Problem Ze Spyware

olek96 · 29 Styczeń 2007 12:21

Witam was Serdecznie .Wczoraj był u mnie sąsiad.Zostawiłem go na chwilę na komputerze no i zaczał wchodzić po jakis tam stronach pornograficznych.Teraz mam problem ze spyware.Użyłem narzedzia smitfraudfix czy jak to sie tam nazywa nie pomogło,używałem spybot search and detroy i również zawiodło,to samo z avg antyspyware.Do wyjatków zapory zostały dodane jakies game i cos tampoczym przestala działac,zostało równiez dodane nowe połaczenie sieciowe typu:0.000212.Centrum Zabezpieczeń również nie działa.Teraz komputer chodzi bardzo wolno,Uruchamia się 5 minut.Czy moglibyście mi sprawdzic logi? i ewentualnie jakieś porady?:

Hijackthis:

Logfile of HijackThis v1.99.1 Scan saved at 13:18:59, on 2007-01-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\PROMon.exe C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\NMSSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\lol\Pulpit\Programy\hijackthis\HijackThis.exe C:\WINDOWS\system32\msiexec.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [PROMon.exe] PROMon.exe O4 - HKLM…\Run: [JeticoPFStartup] “C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

SilentRunners:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “PROMon.exe” = “PROMon.exe” [“Intel Corporation”] “JeticoPFStartup” = ““C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe”” [“Jetico, Inc.”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{8BE13461-936F-11D1-A87D-444553540000}” = “Eraser Shell Extension” -> {HKLM…CLSID} = “Eraser Shell Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\erasext.dll” ["-"] “{B7056B8E-4F99-44f8-8CBD-282390FE5428}” = “VirtualCloneDrive” -> {HKLM…CLSID} = “VirtualCloneDrive Shell Extension” \InProcServer32(Default) = “C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll” [“Elaborate Bytes AG”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” -> {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Erasext(Default) = “{8BE13461-936F-11D1-A87D-444553540000}” -> {HKLM…CLSID} = “Eraser Shell Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\erasext.dll” ["-"] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Erasext(Default) = “{8BE13461-936F-11D1-A87D-444553540000}” -> {HKLM…CLSID} = “Eraser Shell Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\erasext.dll” ["-"] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Enabled Scheduled Tasks: ------------------------ “At1” -> launches: “C:\DOCUME~1\lol\Pulpit\Look2Me-Destroyer.exe /task” [file not found] “B6A924F0918ACD44” -> launches: “c:\docume~1\lol\daneap~1\bataxi~1\Style Grid Amen.exe” [null data] “User_Feed_Synchronization-{6F939901-9CAC-45FD-B242-CE768541432D}” -> launches: “C:\WINDOWS\system32\msfeedssync.exe sync” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{F2CF5485-4E02-4F68-819C-B92DE9277049}” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “NavigationFailure” = “res://shdoclc.dll/navcancl.htm” [MS] <> “DesktopItemNavigationFailure” = “res://shdoclc.dll/navcancl.htm” [MS] <> “NavigationCanceled” = “res://shdoclc.dll/navcancl.htm” [MS] <> “OfflineInformation” = “res://shdoclc.dll/offcancl.htm” [MS] <> “PostNotCached” = “res://mshtml.dll/repost.htm” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] Intel® NMS, NMSSvc, “C:\WINDOWS\system32\NMSSvc.exe” [“Intel Corporation”] Karta wydajności WMI, WmiApSrv, “C:\WINDOWS\system32\wbem\wmiapsrv.exe” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 47 seconds. ---------- (total run time: 98 seconds)

Skanowanie antywirusowe juz zrobilem i usuneło jakies 2 wirusy.Sorry za chaotyczny styl pisania .Z gory dzieki za pomoc.

adam9870 · 29 Styczeń 2007 12:29

Logi są czyste.

Może być seria losowych plików game*** dlatego proszę pokazać log z ComboFix’a. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

Jaki masz problem z centrum zabezpieczeń - co pojawia się podczas wchodzenia do niego? Zajrzyj tutaj:

http://forum.strefabezpieczenstwa.pl/viewtopic.php?t=34

olek96 · 29 Styczeń 2007 12:37

Log z combofixa:

“lol” - 07-01-29 13:35:31 Dodatek Service Pack 2 ComboFix 07-01-25 - Running from: “C:\Documents and Settings\lol\Pulpit” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\1.txt C:\WINDOWS\system32\2.txt C:\WINDOWS\system32\vxg3am1et3.exe C:\WINDOWS\system32\vxg4am1et2.exe C:\WINDOWS\system32\vxga1me4t1.exe C:\WINDOWS\system32\vxga4m1et4.exe C:\DOCUME~1\lol\Dane aplikacji\Install.dat C:\WINDOWS\hosts ((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 )))))))))))))))))))))))))))))))))) 2007-01-29 12:37 2007-01-29 12:34 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-01-29 12:34 8,234 --a------ C:\clean.bat 2007-01-29 12:34 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-01-29 12:34 38,400 --a------ C:\WINDOWS\system32\moveex.exe 2007-01-29 00:03 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-01-29 00:03 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-29 00:03 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-01-29 00:03 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-29 00:03 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-01-29 00:03 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-01-29 00:03 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-01-29 00:03 2007-01-28 23:48 2007-01-28 23:30 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:14 2007-01-28 22:49 2007-01-28 22:49 2007-01-28 22:09 2007-01-28 20:41 684,032 --a------ C:\WINDOWS\system32\libeay32.dll 2007-01-28 20:41 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-01-28 20:41 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-01-28 20:21 2007-01-28 20:21 2007-01-28 20:18 2007-01-28 20:04 2007-01-28 20:04 2007-01-28 16:55 2007-01-28 16:54 35,781 --a------ C:\WINDOWS\system32\LX6wflL.exe 2007-01-28 15:12 2007-01-28 15:12 2007-01-28 15:04 6,085 --a------ C:\WINDOWS\system32\lnwin.exe 2007-01-28 15:04 35,781 --a------ C:\WINDOWS\system32\Ucvt4h3.exe 2007-01-28 15:02 35,781 --a------ C:\WINDOWS\system32\qIUwa0A.exe 2007-01-28 14:13 2007-01-28 14:06 2007-01-28 13:37 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-01-28 13:36 2007-01-28 11:14 2007-01-28 00:42 2007-01-28 00:41 32,768 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll 2007-01-28 00:41 2,605,056 --a------ C:\WINDOWS\system32\BCGCBPRO800u.dll 2007-01-28 00:41 2,600,960 --a------ C:\WINDOWS\system32\BCGCBPRO800.dll 2007-01-28 00:41 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll 2007-01-28 00:41 2007-01-28 00:41 2007-01-27 19:37 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys 2007-01-27 18:55 2007-01-27 18:55 2007-01-27 18:55 2007-01-27 18:55 2007-01-27 16:17 2007-01-26 18:15 907,584 --a------ C:\WINDOWS\system32\drivers\HCF_MSFT.sys 2007-01-23 15:35 2007-01-21 19:50 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-01-21 14:33 2007-01-21 14:27 2007-01-20 16:47 2007-01-18 23:23 2007-01-18 23:21 2007-01-18 23:21 2007-01-18 23:08 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-01-18 23:07 2007-01-18 23:07 2007-01-18 19:49 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-01-18 19:47 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-01-18 19:47 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-01-18 19:47 27,648 --a------ C:\WINDOWS\system32\irmon.dll 2007-01-18 19:47 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-01-18 19:47 153,088 --a------ C:\WINDOWS\system32\irftp.exe 2007-01-18 19:46 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys 2007-01-16 20:49 2007-01-16 20:20 2007-01-16 18:42 23,552 --a------ C:\WINDOWS\system32\normaliz.dll 2007-01-16 18:42 23,552 --a------ C:\WINDOWS\normaliz.dll 2007-01-16 16:15 2007-01-16 14:21 2007-01-16 12:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-01-16 12:27 2007-01-16 11:45 2007-01-16 00:59 2007-01-16 00:27 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-01-16 00:27 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-01-16 00:27 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-01-16 00:27 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-01-16 00:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-01-16 00:27 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-01-16 00:03 322 --a------ C:\WINDOWS\system32\tmp.reg 2007-01-15 23:57 2007-01-15 23:25 2007-01-15 11:17 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys 2007-01-15 11:16 8,704 --a------ C:\WINDOWS\system32\drivers\Dot4scan.sys 2007-01-15 11:16 324,608 --a------ C:\WINDOWS\system32\hpojwia.dll 2007-01-15 11:16 23,936 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys 2007-01-15 11:16 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys 2007-01-14 14:03 2007-01-14 14:01 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-01-14 14:01 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-01-14 12:31 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-01-14 11:46 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-01-14 11:45 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-01-14 11:45 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-01-13 22:55 2007-01-13 22:44 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-01-13 21:49 2007-01-13 21:45 2007-01-13 16:05 2007-01-13 15:23 618,496 --a------ C:\WINDOWS\system32\Eraser.dll 2007-01-13 15:23 286,720 --a------ C:\WINDOWS\system32\erasext.dll 2007-01-13 15:23 241,664 --a------ C:\WINDOWS\system32\eraserl.exe 2007-01-13 15:20 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-01-13 15:20 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-01-13 15:20 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-01-13 15:20 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-01-13 15:20 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-01-13 15:17 2007-01-13 14:56 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-01-13 14:41 2007-01-13 14:41 2007-01-13 14:39 2007-01-13 14:38 121,856 --------- C:\WINDOWS\system32\xmllite.dll 2007-01-13 14:37 2007-01-13 14:31 2007-01-13 14:18 71,952 -ra------ C:\WINDOWS\system32\drivers\iansw2k.sys 2007-01-13 14:17 947,884 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-01-13 14:17 53,248 -ra------ C:\WINDOWS\system32\Prounstl.exe 2007-01-13 14:17 46,592 --a------ C:\WINDOWS\SOUNDMAN.EXE 2007-01-13 14:17 23,040 -ra------ C:\WINDOWS\system32\IntelNic.dll 2007-01-13 14:17 208,896 --------- C:\WINDOWS\alcupd.exe 2007-01-13 14:17 139,776 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys 2007-01-13 14:17 131,072 --------- C:\WINDOWS\alcrmv.exe 2007-01-13 13:22 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-01-13 13:22 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-01-13 13:22 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-01-13 13:22 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-01-13 13:22 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-01-13 13:22 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-01-13 13:22 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-01-13 13:22 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-01-13 13:22 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-01-13 13:22 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-01-13 13:22 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-01-13 13:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-01-13 13:21 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-01-13 13:21 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-01-13 13:21 282,624 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-01-13 13:21 258,048 