Szczepi
(Szczepi0804)
23 Marzec 2007 17:32
#1
Logfile of HijackThis v1.99.1 Scan saved at 18:29:30, on 2007-03-23 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Video Access ActiveX Object\isamntr.exe C:\Program Files\Video Access ActiveX Object\pmsnrr.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Programy\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Video Access ActiveX Object\pmmnt.exe C:\Program Files\Video Access ActiveX Object\isamini.exe C:\WINDOWS\System32\wdfmgr.exe C:\Programy\Winamp\winamp.exe C:\Programy\Gadu-Gadu\gg.exe C:\Programy\Xfire\Xfire.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Programy\Opera\Opera.exe E:\Instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [WinampAgent] C:\Programy\Winamp\winampa.exe O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [soundService] rundll32.exe “C:\WINDOWS\System32\rntgnlfl.dll”,setvm O4 - HKLM…\RunOnce: [AAW] “C:\Programy\Lavasoft\AD-AWA~1\Ad-Aware.exe” “+b1” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O8 - Extra context menu item: Download all links using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programy\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip…{36E38010-2DD7-4826-A66F-3F3652427CCF}: NameServer = 85.255.114.66,85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip…{6E1208BB-5A4A-470A-AE42-82D26E0A8400}: NameServer = 85.255.114.66,85.255.112.130 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
Pojawiają się komunikaty, że komputer jest zainfekowany, chmurka z tytułem System performance monitor: Warning i kilka innych. Mam nadzieję, że usunięcie kilku wpisów załatwi sprawę.
Niestety ale wydaje mi się, że zbyt często proszę was o sprawdzenie loga i w ogóle o pomoc, czy jest jakiś skuteczny sposób na to, aby uchronić komputer od wirusów, trojanów, robaków itd.? ;]
adam9870
(adam9870)
23 Marzec 2007 20:55
#2
SmirFraud + Trojan Vundo + Rootkit Windows Security Center.
Uwaga: na czas wykonywania czynności wyłącz strażnika Ad-Aware.exe.
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
Użyj narzędzia SmitFraudFix (wybierz opcję 2). Potem sprawdź co będzie z tego co wskazałem poniżej i usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
C:\Program Files\Video Access ActiveX Object\isamntr.exe C:\Program Files\Video Access ActiveX Object\pmsnrr.exe C:\Program Files\Video Access ActiveX Object\pmmnt.exe C:\Program Files\Video Access ActiveX Object\isamini.exe O4 - HKLM…\Run: [soundService] rundll32.exe “C:\WINDOWS\System32\rntgnlfl.dll”,setvm O17 - HKLM\System\CCS\Services\Tcpip…{36E38010-2DD7-4826-A66F-3F3652427CCF}: NameServer = 85.255.114.66,85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip…{6E1208BB-5A4A-470A-AE42-82D26E0A8400}: NameServer = 85.255.114.66,85.255.112.130 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130
Pliki i foldery zaznaczone kasujesz ręcznie z dysku natomiast wpisy w HijackThis.
Użyj narzędzia FixWareOut .
Użyj VundoFix + FixVundo + VirtumundoBeGone . Wszystkie narzędzia należy uruchomić będąc w trybie awaryjnym.
Po wykonaniu wklej log z ComboScan , SilentRunners oraz zawartość pliku c:\vundofix.txt i c:\fixwareout\report.txt
Szczepi
(Szczepi0804)
24 Marzec 2007 11:53
#3
No więc użyłem Windows Worms’a. Jak uruchomiłem SmitFraudFixa to w okienku wyświetliło się takie coś:
Po wciśnięciu dowolnego klawisza okienko się wyłączyło.
edit: Heh, wystarczyło przenieść folder. Po użyciu Smirfraud fixa zniknęła mi tapeta a pulpit zrobił się niebieski, co najważniejsze zniknęła chmurka z komunikatek System Alert Wkleić logi jeszcze raz?
Usunąłem te 2 pliki ręcznie oraz wszystkie 6 wpisy w HJT.
Używałem wszystkich narzędzi, te 2 ostatnie nic nie wykryło. Chmurka z komunikatem System Alert nadal mi się pojawia :?
Silent:
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “WinampAgent” = “C:\Programy\Winamp\winampa.exe” [null data] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SoundService” = “rundll32.exe “C:\WINDOWS\System32\nonojglu.dll”,setvm” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “C:\Programy\BitComet\tools\BitCometBHO_1.1.2.7.dll” [“BitComet”] {46A4E9D9-B30E-452A-8157-DBBEC8573B03}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\VSAdd-in\VSAdd-in.dll” [file not found] {5A07F827-F990-4C7C-886C-953718EE7643}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\gvbxqpwf.dll” [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] {7AC578A9-AD69-4B65-8407-C1B69A9BEBDC}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\awtsq.dll” [file not found] {A6ACAE64-F798-4930-AD86-BD3FB32038DB}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Video Access ActiveX Object\isadd.dll” [file not found] {D38439EC-4A7F-42b4-90C2-D810D7778FDD}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\qmvnxyhm.dll” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <> “{b292ec9f-a074-4115-8342-1f459702d8d2}” = “characterizing” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\fyxkaah.dll” [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{74DD705D-6834-439C-A735-A6DBE2677452}” = (no title provided) -> {HKLM…CLSID} = “&VSAdd-in” \InProcServer32(Default) = “C:\Program Files\VSAdd-in\VSAdd-in.dll” [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 1311 seconds, including 3 seconds for message boxes)
Comboscan: (otworzyły mi się dwa notatniki z 2 logami(?), nie wiedziałem który wkleić więc wkleiłem ten krótszy, jak chodzi o ten dłuższy to napisz )
