Proszę o sprawdzenie loga HJ

Qazar · 21 Kwiecień 2007 11:07

Mam prośbę czy możecie sprawdzić mojego loga, po uruchomieniu kompa pokazał mi się komunikat że odzyskano jakąś wartość w rejestrze systemu oraz pokazuje mi się okienko z Machine Debug Manager no i nie działa mi od tego momentu przeciągnij-upuść

Logfile of HijackThis v1.99.1 Scan saved at 12:51:59, on 2007-04-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\XXX\USTAWI~1\Temp\Rar$EX00.203\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

adam9870 · 21 Kwiecień 2007 11:12

Log czysty.

Jakie okienko i co na nim pisze? Proszę podać dokładną treść tego, co jest napisane na tym okienku.

Dodaj log z SilentRunners i pokaż eksport z klucza:

http://forum.dobreprogramy.pl/viewtopic.php?t=74592

Qazar · 21 Kwiecień 2007 12:05

to pokazuje mi się przy Silent Runners

adam9870 · 21 Kwiecień 2007 12:12

O problemach z silentem poczytaj TUTAJ.

Qazar · 21 Kwiecień 2007 12:55

próbowałem zrobić wg tego ale niestety nic nie pomogło

ściągnąłem to WMI Diagnosis Utility,i pokazało mi coś takiego

oraz miałem taki log

.1623 14:49:26 (0) ** WMIDiag v2.0 started on 21 kwietnia 2007 at 14:49. .1624 14:49:26 (0) ** .1625 14:49:26 (0) ** Copyright © Microsoft Corporation. All rights reserved - January 2007. .1626 14:49:26 (0) ** .1627 14:49:26 (0) ** This script is not supported under any Microsoft standard support program or service. .1628 14:49:26 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all .1629 14:49:26 (0) ** implied warranties including, without limitation, any implied warranties of merchantability .1630 14:49:26 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance .1631 14:49:26 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors, .1632 14:49:26 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for .1633 14:49:26 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits, .1634 14:49:26 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of .1635 14:49:26 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised .1636 14:49:26 (0) ** of the possibility of such damages. .1637 14:49:26 (0) ** .1638 14:49:26 (0) ** .1639 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1640 14:49:26 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ---------------------------------------------------------- .1641 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1642 14:49:26 (0) ** .1643 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1644 14:49:26 (0) ** Windows XP - No service pack - 32-bit (2600) - User ‘XXX-57B51D3E113\XXX’ on computer ‘XXX-57B51D3E113’. .1645 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1646 14:49:26 (0) ** Environment: … OK… .1647 14:49:26 (0) ** There are no missing WMI system files: … OK. .1648 14:49:26 (1) ERROR: The WMI repository folder is missing or you do not have access to it at: … C:\WINDOWS\SYSTEM32\WBEM\Repository\FS. .1649 14:49:26 (1) ERROR: The following WMI repository file(s) is/are missing: … 4 ERROR(S)! .1650 14:49:26 (0) ** - INDEX.BTR .1651 14:49:26 (0) ** - INDEX.MAP .1652 14:49:26 (0) ** - OBJECTS.DATA .1653 14:49:26 (0) ** - OBJECTS.MAP .1654 14:49:26 (0) ** = To fix this issue: .1655 14:49:26 (0) ** - ENSURE you have all access rights to the WMI repository folder. .1656 14:49:26 (0) ** - ENSURE you run WMIDiag as an Administrator. .1657 14:49:26 (0) ** = If the issue is not due to a lack of privileges, and folder/files are really missing, while .1658 14:49:26 (0) ** the WMI service successfully started, then WMI will rebuild the repository based on the .1659 14:49:26 (0) ** auto-recovery mechanism. In such a case, WMI repository files shoud be available after the execution .1660 14:49:26 (0) ** of WMIDiag. Check WMIDiag LOG. .1661 14:49:26 (0) ** = If the issue is NOT due to a lack of privileges, and folder/files are really missing, while .1662 14:49:26 (0) ** the WMI service does not start, then additional errors should be displayed (i.e. registry, DCOM, service hosts). .1663 14:49:26 (0) ** You must fix those issues first! .1664 14:49:26 (0) ** = After fixing