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-01-13 13:21 2,693,280 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-01-13 13:21 1,540,608 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-01-13 13:21 1,408,000 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-01-13 13:20 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-01-13 13:20 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-01-13 13:20 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys 2007-01-13 13:20 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS 2007-01-13 13:20 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-01-13 13:20 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys 2007-01-13 13:20 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-01-13 13:20 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-01-13 13:19 18,200 --a------ C:\WINDOWS\system32\wups2.dll 2007-01-13 13:18 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-01-13 13:18 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-01-13 13:18 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-01-13 13:18 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-01-13 13:18 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-01-13 13:18 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-01-13 13:18 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-01-13 13:18 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-01-13 13:18 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-01-13 13:18 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-01-13 13:18 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-01-13 13:18 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-01-13 13:18 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-01-13 13:18 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-01-13 13:18 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-01-13 13:18 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-01-13 13:18 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-01-13 13:18 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-01-13 13:18 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-01-13 13:18 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-01-13 13:18 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-01-13 13:18 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-01-13 13:18 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-01-13 13:18 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-01-13 13:18 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-01-13 13:17 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:15 28,672 --------- C:\WINDOWS\system32\verclsid.exe 2007-01-13 13:15 2007-01-13 13:15 2007-01-13 12:57 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-01-13 12:49 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:41 2007-01-13 12:41 2007-01-13 12:41 2007-01-13 12:37 2007-01-13 12:37 2007-01-13 12:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-01-13 12:30 2007-01-13 12:29 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2007-01-13 12:29 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-01-13 12:29 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-01-13 12:29 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-01-13 12:29 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-01-13 12:29 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-01-13 12:29 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-01-13 12:29 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-01-13 12:29 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-01-13 12:29 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-01-13 12:29 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-01-13 12:29 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-01-13 12:29 49,664 --a------ C:\WINDOWS\system32\inetres.dll 2007-01-13 12:29 466,200 --a------ C:\WINDOWS\system32\wuapi.dll 2007-01-13 12:29 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-01-13 12:29 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-01-13 12:29 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-01-13 12:29 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-01-13 12:29 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-01-13 12:29 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-01-13 12:29 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-01-13 12:29 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-01-13 12:29 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-01-13 12:29 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-01-13 12:29 278,528 --a------ C:\WINDOWS\system32\mstask.dll 2007-01-13 12:29 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-01-13 12:29 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-01-13 12:29 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-01-13 12:29 23,040 --a------ C:\WINDOWS\system32\fltmc.exe 2007-01-13 12:29 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-01-13 12:29 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-01-13 12:29 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-01-13 12:29 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-01-13 12:29 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-01-13 12:29 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2007-01-13 12:29 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-01-13 12:29 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-01-13 12:29 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2007-01-13 12:29 128,280 --a------ C:\WINDOWS\system32\wucltui.dll 2007-01-13 12:29 125,208 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-01-13 12:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-01-13 12:29 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-01-13 12:29 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-01-13 12:29 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-01-13 12:29 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-01-13 12:27 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-01-13 12:27 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-01-13 12:27 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-01-13 12:27 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-01-13 12:27 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-01-13 12:27 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-01-13 12:27 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-01-13 12:27 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-01-13 12:27 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-01-13 12:27 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-01-13 12:27 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-01-13 12:27 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-01-13 12:27 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-01-13 12:27 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-01-13 12:27 60,928 --a------ C:\WINDOWS\system32\remotepg.dll 2007-01-13 12:27 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2007-01-13 12:27 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-01-13 12:27 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-01-13 12:27 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-01-13 12:27 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-01-13 12:27 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-01-13 12:27 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-01-13 12:27 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-01-13 