ComboScan v20070306.20 run by Szczepan on 2007-03-24 at 13:03:46 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- – System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) Architecture: X86; Language: Polish CPU 0: Intel® Pentium® 4 CPU 2.66GHz Percentage of Memory in Use: 36% Physical Memory (total/avail): 510.8 MiB / 324.25 MiB Pagefile Memory (total/avail): 1250.07 MiB / 1108.35 MiB Virtual Memory (total/avail): 2047.88 MiB / 2004.68 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 8.58 GiB total, 4.94 GiB free. D: is Removable (No Media) E: is Fixed (FAT32) - 28.71 GiB total, 15.69 GiB free. F: is CDROM (UDF) G: is CDROM (No Media) – Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is enabled. – Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Szczepan\Dane aplikacji CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SZCZEPAN-0IU2ZT ComSpec=C:\WINDOWS\system32\cmd.exe HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Szczepan LOGONSERVER=\SZCZEPAN-0IU2ZT NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM ;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Szczepan\USTAWI~1\Temp TMP=C:\DOCUME~1\Szczepan\USTAWI~1\Temp USERDOMAIN=SZCZEPAN-0IU2ZT USERNAME=Szczepan USERPROFILE=C:\Documents and Settings\Szczepan windir=C:\WINDOWS – User Profiles --------------------------------------------------------------- Szczepan (admin) Administrator (new local, admin) – Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean BitComet 0.84 --> C:\Programy\BitComet\uninst.exe eMule --> “C:\Programy\eMule\Uninstall.exe” Gadu-Gadu 7.6 --> C:\Programy\Gadu-Gadu\Setup.exe HijackThis 1.99.1 --> E:\Instalki\hijackthis\HijackThis.exe /uninstall J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} K-Lite Mega Codec Pack 1.67 --> “C:\Programy\K-Lite Codec Pack\unins000.exe” Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Opera 9.02 --> MsiExec.exe /X{738179D8-3D76-4AFF-A7BE-AEF3B4370CB4} Public Messenger ver 2.03 --> “C:\Program Files\Video Access ActiveX Object\pmunst.exe” Real Alternative 1.51 --> “E:\Szczepan\Gry i Programy\Real Alternative\unins000.exe” TeamSpeak 2 RC2 --> C:\Programy\Teamspeak2_RC2\unins000.exe The Playa --> “E:\Szczepan\Gry i Programy\Kodeki\The Playa\uninstall.exe” Video Access ActiveX Object 2.07 --> C:\Program Files\Video Access ActiveX Object\uninst.exe VSAdd-in for Internet Explorer --> regsvr32.exe /u /s “C:\Program Files\VSAdd-in\VSAdd-in.dll” Winamp (remove only) --> “C:\Programy\Winamp\UninstWA.exe” Windows Safety Alert --> C:\DOCUME~1\Szczepan\USTAWI~1\Temp\laf479.tmp /del Xfire (remove only) --> “C:\Programy\Xfire\uninst.exe” – End of ComboScan: finished at 2007-03-24 at 13:05:32 ------------------------
Vundofix:
Fixwareout:
Fixwareout Last edited 2/11/2007 Post this report in the forums please … »»»»»Prerun check HKLM\SOFTWARE~\Winlogon\ “System”=“kdbmx.exe” »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “system”="" … … »»»»» Misc files. … »»»»» Checking for older varients. … Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL’S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other C:\WINDOWS\Temp\kdbmx.ren 63458 2001-10-30 »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “WinampAgent”=“C:\Programy\Winamp\winampa.exe” “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “SoundService”=“rundll32.exe “C:\WINDOWS\System32\nonojglu.dll”,setvm” [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" … Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
PS. Logi przed użyciem SmitFraudFixa
adam9870
(adam9870)
24 Marzec 2007 13:03
#4
Ściągasz program KillBox , zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:
C:\WINDOWS\System32\gvbxqpwf.dll
C:\WINDOWS\System32\fyxkaah.dll
Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
W dodań/usuń programy odinstaluj VSAdd-in for Internet Explorer oraz Video Access ActiveX Object 2.07 jeśli będą.
Użyj programu ATF Cleaner i przeczyść TEMP’y.
Po wykonaniu wklej nowy log z Comboscana i Silenta. Tylko tym razem wklej zawartość pliku ComboScan.txt, a nie Supplementary.txt
Gutek
(Gutek)
24 Marzec 2007 15:16
#5
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Pozdrawiam Gutek2222
Szczepi
(Szczepi0804)
24 Marzec 2007 16:22
#6
Tego VSAdd-in nie moge usunął w Panelu, po kliknięciu usuń nic się nie dzieje, można jakoś inaczej to wywalić?
Silent:
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “WinampAgent” = “C:\Programy\Winamp\winampa.exe” [null data] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SoundService” = “rundll32.exe “C:\WINDOWS\System32\nonojglu.dll”,setvm” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “C:\Programy\BitComet\tools\BitCometBHO_1.1.2.7.dll” [“BitComet”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\Szczepan\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Szczepan\Dane aplikacji\Opera\Opera\profile\skin\tap2-1024x768.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”] BrSplService, Brother XP spl Service, “C:\WINDOWS\System32\brsvc01a.exe” [“brother Industries Ltd”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 1146 seconds, including 7 seconds for message boxes)
Combo:
ComboScan v20070306.20 run by Szczepan on 2007-03-24 at 17:37:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. – Last 5 Restore Point(s) – 23: 2007-03-24 16:37:07 UTC - RP23 - ComboScan Restore Point 22: 2007-03-24 12:04:01 UTC - RP22 - ComboScan Restore Point 21: 2007-03-24 11:11:03 UTC - RP21 - Remove CloneCD 20: 2007-03-21 15:50:22 UTC - RP20 - Zainstalowany program DirectX 9.0 19: 2007-03-19 21:03:50 UTC - RP19 - Install CloneCD – First Restore Point – 1: 2007-03-05 13:56:49 UTC - RP1 - Punkt kontrolny systemu Performed disk cleanup. – HijackThis (run as Szczepan.exe) -------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 17:37:15, on 2007-03-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Programy\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Programy\Opera\Opera.exe C:\WINDOWS\System32\wpabaln.exe C:\Programy\Xfire\Xfire.exe C:\Programy\Teamspeak2_RC2\TeamSpeak.exe C:\Programy\Gadu-Gadu\gg.exe E:\Instalki\comboscan.exe E:\Instalki\HIJACK~1\Szczepan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programy\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [WinampAgent] C:\Programy\Winamp\winampa.