issues, if the files are still missing and if you do not want WMI to rebuild .1665 14:49:26 (0) ** the WMI repository, then you must restore the WMI repository from a previous backup. .1666 14:49:26 (0) ** Note: The System State backup or the System Restore snapshot contain a backup of .1667 14:49:26 (0) ** of the WMI repository. .1668 14:49:26 (0) ** = If no backup is available, you must rebuild the repository. .1669 14:49:26 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository, .1670 14:49:26 (0) ** otherwise some applications may fail after the reconstruction. .1671 14:49:26 (0) ** This can be achieved with the following command: .1672 14:49:26 (0) ** i.e. ‘WMIDiag ShowMOFErrors’ .1673 14:49:26 (0) ** Note: Any missing MOF files, or existing MOF files not listed in the Auto-recovery .1674 14:49:26 (0) ** registry key will be excluded from the WMI repository reconstruction. .1675 14:49:26 (0) ** This may imply the lost of WMI registration information. .1676 14:49:26 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing .1677 14:49:26 (0) ** ALL fixes previously mentioned. .1678 14:49:26 (2) WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory) .1679 14:49:26 (0) ** = To rebuild the WMI repository, you must: .1680 14:49:26 (0) ** - Stop the WMI Service. .1681 14:49:26 (0) ** i.e. ‘NET.EXE STOP WINMGMT’ .1682 14:49:26 (0) ** - Move the existing WMI repository files to another location. .1683 14:49:26 (0) ** i.e. MOVE C:\WINDOWS\SYSTEM32\WBEM\Repository\FS*.* %TEMP% .1684 14:49:26 (0) ** - Start the WMI Service. .1685 14:49:26 (0) ** i.e. ‘NET.EXE START WINMGMT’ .1686 14:49:26 (0) ** WMI will rebuild the WMI repository based the auto-recovery mechanism. .1687 14:49:26 (0) ** .1688 14:49:26 (0) ** WMI repository state: … N/A. .1689 14:49:26 (0) ** BEFORE running WMIDiag: .1690 14:49:26 (0) ** - Disk free space on ‘C:’: … 15118 MB. .1691 14:49:26 (0) ** AFTER running WMIDiag: .1692 14:49:26 (0) ** - Disk free space on ‘C:’: … 15118 MB. .1693 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1694 14:49:26 (0) ** Windows Firewall: … NOT INSTALLED. .1695 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1696 14:49:26 (0) ** DCOM Status: … OK. .1697 14:49:26 (0) ** WMI registry setup: … OK. .1698 14:49:26 (0) ** WMI Service has no dependents: … OK. .1699 14:49:26 (0) ** RPCSS service: … OK (Already started). .1700 14:49:26 (0) ** WINMGMT service: … OK (Already started). .1701 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1702 14:49:26 (1) ERROR: WMI service DCOM setup: … ERROR! .1703 14:49:26 (0) ** = You can correct the WMI service DCOM configuration by executing the two following commands: .1704 14:49:26 (0) ** i.e. ‘WINMGMT.EXE /REGSERVER’ .1705 14:49:26 (0) ** i.e. ‘UNSECAPP.EXE /REGSERVER’ .1706 14:49:26 (0) ** i.e. ‘FOR %i IN (“C:\WINDOWS\SYSTEM32\WBEM\WBEM*.DLL”) DO REGSVR32.EXE /S %i’ .1707 14:49:26 (0) ** Once completed, stop and restart the WMI Service with the following commands: .1708 14:49:26 (0) ** i.e. ‘NET STOP WINMGMT’ .1709 14:49:26 (0) ** i.e. ‘NET START WINMGMT’ .1710 14:49:26 (0) ** = Check any additional registry setup errors at the bottom of this report. .1711 14:49:26 (0) ** .1712 14:49:26 (2) WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: … 72 WARNING(S)! .1713 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32) .1714 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32) .1715 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32) .1716 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMDISP.DLL (\INTERFACE{14D8250E-D9C2-11D3-B38F-00105A1F473A}) .1717 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMDISP.DLL (\INTERFACE{269AD56A-8A67-4129-BC8C-0506DCFE9880}) .1718 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMDISP.DLL (\INTERFACE{5AD4BF92-DAAB-11D3-B38F-00105A1F473A}) .1719 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMDISP.DLL (\INTERFACE{5E97458A-CF77-11D3-B38F-00105A1F473A}) .1720 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMDISP.DLL (\INTERFACE{75718C9F-F029-11D1-A1AC-00C04FB6C223}) .1721 