12:27 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-01-13 12:27 539,136 --a------ C:\WINDOWS\system32\spider.exe 2007-01-13 12:27 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-01-13 12:27 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-01-13 12:27 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-01-13 12:27 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-01-13 12:27 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-01-13 12:27 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-01-13 12:27 408,576 --a------ C:\WINDOWS\system32\mstsc.exe 2007-01-13 12:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-01-13 12:27 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-01-13 12:27 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-01-13 12:27 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-01-13 12:27 351,744 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-01-13 12:27 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-01-13 12:27 345,088 --a------ C:\WINDOWS\system32\mspaint.exe 2007-01-13 12:27 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-01-13 12:27 296,448 --a------ C:\WINDOWS\system32\termsrv.dll 2007-01-13 12:27 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-01-13 12:27 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-01-13 12:27 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-01-13 12:27 225,792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-01-13 12:27 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-01-13 12:27 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-01-13 12:27 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-01-13 12:27 20,992 --a------ C:\WINDOWS\system32\qprocess.exe 2007-01-13 12:27 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-01-13 12:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-01-13 12:27 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-01-13 12:27 187,904 --a------ C:\WINDOWS\system32\cmprops.dll 2007-01-13 12:27 187,904 --a------ C:\WINDOWS\system32\accwiz.exe 2007-01-13 12:27 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-01-13 12:27 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-01-13 12:27 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-01-13 12:27 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-01-13 12:27 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-01-13 12:27 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-01-13 12:27 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-01-13 12:27 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-01-13 12:27 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-01-13 12:27 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-01-13 12:27 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-01-13 12:27 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-01-13 12:27 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-01-13 12:27 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-01-13 12:27 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-01-13 12:27 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-01-13 12:27 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-01-13 12:27 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-01-13 12:27 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-01-13 12:27 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-01-13 12:27 124,928 --a------ C:\WINDOWS\system32\mplay32.exe 2007-01-13 12:27 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-01-13 12:27 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-01-13 12:27 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-01-13 12:27 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-01-13 12:27 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-01-13 12:27 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-01-13 12:27 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-01-13 12:27 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-01-13 12:27 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-01-13 10:27 2007-01-13 10:25 2007-01-13 01:56 2007-01-11 21:54 2007-01-11 21:51 2007-01-11 18:27 2007-01-11 18:21 2007-01-11 17:34 81,920 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2007-01-11 16:53 2007-01-11 16:04 2007-01-06 16:42 2007-01-06 16:39 2007-01-06 13:30 2007-01-05 21:13 2007-01-03 14:17 2007-01-01 17:36 2006-12-30 22:29 2006-12-30 20:19 2006-12-30 19:46 2006-12-30 18:43 2006-12-30 15:59 2006-12-30 15:57 2006-12-30 11:20 2006-12-30 11:20 2006-12-29 23:33 2006-12-29 23:33 2006-12-29 11:20 2006-12-29 10:40 2006-12-29 10:09 2006-12-29 09:37 2006-12-29 08:54 2006-12-29 08:51 2006-12-29 08:51 2006-12-29 08:51 2006-12-29 08:48 2006-12-29 08:48 2006-12-29 08:29 2006-12-29 08:29 2006-12-29 08:27 2006-12-29 08:24 2006-12-29 08:22 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:17 2006-12-29 08:17 2006-12-29 08:17 2006-12-29 08:17 2006-12-29 08:17 2006-12-29 08:14 2006-12-29 08:14 2006-12-29 08:12 2006-12-29 08:12 2006-12-29 08:12 2006-12-29 08:12 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:10 2006-12-29 08:10 2006-12-29 08:10 2006-12-29 08:10 2006-12-29 08:09 2006-12-29 08:09 2006-12-29 08:09 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-28 20:18 -------- d—s---- C:\DOCUME~1\lol\Dane aplikacji\microsoft 2007-01-15 23:44 14336 --a------ C:\WINDOWS\system32\svchost.exe 2007-01-13 15:17 -------- d-------- C:\Program Files\utorrent 2007-01-13 15:09 -------- d-------- C:\DOCUME~1\lol\Dane aplikacji\macromedia 2007-01-13 13:17 62 --ahs---- C:\DOCUME~1\lol\Dane aplikacji\desktop.ini 2007-01-13 12:42 -------- d-------- C:\DOCUME~1\lol\Dane aplikacji\identities 2006-12-29 08:12 -------- d-------- C:\Program Files\usugi online 2006-12-28 23:05 -------- d-------- C:\Program Files\Common Files\speechengines 2006-12-28 23:05 -------- d-------- C:\Program Files\Common Files\odbc 2006-12-28 18:28 -------- d-------- C:\Program Files\jowood 2006-12-28 14:00 -------- d-------- C:\Program Files\silent hill 2006-12-27 20:16 -------- d-------- C:\Program Files\alcohol soft 2006-12-27 19:53 0 -rahs---- C:\MSDOS.SYS 2006-12-27 19:53 0 -rahs---- C:\IO.SYS 2006-12-27 19:53 0 --a------ C:\CONFIG.SYS 2006-12-27 19:53 0 --a------ C:\AUTOEXEC.BAT 2006-12-14 00:41 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys 2006-12-14 00:41 11984 --a------ C:\WINDOWS\system32\drivers\ElbyDelay.sys 2006-12-13 13:25 69952 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe 2006-12-13 13:24 715048 --a------ C:\WINDOWS\system32\skaneronline.dll 2006-12-01 12:01 8277504 --a------ C:\WINDOWS\system32\wmploc.dll 2006-12-01 11:46 99840 --a------ C:\WINDOWS\system32\wmpshell.dll 2006-12-01 11:45 258560 --a------ C:\WINDOWS\system32\wmerror.dll 2006-12-01 11:42 7168 --a------ C:\WINDOWS\system32\asferror.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-02 11:52 42496 --------- C:\WINDOWS\system32\wpdshextres.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “PROMon.exe”=“PROMon.exe” “JeticoPFStartup”="“C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe”" “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“SpySweeperUI” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“swdoctor” “hkey”=“HKCU” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “UPnPMonitor”="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\B6A924F0918ACD44.job C:\WINDOWS\tasks\User_Feed_Synchronization-{6F939901-9CAC-45FD-B242-CE768541432D}.job Completion time: 07-01-29 13:38:05