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [soundService] rundll32.exe “C:\WINDOWS\System32\nonojglu.dll”,setvm O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O8 - Extra context menu item: Download all links using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programy\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe – HijackThis Fixed Entries (E:\Instalki\HIJACK~1\backups) -------------------- backup-20070115-222953-806 O4 - HKLM…\Run: [system] C:\WINDOWS\system32\kernels88.exe backup-20070115-222953-661 O17 - HKLM\System\CCS\Services\Tcpip…{21496AA4-61E4-4178-B01D-482C7027BA2F}: NameServer = 85.255.114.66,85.255.112.130 backup-20070115-222953-440 O17 - HKLM\System\CCS\Services\Tcpip…{CBC26F76-DE96-48DF-A387-D271FBA1306E}: NameServer = 85.255.114.66,85.255.112.130 backup-20070115-222953-836 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 backup-20070115-222953-650 O17 - HKLM\System\CS1\Services\Tcpip…{21496AA4-61E4-4178-B01D-482C7027BA2F}: NameServer = 85.255.114.66,85.255.112.130 backup-20070115-222953-472 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 backup-20070115-222953-739 O17 - HKLM\System\CS2\Services\Tcpip…{21496AA4-61E4-4178-B01D-482C7027BA2F}: NameServer = 85.255.114.66,85.255.112.130 backup-20070115-222953-938 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 backup-20070305-161809-514 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm backup-20070305-161809-743 O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm backup-20070307-164932-863 O4 - HKLM…\Run: [2chkdsk] rundll32.exe “C:\WINDOWS\System32\lckrxcpx.dll”,setvm backup-20070324-123402-167 O4 - HKLM…\Run: [soundService] rundll32.exe “C:\WINDOWS\System32\rntgnlfl.dll”,setvm backup-20070324-123402-864 O17 - HKLM\System\CCS\Services\Tcpip…{36E38010-2DD7-4826-A66F-3F3652427CCF}: NameServer = 85.255.114.66,85.255.112.130 backup-20070324-123402-259 O17 - HKLM\System\CCS\Services\Tcpip…{6E1208BB-5A4A-470A-AE42-82D26E0A8400}: NameServer = 85.255.114.66,85.255.112.130 backup-20070324-123402-896 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 backup-20070324-123402-163 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 backup-20070324-123402-425 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.66 85.255.112.130 – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “C:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys 3S gmer - C:\WINDOWS\system32\drivers\gmer.sys 3R hidusb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys 3R mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 3R rtl8139 (Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet) - C:\WINDOWS\system32\drivers\RTL8139.sys 3R usbccgp (Rodzajowy sterownik nadrzędny USB Microsoft) - C:\WINDOWS\system32\drivers\usbccgp.sys 3R usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys 3R usbstor (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\usbstor.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2R Ati HotKey Poller - C:\WINDOWS\System32\Ati2evxx.exe 2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe 2R Brother XP spl Service (BrSplService) - C:\WINDOWS\System32\brsvc01a.exe 4S Remote Process Manager - “C:\WINDOWS\system32\spoolvc.exe” 3S SCardDrv (Pomocnik karty inteligentnej) - C:\WINDOWS\System32\SCardSvr.exe 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe 2R uploadmgr (Menedżer przekazywania) - C:\WINDOWS\System32\svchost.exe -k netsvcs – Files created between 2007-02-24 and 2007-03-24 ----------------------------- 2007-03-24 16:03:44 0 d-------- C:!KillBox 2007-03-24 13:51:44 752 --a------ C:\WINDOWS\System32\tmp.reg 2007-03-24 13:49:42 79360 --a------ C:\WINDOWS\System32\swxcacls.exe 2007-03-24 13:49:42 40960 --a------ C:\WINDOWS\System32\swsc.exe 2007-03-24 13:49:42 135168 --a------ C:\WINDOWS\System32\swreg.exe 2007-03-24 13:49:42 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe 2007-03-24 13:49:42 53248 --a------ C:\WINDOWS\System32\Process.exe 2007-03-24 13:49:42 51200 --a------ C:\WINDOWS\System32\dumphive.exe 2007-03-24 13:22:36 0 d-------- C:\Program Files\WindowsUpdate 2007-03-24 12:39:20 0 d-------- C:\fixwareout 2007-03-24 12:34:04 123972 --a------ C:\WINDOWS\System32\nonojglu.dll 2007-03-24 12:29:34 88340 --a------ C:\WINDOWS\System32\tusiuhhl.exe 2007-03-24 12:29:25 76412 --a------ C:\WINDOWS\System32\iafvtvao.dll 2007-03-21 16:50:33 47104 --a------ C:\WINDOWS\System32\wstdecod.dll 2007-03-21 16:50:33 18688 --a------ C:\WINDOWS\System32\drivers\wstcodec.sys 2007-03-21 16:50:33 14976 --a------ C:\WINDOWS\System32\drivers\streamip.sys 2007-03-21 16:50:32 354816 --a------ C:\WINDOWS\System32\psisdecd.dll 2007-03-21 16:50:32 16896 --a------ C:\WINDOWS\System32\msyuv.dll 2007-03-21 16:50:32 1230336 --a------ C:\WINDOWS\System32\msvidctl.dll 2007-03-21 16:50:32 10880 --a------ C:\WINDOWS\System32\drivers\slip.sys 2007-03-21 16:50:32 10112 --a------ C:\WINDOWS\System32\drivers\ndisip.sys 2007-03-21 16:50:32 83968 --a------ C:\WINDOWS\System32\drivers\nabtsfec.sys 2007-03-21 16:50:32 52096 --a------ C:\WINDOWS\System32\drivers\msdv.sys 2007-03-21 16:50:32 15104 --a------ C:\WINDOWS\System32\drivers\mpe.sys 2007-03-21 16:50:32 16384 --a------ C:\WINDOWS\System32\drivers\ccdecode.sys 2007-03-21 16:50:32 11392 --a------ C:\WINDOWS\System32\drivers\bdasup.sys 2007-03-21 16:50:30 733184 --a------ C:\WINDOWS\System32\qedwipes.dll 2007-03-21 16:50:30 4096 --a------ C:\WINDOWS\System32\ksuser.dll 2007-03-21 16:50:30 4096 --a------ C:\WINDOWS\System32\drivers\swenum.sys 2007-03-21 16:50:30 48512 --a------ C:\WINDOWS\System32\drivers\stream.sys 2007-03-21 16:50:30 5504 --a------ C:\WINDOWS\System32\drivers\mstee.sys 2007-03-21 16:50:30 4608 --a------ C:\WINDOWS\System32\drivers\mspqm.sys 2007-03-21 16:50:30 5248 --a------ C:\WINDOWS\System32\drivers\mspclock.sys 2007-03-21 16:50:30 7424 --a------ C:\WINDOWS\System32\drivers\mskssrv.sys 2007-03-21 16:50:30 130304 --a------ C:\WINDOWS\System32\drivers\ks.sys 