08-03 22:44:16 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll + 2004-10-11 10:20:30 379,120 ----a-w C:\WINDOWS\system32\wmadmod.dll - 2004-08-03 22:44:16 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll + 2004-10-11 10:20:30 712,704 -c–a-w C:\WINDOWS\system32\wmadmoe.dll - 2004-08-03 22:44:16 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll + 2004-10-11 10:20:30 224,256 ----a-w C:\WINDOWS\system32\wmasf.dll - 2004-08-03 22:44:16 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll + 2004-10-11 10:20:32 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll - 2004-08-03 22:44:16 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll + 2004-10-11 10:20:32 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll + 2004-10-11 10:20:32 344,064 -c–a-w C:\WINDOWS\system32\WMDRMdev.dll + 2004-10-11 10:20:32 290,816 -c–a-w C:\WINDOWS\system32\WMDRMNet.dll - 2004-08-03 22:44:16 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll + 2004-10-11 10:20:32 150,016 -c–a-w C:\WINDOWS\system32\wmidx.dll - 2004-08-03 22:44:16 1,050,624 ----a-w C:\WINDOWS\system32\wmnetmgr.dll + 2004-10-11 10:20:32 1,026,048 ----a-w C:\WINDOWS\system32\wmnetmgr.dll + 2004-08-03 22:44:16 221,184 -c–a-w C:\WINDOWS\system32\wmpns.dll - 2004-08-03 22:44:16 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll + 2004-10-11 10:20:34 773,368 -c–a-w C:\WINDOWS\system32\wmsdmod.dll - 2004-08-03 22:44:16 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll + 2004-10-11 10:20:34 1,116,160 -c–a-w C:\WINDOWS\system32\wmsdmoe2.dll - 2004-08-03 22:44:16 484,864 ----a-w C:\WINDOWS\system32\wmspdmod.dll + 2004-10-11 10:20:34 531,192 -c–a-w C:\WINDOWS\system32\wmspdmod.dll - 2004-08-03 22:44:16 896,512 ----a-w C:\WINDOWS\system32\wmspdmoe.dll + 2004-10-11 10:20:36 936,960 -c–a-w C:\WINDOWS\system32\wmspdmoe.dll + 2003-06-23 00:44:36 1,415,680 ----a-w C:\WINDOWS\system32\wmv9vcm.dll + 2004-10-11 10:20:36 1,181,944 -c–a-w C:\WINDOWS\system32\wmvadvd.dll + 2004-10-11 10:20:36 1,509,376 -c–a-w C:\WINDOWS\system32\WMVADVE.DLL - 2004-08-03 22:44:36 2,105,344 ----a-w C:\WINDOWS\system32\wmvcore.dll + 2004-10-11 10:20:36 2,362,104 ----a-w C:\WINDOWS\system32\wmvcore.dll - 2004-08-03 22:44:16 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll + 2004-10-11 10:20:36 868,600 ----a-w C:\WINDOWS\system32\wmvdmod.dll - 2004-08-03 22:44:16 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll + 2004-10-11 10:20:38 999,424 -c–a-w C:\WINDOWS\system32\wmvdmoe2.dll + 2004-10-11 10:20:38 38,912 -c–a-w C:\WINDOWS\system32\wpd_ci.dll + 2004-10-11 10:20:38 61,952 -c–a-w C:\WINDOWS\system32\wpdconns.dll + 2004-10-11 10:20:38 114,176 -c–a-w C:\WINDOWS\system32\wpdmtp.dll + 2004-10-11 10:20:38 331,776 -c–a-w C:\WINDOWS\system32\wpdmtpdr.dll + 2004-10-11 10:20:38 66,560 -c–a-w C:\WINDOWS\system32\wpdmtpus.dll + 2004-10-11 10:20:38 327,680 -c–a-w C:\WINDOWS\system32\wpdsp.dll + 2004-10-11 10:20:38 10,752 -c–a-w C:\WINDOWS\system32\wpdtrace.dll + 2006-02-03 07:41:26 14,032 -c–a-w C:\WINDOWS\system32\x3daudio1_0.dll + 2006-02-03 07:42:06 230,096 -c–a-w C:\WINDOWS\system32\xactengine2_0.dll + 2006-03-31 11:39:48 229,584 -c–a-w C:\WINDOWS\system32\xactengine2_1.dll + 2006-05-31 06:24:16 230,168 -c–a-w C:\WINDOWS\system32\xactengine2_2.dll + 2006-03-31 11:39:24 62,672 -c–a-w C:\WINDOWS\system32\xinput1_1.dll + 2005-12-05 17:07:30 61,136 -c–a-w C:\WINDOWS\system32\xinput9_1_0.dll + 2000-08-31 07:00:00 68,096 ----a-w C:\WINDOWS\system32\zip.exe + 1996-07-18 12:06:14 297,472 -c–a-w C:\WINDOWS\uninst.exe + 2000-05-11 00:00:00 90,112 ----a-w C:\WINDOWS\Updreg.EXE + 2006-12-01 21:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-01 21:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 21:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-01 23:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 23:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 23:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 23:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll . – Snapshot reset to current date – . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CreativeTaskScheduler”=“C:\Program Files\Creative\Shared Files\CTSched.exe” [2006-11-17 10:42 53341] “AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” [2007-12-22 08:23 221568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “EM_EXEC”=“C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE” [2002-07-01 08:50 28672] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648] “HP Software Update”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [2002-12-17 10:40 49152] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe” [2003-03-11 11:08 172032] “DeviceDiscovery”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [2002-12-02 19:56 40960] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-01 14:57 282624] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 18:42 32768] “nvchost”=“C:\WINDOWS\winlogon.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11 132496] “CTSysVol”=“C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe” [2005-10-31 10:51 57344] “P17Helper”=“P17.dll” [2005-05-03 12:38 64512 C:\WINDOWS\system32\P17.dll] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00 90112] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 02:17 443968] [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe”= “C:\Program Files\FlashFXP\FlashFXP.exe”= “C:\Program Files\Skype\Phone\Skype.exe”= R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v2.6.87\ATI Tray Tools\atitray.sys [2005-10-14 10:53] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21] R2 SPF4;Sunbelt Personal Firewall 4;“C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe” [2007-04-26 09:21] R3 rtl8180;PLANET WL-8303 Wireless PCI Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-02-04 03:24] S3 SiS7012;Service for AC’97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-04-23 14:02] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-27 20:47:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-27 20:49:27 ComboFix-quarantined-files.txt 2008-03-27 19:49:21 ComboFix2.txt 2007-09-29 10:40:01 Pre-Run: 1,742,921,728 bajtów wolnych Post-Run: 1,728,167,936 bajtów wolnych Z gory tnx za pomoc. tylko prosze niepiszcie zebym usunal pasek megaupload bo to narazie w gre niewchodzi PS o co chodzi z tym wklejaniem na wklej.org ?? mam tylko na forum dawac linki czy tak jak robie cale logi?

Gutek · 25 Marzec 2008 15:29

O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

usuń wpisy HJT

Daj log z ComboFix

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350