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMDISP.DLL (\INTERFACE{75718CA0-F029-11D1-A1AC-00C04FB6C223}) .1722 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMDISP.DLL (\INTERFACE{D2F68443-85DC-427E-91D8-366554CC754C}) .1723 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMDISP.DLL (\INTERFACE{D962DB84-D4BB-11D1-8B09-00600806D9B6}) .1724 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32) .1725 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32) .1726 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32) .1727 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}) .1728 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{07435309-D440-41B7-83F3-EB82DB6C622F}) .1729 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{0FC8C622-1728-4149-A57F-AD19D0970710}) .1730 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{11CAA957-4E80-474E-A819-7FD72148ADA9}) .1731 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{1BE41571-91DD-11D1-AEB2-00C04FB68820}) .1732 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{1BE41572-91DD-11D1-AEB2-00C04FB68820}) .1733 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{1C1C45EE-4395-11D2-B60B-00104B703EFD}) .1734 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{1CFABA8C-1523-11D1-AD79-00C04FD8FDFF}) .1735 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{21CD80A2-B305-4F37-9D4C-4534A8D9B568}) .1736 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{25411283-46FC-4326-8DF2-FF5D34B2DFEF}) .1737 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{2A504CA2-CA90-4731-87BC-6E99CA2019AF}) .1738 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{2B322B6E-A9DF-44E3-97BF-259E3583FDA4}) .1739 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{2C9273E0-1DC3-11D3-B364-00105A1F8177}) .1740 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{2DB9FA90-9973-46CF-B310-9865B644699D}) .1741 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{37196B38-CCCF-11D2-B35C-00105A1F8177}) .1742 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{37196B39-CCCF-11D2-B35C-00105A1F8177}) .1743 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{3AE0080A-7E3A-4366-BF89-0FEEDC931659}) .1744 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{41AA40E6-2FBA-4E80-ADE9-34306567206D}) .1745 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{423EC01E-2E35-11D2-B604-00104B703EFD}) .1746 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{44ACA675-E8FC-11D0-A07C-00C04FB68820}) .1747 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{484E3ECE-1F81-4591-B9D4-943BA13B609D}) .1748 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{48FF3109-A366-4B56-B340-01FAE758BA64}) .1749 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{580ACAF8-FA1C-11D0-AD72-00C04FD8FDFF}) .1750 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{5FBA5051-3124-4112-B723-46BFBAF1D622}) .1751 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{60E512D4-C47B-11D2-B338-00105A1F4AAF}) .1752 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{631F7D96-D993-11D2-B339-00105A1F4AAF}) .1753 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{631F7D97-D993-11D2-B339-00105A1F4AAF}) .1754 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{6919DD07-1637-4611-A8A7-C16FAC5B2D53}) .1755 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{6963B029-B969-40AA-9180-2B2F84075973}) .1756 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{6B3FC272-BF37-4968-933A-6DF9222A2607}) .1757 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{6C19BE32-7500-11D1-AD94-00C04FD8FDFF}) .1758 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{6C19BE34-7500-11D1-AD94-00C04FD8FDFF}) .1759 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{755F9DA7-7508-11D1-AD94-00C04FD8FDFF}) .1760 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{854D745C-6742-42C0-8BB9-01EC466B6E87}) .1761 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{88F3781C-6902-4647-9A6B-A74F450AF861}) .1762 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{8A0DC377-A9D3-41CB-BD69-AE1FDAF2DC68}) .1763 