2007-03-21 16:50:29 1798144 --a------ C:\WINDOWS\System32\qedit.dll 2007-03-21 16:50:28 1962496 --a------ C:\WINDOWS\System32\quartz.dll 2007-03-21 16:50:28 470528 --a------ C:\WINDOWS\System32\qdvd.dll 2007-03-21 16:50:28 316928 --a------ C:\WINDOWS\System32\qdv.dll 2007-03-21 16:50:28 257024 --a------ C:\WINDOWS\System32\qcap.dll 2007-03-21 16:50:28 324096 --a------ C:\WINDOWS\System32\mswebdvd.dll 2007-03-21 16:50:28 13312 --a------ C:\WINDOWS\System32\msdmo.dll 2007-03-21 16:50:28 34304 --a------ C:\WINDOWS\System32\mciqtz32.dll 2007-03-21 16:50:28 18944 --a------ C:\WINDOWS\System32\encapi.dll 2007-03-21 16:50:28 132608 --a------ C:\WINDOWS\System32\devenum.dll 2007-03-21 16:50:28 64512 --a------ C:\WINDOWS\System32\amstream.dll 2007-03-21 16:50:27 122880 --a------ C:\WINDOWS\System32\dmusic.dll 2007-03-21 16:50:27 100864 --a------ C:\WINDOWS\System32\dmsynth.dll 2007-03-21 16:50:27 98816 --a------ C:\WINDOWS\System32\dmstyle.dll 2007-03-21 16:50:27 33280 --a------ C:\WINDOWS\System32\dmloader.dll 2007-03-21 16:50:27 181248 --a------ C:\WINDOWS\System32\dmime.dll 2007-03-21 16:50:27 58368 --a------ C:\WINDOWS\System32\dmcompos.dll 2007-03-21 16:50:27 27136 --a------ C:\WINDOWS\System32\dmband.dll 2007-03-21 16:50:26 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll 2007-03-21 16:50:26 974848 --a------ C:\WINDOWS\System32\dxdiag.exe 2007-03-21 16:50:26 18432 --a------ C:\WINDOWS\System32\dswave.dll 2007-03-21 16:50:26 76800 --a------ C:\WINDOWS\System32\dmscript.dll 2007-03-21 16:50:26 667648 --a------ C:\WINDOWS\System32\dinput8.dll 2007-03-21 16:50:26 1703936 --a------ C:\WINDOWS\System32\d3d9.dll 2007-03-21 16:50:26 1201152 --a------ C:\WINDOWS\System32\d3d8.dll 2007-03-21 16:50:23 46592 --a------ C:\WINDOWS\System32\dxdllreg.exe 2007-03-21 16:50:23 491520 --a------ C:\WINDOWS\System32\dsdmoprp.dll 2007-03-21 16:50:23 186880 --a------ C:\WINDOWS\System32\dsdmo.dll 2007-03-21 16:50:23 112128 --a------ C:\WINDOWS\System32\dpvvox.dll 2007-03-21 16:50:23 80896 --a------ C:\WINDOWS\System32\dpvsetup.exe 2007-03-21 16:50:23 381952 --a------ C:\WINDOWS\System32\dpvoice.dll 2007-03-21 16:50:23 19968 --a------ C:\WINDOWS\System32\dpvacm.dll 2007-03-21 16:50:22 31744 --a------ C:\WINDOWS\System32\pid.dll 2007-03-21 16:50:22 1189888 --a------ C:\WINDOWS\System32\dx8vb.dll 2007-03-21 16:50:22 602624 --a------ C:\WINDOWS\System32\dx7vb.dll 2007-03-21 16:50:22 1294336 --a------ C:\WINDOWS\System32\dsound3d.dll 2007-03-21 16:50:22 381952 --a------ C:\WINDOWS\System32\dsound.dll 2007-03-21 16:50:22 79360 --a------ C:\WINDOWS\System32\dpwsockx.dll 2007-03-21 16:50:22 16896 --a------ C:\WINDOWS\System32\dpnsvr.exe 2007-03-21 16:50:22 3072 --a------ C:\WINDOWS\System32\dpnlobby.dll 2007-03-21 16:50:22 68096 --a------ C:\WINDOWS\System32\dpnhupnp.dll 2007-03-21 16:50:22 32768 --a------ C:\WINDOWS\System32\dpnhpast.dll 2007-03-21 16:50:22 723968 --a------ C:\WINDOWS\System32\dpnet.dll 2007-03-21 16:50:22 3072 --a------ C:\WINDOWS\System32\dpnaddr.dll 2007-03-21 16:50:22 77824 --a------ C:\WINDOWS\System32\dpmodemx.dll 2007-03-21 16:50:22 230400 --a------ C:\WINDOWS\System32\dplayx.dll 2007-03-21 16:50:22 28160 --a------ C:\WINDOWS\System32\dplaysvr.exe 2007-03-21 16:50:22 648704 --a------ C:\WINDOWS\System32\dinput.dll 2007-03-21 16:50:22 24064 --a------ C:\WINDOWS\System32\ddrawex.dll 2007-03-21 16:50:22 292864 --a------ C:\WINDOWS\System32\ddraw.dll 2007-03-21 16:50:22 797184 --a------ C:\WINDOWS\System32\d3dim700.dll 2007-03-21 16:50:22 8192 --a------ C:\WINDOWS\System32\d3d8thk.dll 2007-03-19 22:06:40 76412 --a------ C:\WINDOWS\System32\alfrewdy.dll 2007-03-19 22:06:38 106496 --a------ C:\WINDOWS\System32\TwnLib20.dll 2007-03-19 22:06:30 471040 -----n— C:\WINDOWS\System32\ImagXRA7.dll 2007-03-19 22:06:30 262144 -----n— C:\WINDOWS\System32\ImagXR7.dll 2007-03-19 22:06:30 476320 -----n— C:\WINDOWS\System32\ImagXpr7.dll 2007-03-19 22:06:30 1568768 -----n— C:\WINDOWS\System32\ImagX7.dll 2007-03-19 22:06:28 155648 --a------ C:\WINDOWS\System32\NeroCheck.exe 2007-03-19 22:06:18 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-19 22:06:16 0 d-------- C:\Program Files\Ahead 2007-03-19 22:03:50 0 d-------- C:\Program Files\SlySoft 2007-03-17 22:06:07 132116 --a------ C:\WINDOWS\System32\tbfmxmmx.dll 2007-03-16 22:09:19 188416 -----n— C:\WINDOWS\System32\PDRVINST.DLL 2007-03-16 22:09:18 65536 -----n— C:\WINDOWS\System32\BRWEBUP.EXE 2007-03-16 22:09:18 81920 -----n— C:\WINDOWS\System32\BrWebIns.dll 2007-03-16 22:09:13 0 d-------- C:\Program Files\Brother 2007-03-16 22:05:55 132116 --a------ C:\WINDOWS\System32\bsarachf.dll 2007-03-16 21:57:05 50 --a------ C:\WINDOWS\System32\bridf05a.dat 2007-03-16 21:56:30 52224 -----n— C:\WINDOWS\System32\brinsstr.dll 2007-03-16 21:55:49 34816 -----n— C:\WINDOWS\System32\BrWiaNCp.dll 2007-03-16 21:55:48 31744 -----n— C:\WINDOWS\System32\Brnsplg.dll 2007-03-16 21:55:48 53248 -----n— C:\WINDOWS\System32\BrNetSti.dll 2007-03-16 21:55:38 163840 -----n— C:\WINDOWS\System32\NSSearch.dll 2007-03-16 21:55:37 106496 -----n— C:\WINDOWS\System32\BrMuSNMP.dll 2007-03-16 21:55:37 147456 -----n— C:\WINDOWS\brunin03.dll 2007-03-16 21:50:47 0 d-------- C:\Program Files\ScanSoft 2007-03-16 21:41:04 132116 --a------ C:\WINDOWS\System32\cxfdngla.dll 2007-03-14 13:30:50 217088 --a------ C:\WINDOWS\System32\yv12vfw.dll 2007-03-14 13:30:50 180224 --a------ C:\WINDOWS\System32\xvidvfw.dll 2007-03-14 13:30:50 765952 --a------ C:\WINDOWS\System32\xvidcore.dll 2007-03-14 13:30:49 200704 --a------ C:\WINDOWS\System32\ssldivx.dll 2007-03-14 13:30:49 3596288 --a------ C:\WINDOWS\System32\qt-dx331.dll 2007-03-14 13:30:49 1044480 --a------ C:\WINDOWS\System32\libdivx.dll 2007-03-14 13:30:49 196608 --a------ C:\WINDOWS\System32\dtu100.dll 2007-03-14 13:30:49 73728 --a------ C:\WINDOWS\System32\dpl100.dll 2007-03-14 13:30:48 639066 --a------ C:\WINDOWS\System32\divx.dll 