Komunikat z Centrum Zabezpieczen:

http://www.fotosik.pl/pokaz_obrazek/fb0 … a333d.html

adambak1 · 29 Styczeń 2007 13:27

a tak w sprawie sąsiada daj mu opiernicz i go nie wpuszczaj

adam9870 · 29 Styczeń 2007 14:07

Start => Uruchom => wpisz services.msc => uruchom i włącz usługę Centrum zabezpieczeń.

Usuń foldery ręcznie będąc w trybie awaryjnym.

Dodatkowo puść w ruch NoLop i pokaż raport -> C:\NoLop.log

Proszę przeskanować pliki:

na stronie http://virusscan.jotti.org/ lub http://www.virustotal.com/vt/ a te, które okażą się szkodnikami usunąć ręcznie będąc w trybie awaryjnym.

Zwykła wersja programu BearShare posiada w sobie syf dlatego proponuję go usunąć. A jeśli koniecznie chcesz z niego korzystać to zainstaluj wersję Lite, która jest pozbawiona syfu.

Po wykonaniu możesz wkleić nowy log z ComboFix.

olek96 · 29 Styczeń 2007 18:28

1.W services.msc nie ma usługi Centrum Zabezpieczeń.Wiem że to dziwne ale nie ma :o :o .Dodatek Service Pack 2 jest wgrany.

2.Usunełem te foldery:

3.Log z NoLop:

4.Wszystkie te pliki okazały sie wirusami:

5.Problem z wolnym uruchamianiem dalej występuje.Przeczyściłem rejestr ,usunełem niepotrzebne pliki,zdefgragmentowałem dysk i rejestr,wyłczyłem niepotrzebne pliki w autostarcie,wyłączyłem nie potrzebne usługi. :-o

Gutek · 29 Styczeń 2007 18:58

Daj nowe logi

olek96 · 29 Styczeń 2007 20:29

Proszę oto nowe logi:

Hijackthis:

Logfile of HijackThis v1.99.1 Scan saved at 21:28:02, on 2007-01-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\PROMon.exe C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\NMSSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\lol\Pulpit\Programy\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [PROMon.exe] PROMon.exe O4 - HKLM…\Run: [JeticoPFStartup] “C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

Silentrunners:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “PROMon.exe” = “PROMon.exe” [“Intel Corporation”] “JeticoPFStartup” = ““C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe”” [“Jetico, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{8BE13461-936F-11D1-A87D-444553540000}” = “Eraser Shell Extension” -> {HKLM…CLSID} = “Eraser Shell Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\erasext.dll” ["-"] “{B7056B8E-4F99-44f8-8CBD-282390FE5428}” = “VirtualCloneDrive” -> {HKLM…CLSID} = “VirtualCloneDrive Shell Extension” \InProcServer32(Default) = “C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll” [“Elaborate Bytes AG”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” -> {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Erasext(Default) = “{8BE13461-936F-11D1-A87D-444553540000}” -> {HKLM…CLSID} = “Eraser Shell Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\erasext.dll” ["-"] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Erasext(Default) = “{8BE13461-936F-11D1-A87D-444553540000}” -> {HKLM…CLSID} = “Eraser Shell Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\erasext.dll” ["-"] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “LinkResolveIgnoreLinkInfo” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoResolveSearch” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Enabled Scheduled Tasks: ------------------------ “At1” -> launches: “C:\DOCUME~1\lol\Pulpit\Look2Me-Destroyer.exe /task” [file not found] “User_Feed_Synchronization-{6F939901-9CAC-45FD-B242-CE768541432D}” -> launches: “C:\WINDOWS\system32\msfeedssync.exe sync” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{F2CF5485-4E02-4F68-819C-B92DE9277049}” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “NavigationFailure” = “res://shdoclc.dll/navcancl.htm” [MS] <> “DesktopItemNavigationFailure” = “res://shdoclc.dll/navcancl.htm” [MS] <> “NavigationCanceled” = “res://shdoclc.dll/navcancl.htm” [MS] <> “OfflineInformation” = “res://shdoclc.dll/offcancl.htm” [MS] <> “PostNotCached” = “res://mshtml.dll/repost.htm” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] Diskeeper, Diskeeper, ““C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe”” [“Diskeeper Corporation”] Intel® NMS, NMSSvc, “C:\WINDOWS\system32\NMSSvc.exe” [“Intel Corporation”] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 47 seconds. ---------- (total run time: 90 seconds)

Combofix:

“lol” - 07-01-29 21:25:06 Dodatek Service Pack 2 ComboFix 07-01-25 - Running from: “C:\Documents and Settings\lol\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 )))))))))))))))))))))))))))))))))) 2007-01-29 18:57 2007-01-29 18:57 2007-01-29 18:57 2007-01-29 15:40 2007-01-29 12:34 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-01-29 12:34 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-01-29 12:34 38,400 --a------ C:\WINDOWS\system32\moveex.exe 2007-01-29 00:03 2007-01-28 23:30 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 23:21 2007-01-28 22:49 2007-01-28 22:09 2007-01-28 20:41 684,032 --a------ C:\WINDOWS\system32\libeay32.dll 2007-01-28 20:41 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-01-28 20:41 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-01-28 20:21 2007-01-28 20:21 2007-01-28 20:18 2007-01-28 14:13 2007-01-28 13:37 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-01-28 13:36 2007-01-28 11:14 2007-01-28 00:42 2007-01-28 00:41 32,768 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll 2007-01-28 00:41 2,605,056 --a------ C:\WINDOWS\system32\BCGCBPRO800u.dll 2007-01-28 00:41 2,600,960 --a------ C:\WINDOWS\system32\BCGCBPRO800.dll 2007-01-28 00:41 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll 2007-01-28 00:41 2007-01-28 00:41 2007-01-27 18:55 2007-01-27 18:55 2007-01-27 18:55 2007-01-27 18:55 2007-01-27 16:17 2007-01-26 18:15 907,584 --a------ C:\WINDOWS\system32\drivers\HCF_MSFT.sys 2007-01-23 15:35 2007-01-21 19:50 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-01-21 14:33 2007-01-21 14:27 2007-01-20 16:47 2007-01-18 23:23 2007-01-18 23:21 2007-01-18 23:21 2007-01-18 23:08 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-01-18 23:07 2007-01-18 23:07 2007-01-18 19:49 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-01-18 19:47 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-01-18 19:47 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-01-18 19:47 27,648 --a------ C:\WINDOWS\system32\irmon.dll 2007-01-18 19:47 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-01-18 19:47 153,088 --a------ C:\WINDOWS\system32\irftp.exe 2007-01-18 19:46 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys 2007-01-16 20:49 2007-01-16 18:42 23,552 --a------ C:\WINDOWS\system32\normaliz.dll 2007-01-16 18:42 23,552 --a------ C:\WINDOWS\normaliz.dll 2007-01-16 16:15 2007-01-16 14:21 2007-01-16 12:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-01-16 12:27 2007-01-16 11:45 2007-01-16 00:59 2007-01-16 00:27 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-01-16 00:27 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-01-16 00:27 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-01-16 00:27 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-01-16 00:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-01-16 00:27 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-01-16 00:03 322 --a------ C:\WINDOWS\system32\tmp.reg 2007-01-15 23:57 2007-01-15 23:25 2007-01-15 11:17 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys 2007-01-15 11:16 8,704 --a------ C:\WINDOWS\system32\drivers\Dot4scan.sys 2007-01-15 11:16 324,608 --a------ C:\WINDOWS\system32\hpojwia.dll 2007-01-15 11:16 23,936 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys 2007-01-15 11:16 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys 2007-01-14 14:03 2007-01-14 14:01 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-01-14 14:01 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-01-14 12:31 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-01-14 11:46 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-01-14 11:45 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-01-14 11:45 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-01-13 22:55 2007-01-13 22:44 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-01-13 21:49 2007-01-13 21:45 2007-01-13 16:05 2007-01-13 15:23 618,496 --a------ C:\WINDOWS\system32\Eraser.dll 2007-01-13 15:23 286,720 --a------ C:\WINDOWS\system32\erasext.dll 2007-01-13 15:23 241,664 --a------ C:\WINDOWS\system32\eraserl.exe 2007-01-13 15:20 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-01-13 15:20 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-01-13 15:20 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-01-13 15:20 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-01-13 15:20 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-01-13 15:17 2007-01-13 14:56 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-01-13 14:41 2007-01-13 14:41 2007-01-13 14:39 2007-01-13 14:38 121,856 --------- C:\WINDOWS\system32\xmllite.dll 2007-01-13 14:37 2007-01-13 14:31 2007-01-13 14:18 71,952 -ra------ C:\WINDOWS\system32\drivers\iansw2k.sys 2007-01-13 14:17 947,884 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-01-13 14:17 53,248 -ra------ C:\WINDOWS\system32\Prounstl.exe 2007-01-13 14:17 46,592 --a------ C:\WINDOWS\SOUNDMAN.EXE 2007-01-13 14:17 23,040 -ra------ C:\WINDOWS\system32\IntelNic.dll 2007-01-13 14:17 208,896 --------- C:\WINDOWS\alcupd.exe 2007-01-13 14:17 139,776 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys 2007-01-13 14:17 131,072 --------- C:\WINDOWS\alcrmv.exe 2007-01-13 13:22 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-01-13 13:22 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-01-13 13:22 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-01-13 13:22 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-01-13 13:22 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-01-13 13:22 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-01-13 13:22 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-01-13 13:22 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-01-13 13:22 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-01-13 13:22 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-01-13 13:22 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-01-13 13:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-01-13 13:21 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-01-13 13:21 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-01-13 13:21 282,624 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-01-13 13:21 258,048 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-01-13 13:21 2,693,280 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-01-13 13:21 1,540,608 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-01-13 13:21 1,408,000 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-01-13 13:20 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-01-13 13:20 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-01-13 13:20 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys 2007-01-13 13:20 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS 2007-01-13 13:20 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-01-13 13:20 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys 2007-01-13 13:20 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-01-13 13:20 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-01-13 13:19 18,200 --a------ C:\WINDOWS\system32\wups2.dll 2007-01-13 13:18 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-01-13 13:18 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-01-13 13:18 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-01-13 13:18 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-01-13 13:18 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-01-13 13:18 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-01-13 13:18 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-01-13 13:18 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-01-13 13:18 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-01-13 13:18 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-01-13 13:18 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-01-13 13:18 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-01-13 13:18 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-01-13 13:18 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-01-13 13:18 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-01-13 13:18 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-01-13 13:18 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-01-13 13:18 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-01-13 13:18 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-01-13 13:18 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-01-13 13:18 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-01-13 13:18 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-01-13 13:18 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-01-13 13:18 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-01-13 13:18 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-01-13 13:18 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-01-13 13:18 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-01-13 13:18 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-01-13 13:17 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:17 2007-01-13 13:15 28,672 --------- C:\WINDOWS\system32\verclsid.exe 2007-01-13 13:15 2007-01-13 13:15 2007-01-13 12:57 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-01-13 12:49 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:42 2007-01-13 12:41 2007-01-13 12:41 2007-01-13 12:41 2007-01-13 12:37 2007-01-13 12:37 2007-01-13 12:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-01-13 12:30 2007-01-13 12:29 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2007-01-13 12:29 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-01-13 12:29 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-01-13 12:29 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-01-13 12:29 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-01-13 12:29 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-01-13 12:29 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-01-13 12:29 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-01-13 12:29 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-01-13 12:29 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-01-13 12:29 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-01-13 12:29 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-01-13 12:29 49,664 --a------ C:\WINDOWS\system32\inetres.dll 2007-01-13 12:29 466,200 --a------ C:\WINDOWS\system32\wuapi.dll 2007-01-13 12:29 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-01-13 12:29 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-01-13 12:29 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-01-13 12:29 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-01-13 12:29 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-01-13 12:29 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-01-13 