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{A210BFE9-C9F7-4919-B114-0D98B3D5341E}) .1764 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{A359DEC5-E813-4834-8A2A-BA7F1D777D76}) .1765 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{AC9EA02A-2C8A-4ACD-B562-D7E8EBEE8E8E}) .1766 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{B1B55910-8BA0-47A5-A16E-2B733B1D987C}) .1767 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{B60EF4F1-A411-462B-B51E-477CBDBB90B4}) .1768 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{B7B31DF9-D515-11D3-A11C-00105A1F515A}) .1769 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{BAC6B661-167E-4957-AD77-286AB256585E}) .1770 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{C49E32C7-BC8B-11D2-85D4-00105A1F8304}) .1771 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{CE61E841-65BC-11D0-B6BD-00AA003240C7}) .1772 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{D4781CD6-E5D3-44DF-AD94-930EFE48A887}) .1773 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{D8EC9CB1-B135-4F10-8B1B-C7188BB0D186}) .1774 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{DF2373F5-EFB2-475C-AD58-3102D61967D4}) .1775 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{E245105B-B06E-11D0-AD61-00C04FD8FDFF}) .1776 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{E246107A-B06E-11D0-AD61-00C04FD8FDFF}) .1777 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{E8107BDF-BAAF-4C7C-BB5F-9D732E8D8F07}) .1778 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}) .1779 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{F0E4EDDE-475A-498A-93D7-D4347F68A8F3}) .1780 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{F1E9C5B2-F59B-11D2-B362-00105A1F8177}) .1781 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{F309AD18-D86A-11D0-A075-00C04FB68820}) .1782 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}) .1783 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{FD450835-CF1B-4C87-9FD2-5E0D42FDE081}) .1784 14:49:26 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMSVC.DLL (\INTERFACE{FEC1B0AC-5808-4033-A915-C0185934581E}) .1785 14:49:26 (0) ** = WMI System components are not properly registered as COM objects, which could make WMI to .1786 14:49:26 (0) ** fail depending on the operation requested. .1787 14:49:26 (0) ** = For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE ’ command. .1788 14:49:26 (0) ** .1789 14:49:26 (0) ** WMI ProgID registrations: … OK. .1790 14:49:26 (0) ** WMI provider DCOM registrations: … OK. .1791 14:49:26 (0) ** WMI provider CIM registrations: … OK. .1792 14:49:26 (0) ** WMI provider CLSIDs: … OK. .1793 14:49:26 (0) ** WMI providers EXE/DLL availability: … OK. .1794 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1795 14:49:26 (0) ** DCOM security for ‘My Computer’ (Launch Activation Permissions/Edit Default): … MODIFIED. .1796 14:49:26 (1) ERROR: Default trustee ‘BUILTIN\ADMINISTRATORS’ has been REMOVED! .1797 14:49:26 (0) ** - REMOVED ACE: .1798 14:49:26 (0) ** ACEType: h0 .1799 14:49:26 (0) ** ACCESS_ALLOWED_ACE_TYPE .1800 14:49:26 (0) ** ACEFlags: h0 .1801 14:49:26 (0) ** ACEMask: h1 .1802 14:49:26 (0) ** DCOM_RIGHT_EXECUTE .1803 14:49:26 (0) ** .1804 14:49:26 (0) ** = The REMOVED ACE was part of the DEFAULT setup for the trustee. .1805 14:49:26 (0) ** Removing default security will cause some operations to fail! .1806 14:49:26 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. .1807 14:49:26 (0) ** For DCOM objects, this can be done with ‘DCOMCNFG.EXE’. .1808 14:49:26 (0) ** .1809 14:49:26 (0) ** DCOM security for ‘My Computer’ (Launch Activation Permissions/Edit Default): … MODIFIED. .1810 14:49:26 (1) ERROR: Default trustee ‘NT AUTHORITY\INTERACTIVE’ has been REMOVED! .1811 14:49:26 (0) ** - REMOVED ACE: .1812 14:49:26 (0) ** ACEType: h0 .1813 14:49:26 (0) ** ACCESS_ALLOWED_ACE_TYPE .1814 14:49:26 (0) ** ACEFlags: h0 .1815 14:49:26 (0) ** ACEMask: h1 .1816 14:49:26 (0) ** DCOM_RIGHT_EXECUTE .1817 14:49:26 (0) ** .1818 14:49:26 (0) ** = The REMOVED ACE was part of the DEFAULT