2007-03-14 13:30:47 10752 --a------ C:\WINDOWS\System32\ff_vfw.dll 2007-03-14 13:30:46 348160 --a------ C:\WINDOWS\System32\msvcr71.dll 2007-03-14 13:30:46 499712 --a------ C:\WINDOWS\System32\msvcp71.dll 2007-03-12 20:17:15 0 d–hs---- C:\WINDOWS\ftpcache 2007-03-12 15:16:45 76412 --a------ C:\WINDOWS\System32\lstggrrr.dll 2007-03-11 17:55:28 131604 --a------ C:\WINDOWS\System32\ubyeikpq.dll 2007-03-09 17:55:16 131604 --a------ C:\WINDOWS\System32\trdtdvyh.dll 2007-03-07 20:22:51 0 d-------- C:\Program Files\Media Player Classic 2007-03-07 17:04:58 0 dr-hs---- C:\cmdcons 2007-03-07 17:04:12 0 d-------- C:\WINDOWS\setup.pss 2007-03-07 17:03:43 0 d-------- C:\WINDOWS\setupupd 2007-03-07 16:46:29 0 d-------- C:\Downloads 2007-03-07 09:02:24 73728 --a------ C:\WINDOWS\System32\pv.exe 2007-03-07 08:48:37 48660 --a------ C:\WINDOWS\System32\bttwmfdi.dll 2007-03-07 08:46:39 1159 --a------ C:\WINDOWS\gmer.reg 2007-03-07 08:44:57 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-06 16:33:18 126976 --a------ C:\WINDOWS\System32\zip.exe 2007-03-06 16:33:18 175616 --a------ C:\WINDOWS\System32\strings.exe 2007-03-06 16:33:18 16384 --a------ C:\WINDOWS\System32\restart.exe 2007-03-06 16:33:18 39184 --a------ C:\WINDOWS\System32\Ntrights.exe 2007-03-06 16:33:18 11254 --a------ C:\WINDOWS\System32\locate.com 2007-03-05 22:03:45 2560 -----n— C:\WINDOWS\System32\drivers\cdralw2k.sys 2007-03-05 22:03:45 2432 -----n— C:\WINDOWS\System32\drivers\cdr4_xp.sys 2007-03-05 22:03:44 36528 -----n— C:\WINDOWS\System32\drivers\PxHelp20.sys 2007-03-05 22:03:43 115880 -----n— C:\WINDOWS\System32\pxinsi64.exe 2007-03-05 22:03:42 129784 -----n— C:\WINDOWS\System32\pxafs.dll 2007-03-05 22:02:16 0 d-------- C:\WINDOWS\RegisteredPackages 2007-03-05 22:00:15 0 d-------- C:\Program Files\Winamp 2007-03-05 21:12:00 0 d-------- C:\Program Files\Java 2007-03-05 21:09:09 0 d-------- C:\Program Files\Common Files\Java 2007-03-05 16:06:48 26637 —hs---- C:\WINDOWS\System32\awtttus.dll 2007-03-05 16:06:39 26637 —hs---- C:\WINDOWS\System32\wvussqn.dll 2007-03-05 15:30:28 0 d-------- C:\WINDOWS 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\WinSxS 2007-03-05 15:30:28 0 dr------- C:\WINDOWS\Web 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\twain_32 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\system32 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\wins 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\wbem 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\usmt 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\spool 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\ShellExt 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\Setup 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\ras 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\oobe 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\npp 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\mui 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\inetsrv 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\IME 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\icsxml 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\ias 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\export 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\drivers 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\drivers\etc 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\drivers\disdn 2007-03-05 15:30:28 0 dr-hs–c- C:\WINDOWS\System32\dllcache 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\dhcp 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\config 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\3com_dmi 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\3076 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\2052 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\1054 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\1045 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\1042 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\1041 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\1037 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\1033 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\1031 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\1028 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\System32\1025 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\system 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\security 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\Resources 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\repair 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\mui 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\msapps 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\msagent 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\Media 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\java 2007-03-05 15:30:28 0 d–h----- C:\WINDOWS\inf 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\ime 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\Help 2007-03-05 15:30:28 0 dr–s---- C:\WINDOWS\Fonts 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\Driver Cache 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\Debug 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\Cursors 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\Connection Wizard 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\Config 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\AppPatch 2007-03-05 15:30:28 0 d-------- C:\WINDOWS\addins 2007-03-05 15:16:58 282212 —hs---- C:\WINDOWS\System32\pmnlm.dll 2007-03-05 15:08:22 26637 —hs---- C:\WINDOWS\System32\mljklml.dll 2007-03-05 15:08:11 26637 —hs---- C:\WINDOWS\System32\jkkjjji.dll 2007-03-05 15:03:25 552 --a------ C:\WINDOWS\System32\d3d8caps.dat 2007-03-05 15:02:32 26637 —hs---- C:\WINDOWS\System32\fccdeec.dll 2007-03-05 14:59:32 0 d-------- C:\Programy 