12:29 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-01-13 12:29 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-01-13 12:29 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-01-13 12:29 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-01-13 12:29 278,528 --a------ C:\WINDOWS\system32\mstask.dll 2007-01-13 12:29 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-01-13 12:29 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-01-13 12:29 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-01-13 12:29 23,040 --a------ C:\WINDOWS\system32\fltmc.exe 2007-01-13 12:29 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-01-13 12:29 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-01-13 12:29 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-01-13 12:29 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-01-13 12:29 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-01-13 12:29 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2007-01-13 12:29 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-01-13 12:29 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-01-13 12:29 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2007-01-13 12:29 128,280 --a------ C:\WINDOWS\system32\wucltui.dll 2007-01-13 12:29 125,208 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-01-13 12:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-01-13 12:29 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-01-13 12:29 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-01-13 12:29 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-01-13 12:29 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-01-13 12:27 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-01-13 12:27 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-01-13 12:27 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-01-13 12:27 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-01-13 12:27 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-01-13 12:27 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-01-13 12:27 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-01-13 12:27 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-01-13 12:27 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-01-13 12:27 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-01-13 12:27 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-01-13 12:27 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-01-13 12:27 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-01-13 12:27 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-01-13 12:27 60,928 --a------ C:\WINDOWS\system32\remotepg.dll 2007-01-13 12:27 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2007-01-13 12:27 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-01-13 12:27 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-01-13 12:27 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-01-13 12:27 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-01-13 12:27 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-01-13 12:27 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-01-13 12:27 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-01-13 12:27 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-01-13 12:27 539,136 --a------ C:\WINDOWS\system32\spider.exe 2007-01-13 12:27 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-01-13 12:27 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-01-13 12:27 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-01-13 12:27 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-01-13 12:27 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-01-13 12:27 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-01-13 12:27 408,576 --a------ C:\WINDOWS\system32\mstsc.exe 2007-01-13 12:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-01-13 12:27 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-01-13 12:27 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-01-13 12:27 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-01-13 12:27 351,744 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-01-13 12:27 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-01-13 12:27 345,088 --a------ C:\WINDOWS\system32\mspaint.exe 2007-01-13 12:27 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-01-13 12:27 296,448 --a------ C:\WINDOWS\system32\termsrv.dll 2007-01-13 12:27 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-01-13 12:27 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-01-13 12:27 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-01-13 12:27 225,792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-01-13 12:27 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-01-13 12:27 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-01-13 12:27 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-01-13 12:27 20,992 --a------ C:\WINDOWS\system32\qprocess.exe 2007-01-13 12:27 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-01-13 12:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-01-13 12:27 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-01-13 12:27 187,904 --a------ C:\WINDOWS\system32\cmprops.dll 2007-01-13 12:27 187,904 --a------ C:\WINDOWS\system32\accwiz.exe 2007-01-13 12:27 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-01-13 12:27 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-01-13 12:27 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-01-13 12:27 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-01-13 12:27 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-01-13 12:27 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-01-13 12:27 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-01-13 12:27 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-01-13 12:27 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-01-13 12:27 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-01-13 12:27 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-01-13 12:27 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-01-13 12:27 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-01-13 12:27 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-01-13 12:27 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-01-13 12:27 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-01-13 12:27 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-01-13 12:27 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-01-13 12:27 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-01-13 12:27 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-01-13 12:27 124,928 --a------ C:\WINDOWS\system32\mplay32.exe 2007-01-13 12:27 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-01-13 12:27 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-01-13 12:27 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-01-13 12:27 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-01-13 12:27 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-01-13 12:27 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-01-13 12:27 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-01-13 12:27 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-01-13 12:27 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-01-13 10:27 2007-01-13 10:25 2007-01-13 01:56 2007-01-11 21:54 2007-01-11 21:51 2007-01-11 18:27 2007-01-11 18:21 2007-01-11 17:34 81,920 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2007-01-11 16:53 2007-01-11 16:04 2007-01-06 16:42 2007-01-06 16:39 2007-01-06 13:30 2007-01-05 21:13 2007-01-03 14:17 2007-01-01 17:36 2006-12-30 22:29 2006-12-30 20:19 2006-12-30 19:46 2006-12-30 18:43 2006-12-30 15:59 2006-12-30 15:57 2006-12-30 11:20 2006-12-30 11:20 2006-12-29 23:33 2006-12-29 23:33 2006-12-29 11:20 2006-12-29 10:40 2006-12-29 10:09 2006-12-29 09:37 2006-12-29 08:54 2006-12-29 08:51 2006-12-29 08:51 2006-12-29 08:51 2006-12-29 08:48 2006-12-29 08:48 2006-12-29 08:29 2006-12-29 08:29 2006-12-29 08:27 2006-12-29 08:24 2006-12-29 08:22 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:18 2006-12-29 08:17 2006-12-29 08:17 2006-12-29 08:17 2006-12-29 08:17 2006-12-29 08:17 2006-12-29 08:14 2006-12-29 08:14 2006-12-29 08:12 2006-12-29 08:12 2006-12-29 08:12 2006-12-29 08:12 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:11 2006-12-29 08:10 2006-12-29 08:10 2006-12-29 08:10 2006-12-29 08:10 2006-12-29 08:09 2006-12-29 08:09 2006-12-29 08:09 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-28 20:18 -------- d—s---- C:\DOCUME~1\lol\Dane aplikacji\microsoft 2007-01-15 23:44 14336 --a------ C:\WINDOWS\system32\svchost.exe 2007-01-13 15:17 -------- d-------- C:\Program Files\utorrent 2007-01-13 15:09 -------- d-------- C:\DOCUME~1\lol\Dane aplikacji\macromedia 2007-01-13 13:17 62 --ahs---- C:\DOCUME~1\lol\Dane aplikacji\desktop.ini 2007-01-13 12:42 -------- d-------- C:\DOCUME~1\lol\Dane aplikacji\identities 2006-12-29 08:12 -------- d-------- C:\Program Files\usugi online 2006-12-28 23:05 -------- d-------- C:\Program Files\Common Files\speechengines 2006-12-28 23:05 -------- d-------- C:\Program Files\Common Files\odbc 2006-12-28 18:28 -------- d-------- C:\Program Files\jowood 2006-12-28 14:00 -------- d-------- C:\Program Files\silent hill 2006-12-27 20:16 -------- d-------- C:\Program Files\alcohol soft 2006-12-27 19:53 0 -rahs---- C:\MSDOS.SYS 2006-12-27 19:53 0 -rahs---- C:\IO.SYS 2006-12-27 19:53 0 --a------ C:\CONFIG.SYS 2006-12-27 19:53 0 --a------ C:\AUTOEXEC.BAT 2006-12-14 00:41 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys 2006-12-14 00:41 11984 --a------ C:\WINDOWS\system32\drivers\ElbyDelay.sys 2006-12-13 13:25 69952 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe 2006-12-13 13:24 715048 --a------ C:\WINDOWS\system32\skaneronline.dll 2006-12-01 12:01 8277504 --a------ C:\WINDOWS\system32\wmploc.dll 2006-12-01 11:46 99840 --a------ C:\WINDOWS\system32\wmpshell.dll 2006-12-01 11:45 258560 --a------ C:\WINDOWS\system32\wmerror.dll 2006-12-01 11:42 7168 --a------ C:\WINDOWS\system32\asferror.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-02 11:52 42496 --------- C:\WINDOWS\system32\wpdshextres.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “PROMon.exe”=“PROMon.exe” “JeticoPFStartup”="“C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“SpySweeperUI” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“swdoctor” “hkey”=“HKCU” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “UPnPMonitor”="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “LinkResolveIgnoreLinkInfo”=dword:00000000 “NoResolveSearch”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NMSCFG Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\User_Feed_Synchronization-{6F939901-9CAC-45FD-B242-CE768541432D}.job Completion time: 07-01-29 21:26:21