setup for the trustee. .1819 14:49:26 (0) ** Removing default security will cause some operations to fail! .1820 14:49:26 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. .1821 14:49:26 (0) ** For DCOM objects, this can be done with ‘DCOMCNFG.EXE’. .1822 14:49:26 (0) ** .1823 14:49:26 (0) ** DCOM security for ‘My Computer’ (Launch Activation Permissions/Edit Default): … MODIFIED. .1824 14:49:26 (1) ERROR: Default trustee ‘NT AUTHORITY\SYSTEM’ has been REMOVED! .1825 14:49:26 (0) ** - REMOVED ACE: .1826 14:49:26 (0) ** ACEType: h0 .1827 14:49:26 (0) ** ACCESS_ALLOWED_ACE_TYPE .1828 14:49:26 (0) ** ACEFlags: h0 .1829 14:49:26 (0) ** ACEMask: h1 .1830 14:49:26 (0) ** DCOM_RIGHT_EXECUTE .1831 14:49:26 (0) ** .1832 14:49:26 (0) ** = The REMOVED ACE was part of the DEFAULT setup for the trustee. .1833 14:49:26 (0) ** Removing default security will cause some operations to fail! .1834 14:49:26 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. .1835 14:49:26 (0) ** For DCOM objects, this can be done with ‘DCOMCNFG.EXE’. .1836 14:49:26 (0) ** .1837 14:49:26 (0) ** .1838 14:49:26 (0) ** DCOM security warning(s) detected: … 0. .1839 14:49:26 (0) ** DCOM security error(s) detected: … 3. .1840 14:49:26 (0) ** WMI security warning(s) detected: … 0. .1841 14:49:26 (0) ** WMI security error(s) detected: … 0. .1842 14:49:26 (0) ** .1843 14:49:26 (1) ERROR: Overall DCOM security status: … ERROR! .1844 14:49:26 (0) ** Overall WMI security status: … OK. .1845 14:49:26 (0) ** - Started at ‘Root’ -------------------------------------------------------------------------------------------------------------- .1846 14:49:26 (0) ** WMI permanent SUBSCRIPTION(S): … NONE. .1847 14:49:26 (0) ** WMI TIMER instruction(s): … NONE. .1848 14:49:26 (1) ERROR: WMI ADAP status: … NOT AVAILABLE. .1849 14:49:26 (0) ** You can start the WMI AutoDiscovery/AutoPurge (ADAP) process to resynchronize .1850 14:49:26 (0) ** the performance counters with the WMI performance classes with the following commands: .1851 14:49:26 (0) ** i.e. ‘WINMGMT.EXE /CLEARADAP’ .1852 14:49:26 (0) ** i.e. ‘WINMGMT.EXE /RESYNCPERF’ .1853 14:49:26 (0) ** The ADAP process logs informative events in the Windows NT event log. .1854 14:49:26 (0) ** More information can be found on MSDN at: .1855 14:49:26 (0) ** http://msdn.microsoft.com/library/defau … events.asp .1856 14:49:26 (1) ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: … 1 ERROR(S)! .1857 14:49:26 (0) ** - Root, 0x1AD - Składnik ActiveX nie może utworzyć obiektu… .1858 14:49:26 (0) ** .1859 14:49:26 (1) ERROR: WMI CONNECTION errors occured for the following namespaces: … 5 ERROR(S)! .1860 14:49:26 (0) ** - Root, 0x80040154 - Klasa niezarejestrowana… .1861 14:49:26 (0) ** - Root, 0x80040154 - Klasa niezarejestrowana… .1862 14:49:26 (0) ** - Root/Default, 0x80040154 - Klasa niezarejestrowana… .1863 14:49:26 (0) ** - Root/CIMv2, 0x80040154 - Klasa niezarejestrowana… .1864 14:49:26 (0) ** - Root/WMI, 0x80040154 - Klasa niezarejestrowana… .1865 14:49:26 (0) ** .1866 14:49:26 (0) ** WMI GET operations: … OK. .1867 14:49:26 (0) ** WMI MOF representations: … OK. .1868 14:49:26 (0) ** WMI QUALIFIER access operations: … OK. .1869 14:49:26 (0) ** WMI ENUMERATION operations: … OK. .1870 14:49:26 (0) ** WMI EXECQUERY operations: … OK. .1871 14:49:26 (0) ** WMI GET VALUE operations: … OK. .1872 14:49:26 (0) ** WMI WRITE operations: … NOT TESTED. .1873 14:49:26 (0) ** WMI PUT operations: … NOT TESTED. .1874 14:49:26 (0) ** WMI DELETE operations: … NOT TESTED. .1875 14:49:26 (0) ** WMI static instances retrieved: … 0. .1876 14:49:26 (0) ** WMI dynamic instances retrieved: … 0. .1877 14:49:26 (0) ** WMI instance request cancellations (to limit performance impact): … 0. .1878 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1879 14:49:26 (0) ** .1880 14:49:26 (0) ** 1 error(s) 0x1AD - (WBEM_UNKNOWN) This error code is external to WMI. .1881 14:49:26 (0) ** .1882 14:49:26 (0) ** 5 error(s) 0x80040154 - (WBEM_UNKNOWN) This error code is external to WMI. .1883 14:49:26 (0) ** = This error is not a WMI