2007-03-05 14:58:50 516096 -----n— C:\WINDOWS\System32\ati2sgag.exe 2007-03-05 14:58:45 294912 -ra------ C:\WINDOWS\System32\atiiiexx.dll 2007-03-05 14:58:40 0 d-------- C:\WINDOWS\System32\ReinstallBackups 2007-03-05 14:58:25 0 d-------- C:\Program Files\Common Files\InstallShield 2007-03-05 14:56:32 0 d–hs---- C:\WINDOWS\Installer 2007-03-05 14:55:41 0 d–hs---- C:\System Volume Information 2007-03-05 14:55:33 0 d-------- C:\WINDOWS\Prefetch 2007-03-05 14:51:46 0 d-------- C:\WINDOWS\System32\xircom 2007-03-05 14:51:46 0 d-------- C:\Program Files\microsoft frontpage 2007-03-05 14:51:29 0 -rahs---- C:\MSDOS.SYS 2007-03-05 14:51:29 0 -rahs---- C:\IO.SYS 2007-03-05 14:51:29 0 --a------ C:\CONFIG.SYS 2007-03-05 14:51:29 0 --a------ C:\AUTOEXEC.BAT 2007-03-05 14:51:14 112128 --a------ C:\WINDOWS\System32\mapi32.dll 2007-03-05 14:50:02 0 dr------- C:\WINDOWS\Offline Web Pages 2007-03-05 14:50:02 0 d—s---- C:\WINDOWS\Downloaded Program Files 2007-03-05 14:49:32 0 d-------- C:\WINDOWS\srchasst 2007-03-05 14:49:25 0 d-------- C:\WINDOWS\System32\Macromed 2007-03-05 14:49:25 0 d-------- C:\WINDOWS\System32\DirectX 2007-03-05 14:49:15 17408 --a------ C:\WINDOWS\System32\qmgrprxy.dll 2007-03-05 14:49:15 179200 --a------ C:\WINDOWS\System32\qmgr.dll 2007-03-05 14:49:14 0 d-------- C:\Program Files\Movie Maker 2007-03-05 14:49:00 40960 --a------ C:\WINDOWS\System32\safrslv.dll 2007-03-05 14:49:00 26624 --a------ C:\WINDOWS\System32\safrdm.dll 2007-03-05 14:49:00 39424 --a------ C:\WINDOWS\System32\safrcdlg.dll 2007-03-05 14:49:00 33792 --a------ C:\WINDOWS\System32\racpldlg.dll 2007-03-05 14:48:59 11264 --a------ C:\WINDOWS\System32\atrace.dll 2007-03-05 14:48:50 0 d-------- C:\WINDOWS\System32\Restore 2007-03-05 14:48:49 155648 --a------ C:\WINDOWS\System32\srsvc.dll 2007-03-05 14:48:49 219136 --a------ C:\WINDOWS\System32\srrstr.dll 2007-03-05 14:48:49 61952 --a------ C:\WINDOWS\System32\srclient.dll 2007-03-05 14:48:49 70400 --a------ C:\WINDOWS\System32\drivers\sr.sys 2007-03-05 14:48:48 24576 --a------ C:\WINDOWS\System32\nmmkcert.dll 2007-03-05 14:48:48 12288 --a------ C:\WINDOWS\System32\nmevtmsg.dll 2007-03-05 14:48:48 65536 --a------ C:\WINDOWS\System32\msconf.dll 2007-03-05 14:48:48 32768 --a------ C:\WINDOWS\System32\mnmsrvc.exe 2007-03-05 14:48:48 32384 --a------ C:\WINDOWS\System32\mnmdd.dll 2007-03-05 14:48:48 28672 --a------ C:\WINDOWS\System32\isrdbg32.dll 2007-03-05 14:48:48 73728 --a------ C:\WINDOWS\System32\ils.dll 2007-03-05 14:48:44 90624 --a------ C:\WINDOWS\System32\msoert2.dll 2007-03-05 14:48:44 228864 --a------ C:\WINDOWS\System32\msoeacct.dll 2007-03-05 14:48:44 67584 --a------ C:\WINDOWS\System32\acctres.dll 2007-03-05 14:48:44 0 d-------- C:\WINDOWS\PCHEALTH 2007-03-05 14:48:42 49152 --a------ C:\WINDOWS\System32\inetres.dll 2007-03-05 14:48:42 593920 --a------ C:\WINDOWS\System32\inetcomm.dll 2007-03-05 14:48:39 0 d—s---- C:\WINDOWS\Tasks 2007-03-05 14:48:39 159744 --a------ C:\WINDOWS\System32\schedsvc.dll 2007-03-05 14:48:39 9728 --a------ C:\WINDOWS\System32\mstinit.exe 2007-03-05 14:48:38 253440 --a------ C:\WINDOWS\System32\mstask.dll 2007-03-05 14:48:38 81920 --a------ C:\WINDOWS\System32\isign32.dll 2007-03-05 14:48:38 270336 --a------ C:\WINDOWS\System32\inetcfg.dll 2007-03-05 14:48:38 61440 --a------ C:\WINDOWS\System32\icwphbk.dll 2007-03-05 14:48:38 69632 --a------ C:\WINDOWS\System32\icwdial.dll 2007-03-05 14:48:38 16384 --a------ C:\WINDOWS\System32\icfgnt5.dll 2007-03-05 14:48:36 0 d-------- C:\Program Files\Common Files\MSSoap 2007-03-05 14:48:25 0 --a------ C:\WINDOWS\System32\setup_76014.exe 2007-03-05 14:48:20 21856 --a------ C:\WINDOWS\System32\emptyregdb.dat 2007-03-05 14:47:58 0 d-------- C:\WINDOWS\Registration 2007-03-05 14:47:21 0 d-------- C:\Program Files\Usługi online 2007-03-05 14:47:14 0 d-------- C:\Program Files\Messenger 2007-03-05 14:47:05 0 d-------- C:\Program Files\MSN Gaming Zone 2007-03-05 14:47:04 5632 --a------ C:\WINDOWS\System32\write.exe 2007-03-05 14:46:57 183296 --a------ C:\WINDOWS\System32\accwiz.exe 2007-03-05 14:46:56 139264 --a------ C:\WINDOWS\System32\sndvol32.exe 2007-03-05 14:46:56 125440 --a------ C:\WINDOWS\System32\sndrec32.exe 2007-03-05 14:46:56 118272 --a------ C:\WINDOWS\System32\mplay32.exe 2007-03-05 14:46:56 494592 --a------ C:\WINDOWS\System32\hypertrm.dll 2007-03-05 14:46:56 44544 --a------ C:\WINDOWS\System32\hticons.dll 2007-03-05 14:46:56 73216 --a------ C:\WINDOWS\System32\avwav.dll 2007-03-05 14:46:55 35328 --a------ C:\WINDOWS\System32\winchat.exe 2007-03-05 14:46:55 231424 --a------ C:\WINDOWS\System32\avtapi.dll 2007-03-05 14:46:55 16384 --a------ C:\WINDOWS\System32\avmeter.dll 2007-03-05 14:46:55 0 d-------- C:\Program Files\Windows NT 2007-03-05 14:46:54 342016 --a------ C:\WINDOWS\System32\mspaint.exe 2007-03-05 14:46:50 99328 --a------ C:\WINDOWS\System32\clipbrd.exe 2007-03-05 14:46:49 605696 --a------ C:\WINDOWS\System32\getuname.dll 2007-03-05 14:46:48 534016 --a------ C:\WINDOWS\System32\spider.exe 2007-03-05 14:46:48 57344 --a------ C:\WINDOWS\System32\sol.exe 2007-03-05 14:46:48 80896 --a------ C:\WINDOWS\System32\charmap.exe 2007-03-05 14:46:48 115200 --a------ C:\WINDOWS\System32\calc.exe 2007-03-05 14:46:47 4096 --a------ C:\WINDOWS\System32\wuauserv.dll 2007-03-05 14:46:47 95744 --a------ C:\WINDOWS\System32\wuaueng.dll 2007-03-05 14:46:47 113664 --a------ C:\WINDOWS\System32\wuauclt.exe 2007-03-05 14:46:47 119808 --a------ C:\WINDOWS\System32\winmine.exe 2007-03-05 14:46:47 128000 --a------ C:\WINDOWS\System32\mshearts.exe 2007-03-05 14:46:47 55808 --a------ C:\WINDOWS\System32\freecell.exe 2007-03-05 14:46:47 20232 --a------ C:\WINDOWS\System32\drivers\tdtcp.sys 2007-03-05 14:46:46 89600 --a------ C:\WINDOWS\System32\tscfgwmi.dll 2007-03-05 14:46:46 131072 --a------ C:\WINDOWS\System32\sessmgr.exe 2007-03-05 14:46:46 9728 --a------ C:\WINDOWS\System32\reset.exe 