2.Plik Hosts wygląda tak:

Użyłem narzędzia fixującego WinsockxpFix ponieważ znajodwały się tam również inne wpisy.

3.Programy startujące z systemem to(log z hijacka statup list:

StartupList report, 2007-01-29, 21:32:11 StartupList version: 1.52.2 Started from : C:\Documents and Settings\lol\Pulpit\Programy\hijackthis\HijackThis.EXE Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.5730.0011) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\PROMon.exe C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\NMSSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\lol\Pulpit\Programy\hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SoundMan = SOUNDMAN.EXE PROMon.exe = PROMon.exe JeticoPFStartup = “C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe” -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU…\Policies: Shell=*Registry value not found* HKLM…\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Task Scheduler jobs: At1.job User_Feed_Synchronization-{6F939901-9CAC-45FD-B242-CE768541432D}.job -------------------------------------------------- Enumerating Download Program Files: [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [MainControl Class] InProcServer32 = C:\WINDOWS\system32\SkanerOnline.dll CODEBASE = http://www.mks.com.pl/skaner/SkanerOnline.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://fpdownload.macromedia.com/get/sh … wflash.cab -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT ‘Wininit.ini’: PendingFileRenameOperations: C:\DOCUME~1\lol\Cookies\index.dat|||C -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll -------------------------------------------------- End of report, 4 373 bytes Report generated in 0,016 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

4.Czy da się naprawić to Centrum Zabezpieczeń?

Acha jeśli chodzi o bearshare przed chwilą go odinstalowałem,ale ponieważ log robiłem chwilę wcześniej być może widnieje że dalej jest zainstalowany.

adam9870 · 29 Styczeń 2007 20:40

Start => programy => narzędzia systemowe => zaplanowane zadania => możesz usunąć pogrubione jeśli nie są Ci już potrzebne.

Spróbuj zrobić tak:

Włóż płytkę instalacyjną systemu do napędu
Wybierz start => uruchom => wpisz sfc /scannow i kliknij OK