error. This error is a DCOM component registration error. .1884 14:49:26 (0) ** The registry information for DCOM to initialize a DCOM object is missing or wrongly configured. .1885 14:49:26 (0) ** - An application has changed the COM/DCOM settings of OLE32.DLL and/or OLEAUT32.DLL. .1886 14:49:26 (0) ** - The registry settings of COM/DCOM has been damage or wrongly modified. .1887 14:49:26 (0) ** - The registry security settings of COM/DCOM has been damage or wrongly modified. .1888 14:49:26 (0) ** = To correct this situation, you must re-register the original COM/DCOM DLLs with REGSVR32.EXE .1889 14:49:26 (0) ** i.e. ‘REGSVR32.EXE OLE32.DLL’ .1890 14:49:26 (0) ** i.e. ‘REGSVR32.EXE OLEAUT32.DLL’ .1891 14:49:26 (0) ** = Verify WMIDiag report if ERRORS or WARNINGS are reported about the DCOM security for .1892 14:49:26 (0) ** the following DCOM objects: .1893 14:49:26 (0) ** - ‘My Computer’ .1894 14:49:26 (0) ** - ‘Windows Management Instrumentation’ .1895 14:49:26 (0) ** - ‘Microsoft WMI Provider Subsystem Host’ .1896 14:49:26 (0) ** - ‘Microsoft WBEM UnSecured Apartment’ .1897 14:49:26 (0) ** = You must also verify with ‘REGEDIT.EXE’, if the ‘Users’ builtin group is granted read access for .1898 14:49:26 (0) ** the following registry hives: .1899 14:49:26 (0) ** - HKCR\APPID .1900 14:49:26 (0) ** - HKCR\CLSID .1901 14:49:26 (0) ** - HKCR\APPID{1BE1F766-5536-11D1-B726-00C04FB926AF} (WinMgmt EventSystem APPID keys) .1902 14:49:26 (0) ** - HKCR\CLSID{1BE1F766-5536-11D1-B726-00C04FB926AF} (WinMgmt EventSystem CLSID keys) .1903 14:49:26 (0) ** - HKCR\APPID{8BC3F05E-D86B-11D0-A075-00C04FB68820} (WinMgmt APPID keys) .1904 14:49:26 (0) ** - HKCR\CLSID{8BC3F05E-D86B-11D0-A075-00C04FB68820} (WinMgmt CLSID keys) .1905 14:49:26 (0) ** .1906 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1907 14:49:26 (0) ** Unexpected, wrong or missing registry key values: … 4 KEY(S)! .1908 14:49:26 (0) ** INFO: Missing registry key value: .1909 14:49:26 (0) ** - HKLM\SOFTWARE\Classes\AppID{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ (REG_SZ) - Windows Management and Instrumentation .1910 14:49:26 (0) ** From the command line, the registry configuration can be corrected with the following command: .1911 14:49:26 (1) ERROR: Missing registry key value: .1912 14:49:26 (0) ** - HKLM\SOFTWARE\Classes\AppID{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalService (REG_SZ) - WINMGMT .1913 14:49:26 (0) ** From the command line, the registry configuration can be corrected with the following command: .1914 14:49:26 (1) ERROR: Missing registry key value: .1915 14:49:26 (0) ** - HKLM\SOFTWARE\Classes\AppID\winmgmt\AppID (REG_SZ) - {8BC3F05E-D86B-11D0-A075-00C04FB68820} .1916 14:49:26 (0) ** From the command line, the registry configuration can be corrected with the following command: .1917 14:49:26 (0) ** INFO: Missing registry key value: .1918 14:49:26 (0) ** - HKLM\SOFTWARE\Classes\AppID{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ (REG_SZ) - Microsoft WMI Provider Subsystem Host .1919 14:49:26 (0) ** From the command line, the registry configuration can be corrected with the following command: .1920 14:49:26 (0) ** .1921 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1922 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1923 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1924 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1925 14:49:26 (0) ** .1926 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1927 14:49:26 (0) ** ------------------------------------------------------ WMI REPORT: END ----------------------------------------------------------- .1928 14:49:26 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- .1929 14:49:26 (0) ** .1930 14:49:26 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check ‘C:\DOCUMENTS AND SETTINGS\XXX\USTAWIENIA LOKALNE\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_XXX-57B51D3E113_2007.04.21_14.49.10.LOG’ for details. .1931 14:49:26 (0) ** .1932 14:49:26 (0) ** WMIDiag v2.0 ended on 21 kwietnia 2007 at 14:49 (W:32 E:185 S:1).