2007-03-05 14:46:46 56832 --a------ C:\WINDOWS\System32\remotepg.dll 2007-03-05 14:46:46 61952 --a------ C:\WINDOWS\System32\rdshost.exe 2007-03-05 14:46:46 12288 --a------ C:\WINDOWS\System32\rdsaddin.exe 2007-03-05 14:46:46 503296 --a------ C:\WINDOWS\System32\mstscax.dll 2007-03-05 14:46:46 387072 --a------ C:\WINDOWS\System32\mstsc.exe 2007-03-05 14:46:46 11144 --a------ C:\WINDOWS\System32\drivers\tdpipe.sys 2007-03-05 14:46:46 107912 --a------ C:\WINDOWS\System32\drivers\rdpwd.sys 2007-03-05 14:46:45 1225 --a------ C:\WINDOWS\System32\usrlogon.cmd 2007-03-05 14:46:45 17920 --a------ C:\WINDOWS\System32\tsshutdn.exe 2007-03-05 14:46:45 16384 --a------ C:\WINDOWS\System32\tskill.exe 2007-03-05 14:46:45 15360 --a------ C:\WINDOWS\System32\tsdiscon.exe 2007-03-05 14:46:45 40448 --a------ C:\WINDOWS\System32\tscupgrd.exe 2007-03-05 14:46:45 15360 --a------ C:\WINDOWS\System32\tscon.exe 2007-03-05 14:46:45 198656 --a------ C:\WINDOWS\System32\termsrv.dll 2007-03-05 14:46:45 15360 --a------ C:\WINDOWS\System32\shadow.exe 2007-03-05 14:46:45 16384 --a------ C:\WINDOWS\System32\rwinsta.exe 2007-03-05 14:46:45 33792 --a------ C:\WINDOWS\System32\regini.exe 2007-03-05 14:46:45 73864 --a------ C:\WINDOWS\System32\rdpwsx.dll 2007-03-05 14:46:45 14848 --a------ C:\WINDOWS\System32\rdpsnd.dll 2007-03-05 14:46:45 41984 --a------ C:\WINDOWS\System32\rdpclip.exe 2007-03-05 14:46:45 4608 --a------ C:\WINDOWS\System32\rdpcfgex.dll 2007-03-05 14:46:45 134656 --a------ C:\WINDOWS\System32\rdchost.dll 2007-03-05 14:46:45 22528 --a------ C:\WINDOWS\System32\qwinsta.exe 2007-03-05 14:46:44 19456 --a------ C:\WINDOWS\System32\qprocess.exe 2007-03-05 14:46:44 17408 --a------ C:\WINDOWS\System32\qappsrv.exe 2007-03-05 14:46:44 83968 --a------ C:\WINDOWS\System32\mtxoci.dll 2007-03-05 14:46:44 22528 --a------ C:\WINDOWS\System32\msg.exe 2007-03-05 14:46:44 151040 --a------ C:\WINDOWS\System32\msdtcuiu.dll 2007-03-05 14:46:44 0 d-------- C:\WINDOWS\System32\MsDtc 2007-03-05 14:46:44 15872 --a------ C:\WINDOWS\System32\logoff.exe 2007-03-05 14:46:44 8704 --a------ C:\WINDOWS\System32\icaapi.dll 2007-03-05 14:46:44 32768 --a------ C:\WINDOWS\System32\cfgbkend.dll 2007-03-05 14:46:44 15872 --a------ C:\WINDOWS\System32\cdmodem.dll 2007-03-05 14:46:43 9728 --a------ C:\WINDOWS\System32\xolehlp.dll 2007-03-05 14:46:43 869376 --a------ C:\WINDOWS\System32\msdtctm.dll 2007-03-05 14:46:43 360960 --a------ C:\WINDOWS\System32\msdtcprx.dll 2007-03-05 14:46:43 54784 --a------ C:\WINDOWS\System32\msdtclog.dll 2007-03-05 14:46:43 6144 --a------ C:\WINDOWS\System32\msdtc.exe 2007-03-05 14:46:42 25088 --a------ C:\WINDOWS\System32\mtxlegih.dll 2007-03-05 14:46:42 4096 --a------ C:\WINDOWS\System32\mtxex.dll 2007-03-05 14:46:42 20480 --a------ C:\WINDOWS\System32\mtxdm.dll 2007-03-05 14:46:42 5120 --a------ C:\WINDOWS\System32\dcomcnfg.exe 2007-03-05 14:46:42 25600 --a------ C:\WINDOWS\System32\comaddin.dll 2007-03-05 14:46:42 0 d-------- C:\WINDOWS\System32\Com 2007-03-05 14:46:42 56832 --a------ C:\WINDOWS\System32\colbact.dll 2007-03-05 14:46:41 54272 --a------ C:\WINDOWS\System32\stclient.dll 2007-03-05 14:46:41 82432 --a------ C:\WINDOWS\System32\comrepl.dll 2007-03-05 14:46:41 100864 --a------ C:\WINDOWS\System32\clbcatex.dll 2007-03-05 14:46:41 583168 --a------ C:\WINDOWS\System32\catsrvut.dll 2007-03-05 14:46:41 85504 --a------ C:\WINDOWS\System32\catsrvps.dll 2007-03-05 14:46:41 215040 --a------ C:\WINDOWS\System32\catsrv.dll 2007-03-05 14:46:40 495616 --a------ C:\WINDOWS\System32\comuid.dll 2007-03-05 14:46:40 1139200 --a------ C:\WINDOWS\System32\comsvcs.dll 2007-03-05 14:46:40 147456 --a------ C:\WINDOWS\System32\comsnap.dll 2007-03-05 14:46:40 468480 --a------ C:\WINDOWS\System32\clbcatq.dll 2007-03-05 14:46:31 53248 --a------ C:\WINDOWS\System32\servdeps.dll 2007-03-05 14:46:31 16896 --a------ C:\WINDOWS\System32\mmfutil.dll 2007-03-05 14:46:31 57344 --a------ C:\WINDOWS\System32\licwmi.dll 2007-03-05 14:46:31 177152 --a------ C:\WINDOWS\System32\cmprops.dll 2007-03-05 14:46:27 37896 --a------ C:\WINDOWS\System32\drivers\termdd.sys 2007-03-05 14:46:27 181632 --a------ C:\WINDOWS\System32\drivers\rdpdr.sys 2007-03-05 14:38:42 57472 --a------ C:\WINDOWS\System32\drivers\sysaudio.sys 2007-03-05 14:38:40 5632 --a------ C:\WINDOWS\System32\drivers\splitter.sys 2007-03-05 14:38:39 54272 --a------ C:\WINDOWS\System32\drivers\swmidi.sys 2007-03-05 14:38:37 50048 --a------ C:\WINDOWS\System32\drivers\DMusic.sys 2007-03-05 14:38:33 122472 --a------ C:\WINDOWS\System32\drivers\aec.sys 2007-03-05 14:38:32 159232 --a------ C:\WINDOWS\System32\drivers\kmixer.sys 2007-03-05 14:38:30 79616 --a------ C:\WINDOWS\System32\drivers\wdmaud.sys 2007-03-05 14:38:28 2816 --a------ C:\WINDOWS\System32\drivers\drmkaud.sys 2007-03-05 14:38:23 3072 --a------ C:\WINDOWS\System32\drivers\audstub.sys 2007-03-05 14:37:42 24832 --a------ C:\WINDOWS\System32\drivers\usbprint.sys 2007-03-05 14:37:35 57088 --a------ C:\WINDOWS\System32\drivers\redbook.sys 2007-03-05 14:37:04 23070 --a------ C:\WINDOWS\System32\drivers\RTL8139.sys 2007-03-05 14:37:03 135040 --a------ C:\WINDOWS\System32\drivers\portcls.sys 2007-03-05 14:37:02 40704 --a------ C:\WINDOWS\System32\drivers\es1371mp.sys 2007-03-05 14:37:02 57344 --a------ C:\WINDOWS\System32\drivers\drmk.sys 2007-03-05 14:36:59 9728 --a------ C:\WINDOWS\System32\drivers\gameenum.sys 2007-03-05 14:36:37 70144 --a------ C:\WINDOWS\System32\usbui.dll 2007-03-05 14:35:16 0 d-------- C:\Program Files\Common Files\ODBC 2007-03-05 14:35:14 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-03-05 14:35:13 0 d-a------ C:\Program Files 2007-03-05 14:35:10 6144 -ra------ C:\WINDOWS\System32\kbdtuq.dll 2007-03-05 14:35:10 6144 -ra------ C:\WINDOWS\System32\kbdtuf.dll 2007-03-05 14:35:10 5632 -ra------ C:\WINDOWS\System32\kbdazel.dll 2007-03-05 14:35:09 5632 -ra------ C:\WINDOWS\System32\kbdmon.dll 2007-03-05 14:35:09 5632 -ra------ C:\WINDOWS\System32\kbdkyr.dll 2007-03-05 14:35:07 8192 -ra------ C:\WINDOWS\System32\kbdhept.dll 2007-03-05 14:35:07 6656 -ra------ C:\WINDOWS\System32\kbdhela3.dll 2007-03-05 14:35:07 6144 -ra------ C:\WINDOWS\System32\kbdhela2.dll 2007-03-05 14:35:07 5632 -ra------ C:\WINDOWS\System32\kbdhe319.dll 2007-03-05 14:35:07 5632 -ra------ C:\WINDOWS\System32\kbdhe220.dll 2007-03-05 14:35:07 5632 -ra------ C:\WINDOWS\System32\kbdhe.dll 2007-03-05 14:35:07 6144 -ra------ C:\WINDOWS\System32\kbdgkl.dll 2007-03-05 14:35:05 6144 -ra------ C:\WINDOWS\System32\kbdlv1.dll 2007-03-05 14:35:05 6144 -ra------ C:\WINDOWS\System32\kbdlv.dll 2007-03-05 14:35:05 5632 -ra------ C:\WINDOWS\System32\kbdlt1.dll 2007-03-05 14:35:05 5632 -ra------ C:\WINDOWS\System32\kbdlt.dll 2007-03-05 14:35:05 6144 -ra------ C:\WINDOWS\System32\kbdest.dll 2007-03-05 14:35:02 6656 --a------ C:\WINDOWS\System32\kbdycl.dll 2007-03-05 14:35:02 6656 --a------ C:\WINDOWS\System32\kbdsl1.dll 2007-03-05 14:35:02 6656 --a------ C:\WINDOWS\System32\kbdsl.dll 2007-03-05 14:35:02 5632 --a------ C:\WINDOWS\System32\kbdro.dll 2007-03-05 14:35:02 5632 --a------ C:\WINDOWS\System32\kbdhu1.dll 2007-03-05 14:35:02 6656 --a------ C:\WINDOWS\System32\kbdhu.dll 2007-03-05 14:35:02 6656 --a------ C:\WINDOWS\System32\kbdcz2.dll 2007-03-05 14:35:02 6656 --a------ C:\WINDOWS\System32\kbdcz1.dll 2007-03-05 14:35:02 7168 --a------ C:\WINDOWS\System32\kbdcz.dll 2007-03-05 14:35:02 6656 --a------ C:\WINDOWS\System32\kbdcr.dll 2007-03-05 14:35:02 6656 --a------ C:\WINDOWS\System32\KBDAL.DLL 2007-03-05 14:35:01 13312 --a------ C:\WINDOWS\System32\irclass.dll 2007-03-05 14:35:01 10496 --a------ C:\WINDOWS\System32\drivers\irenum.sys 2007-03-05 14:35:01 176157 --a------ C:\WINDOWS\System32\dgrpsetu.dll 2007-03-05 14:35:00 24661 --a------ C:\WINDOWS\System32\spxcoins.dll 2007-03-05 14:35:00 103424 --a------ C:\WINDOWS\System32\EqnClass.Dll 2007-03-05 14:35:00 85532 --a------ C:\WINDOWS\System32\dgsetup.dll 2007-03-05 14:35:00 6656 --a------ C:\WINDOWS\System32\batt.dll 2007-03-05 14:35:00 9168 --a------ C:\WINDOWS\system\VER.DLL 2007-03-05 14:34:59 19200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-03-05 14:34:59 5120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-03-05 14:34:59 24064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-03-05 14:34:59 83456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-03-05 14:34:59 127008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-03-05 14:34:59 69712 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-03-05 14:34:59 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-03-05 14:34:58 15360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-03-05 14:34:58 33376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-03-05 14:34:58 109488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-03-05 14:34:58 70096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-03-05 14:34:58 67072 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-03-05 14:34:57 71680 --a------ C:\WINDOWS\System32\storprop.dll 2007-03-05 14:34:33 0 d-------- C:\WINDOWS\System32\CatRoot2 2007-03-05 14:34:33 0 d-------- C:\WINDOWS\System32\CatRoot 2007-03-05 14:34:08 0 d-------- C:\Documents and Settings – Find3M Report --------------------------------------------------------------- 2007-03-24 17:28:27 0 d-------- C:\Documents and Settings\Szczepan\Dane aplikacji\Xfire 2007-03-23 23:24:50 0 d-------- C:\Documents and Settings\Szczepan\Dane aplikacji\Lavasoft 2007-03-23 23:24:33 0 d-------- C:\Documents and Settings\Szczepan\Dane aplikacji\Sammsoft 2007-03-23 18:37:00 0 d-------- C:\Documents and Settings\Szczepan\Dane aplikacji\teamspeak2 2007-03-23 11:48:41 0 d-------- C:\Documents and Settings\Szczepan\Dane aplikacji\Real 2007-03-16 22:30:04 0 d-------- C:\Documents and Settings\Szczepan\Dane aplikacji\ScanSoft 2007-03-10 19:32:29 0 d-------- C:\Documents and Settings\Szczepan\Dane aplikacji\Macromedia 2007-03-07 20:24:21 0 d-------- C:\Documents and Settings\Szczepan\Dane aplikacji\Media Player Classic 2007-03-07 16:46:29 2560 --a------ C:\WINDOWS\System32\BitCometRes.dll 2007-03-05 15:08:37 0 d—s---- C:\Documents and Settings\Szczepan\Dane aplikacji\Microsoft 2007-03-05 15:02:45 355486 --a------ C:\WINDOWS\System32\perfh015.dat 2007-03-05 15:02:45 49492 --a------ C:\WINDOWS\System32\perfc015.dat 2007-03-05 15:01:43 0 d-------- C:\Documents and Settings\Szczepan\Dane aplikacji\Opera 2007-03-05 14:56:29 0 d-------- C:\Documents and Settings\Szczepan\Dane aplikacji\Identities 2007-03-05 14:34:48 62 --ahs---- C:\Documents and Settings\Szczepan\Dane aplikacji\desktop.ini – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “WinampAgent”=“C:\Programy\Winamp\winampa.exe” “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “SoundService”=“rundll32.exe “C:\WINDOWS\System32\nonojglu.dll”,setvm” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of ComboScan: finished at 2007-03-24 at 17:37:48 ------------------------
adam9870
(adam9870)
24 Marzec 2007 16:36
#7
Ściągasz program KillBox , zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:
C:\WINDOWS\System32\nonojglu.dll
Klikasz X czerwony i restart kompa.
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Po wykonaniu wklej nowe logi, w tym koniecznie z comboscana.
adam9870
(adam9870)
24 Marzec 2007 20:32
#9
Pobierz The avenger . Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w lupkę => w okienku, które się otworzy wklej:
=> Kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).
Po resecie może pojawić się okienko na dosłownie kilka sekund oraz log w notatniku. Wejdź tam gdzie masz avengera i skasuj plik backup.zip czyli np. c:\avenger\backup.zip.
Przeskanuj:
http://www.kaspersky.pl/virusscanner.html
http://www.ewido.net/en/
Gutek
(Gutek)
24 Marzec 2007 22:12
#10
Szczepi jesteś o coś porszony, więc zrób to!