Joan · 21 Kwiecień 2007 13:34

Daj loga z ComboFix

Qazar · 21 Kwiecień 2007 13:57

“XXX” - 07-04-21 15:55:33 Dodatek Service Pack 2 ComboFix 07-04-21.2V - Running from: C:\Documents and Settings\XXX\Pulpit\ ((((((((((((((((((((((((((((((( Files Created from 2007-03-21 to 2007-04-21 )))))))))))))))))))))))))))))))))) 2007-04-21 13:31 2007-04-21 11:06 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-04-21 10:12 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2007-04-21 10:12 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2007-04-19 18:30 2007-04-19 18:29 2007-04-19 18:29 2007-04-17 13:32 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-04-17 13:30 2007-04-17 13:29 2007-04-17 13:29 2007-04-17 12:55 2007-04-16 21:14 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-04-16 21:14 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-04-16 21:14 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-04-16 21:14 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-04-16 21:14 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-04-16 21:13 2007-04-16 21:11 2007-04-16 21:09 951,224 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-04-16 21:09 716,113 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-04-16 21:09 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-04-16 21:09 576,512 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-04-16 21:09 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-04-16 21:09 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-04-16 21:09 272,512 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-04-16 21:09 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-04-16 21:08 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-04-16 21:08 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-04-16 21:08 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-04-16 21:08 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS 2007-04-16 21:08 27,648 --a------ C:\WINDOWS\system32\irmon.dll 2007-04-16 21:08 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-04-16 21:08 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-04-16 21:08 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys 2007-04-16 21:08 153,088 --a------ C:\WINDOWS\system32\irftp.exe 2007-04-16 21:07 2007-04-16 21:07 2007-04-16 21:07 2007-04-16 21:06 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-04-16 21:06 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-04-16 21:06 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-04-16 21:06 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-04-16 21:06 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-04-16 21:06 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-04-16 21:06 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-04-16 21:06 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-04-16 21:06 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-04-16 21:06 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-04-16 21:06 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-04-16 21:06 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-04-16 21:06 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-04-16 21:06 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-04-16 21:06 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-04-16 21:06 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-04-16 21:06 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-04-16 21:06 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-04-16 21:06 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-04-16 21:06 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-04-16 21:06 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-04-16 21:06 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-04-16 21:06 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-04-16 21:06 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-04-16 21:06 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-04-16 21:06 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-04-16 21:06 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-04-16 21:06 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-04-16 21:06 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-04-16 21:06 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-04-16 21:06 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-04-16 21:06 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-04-16 21:06 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-04-16 21:06 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-04-16 21:06 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-04-16 21:06 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-04-16 21:06 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-04-16 21:06 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-04-16 21:06 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-04-16 21:06 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-04-16 21:06 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-04-16 21:06 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-04-16 21:06 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-04-16 21:06 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-04-16 21:06 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-04-16 21:06 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-04-16 21:06 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-04-16 21:06 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-04-16 21:06 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:06 2007-04-16 21:05 2007-04-16 21:05 2007-04-16 21:05 2007-04-16 21:05 2007-04-16 21:05 2007-04-16 21:05 2007-04-16 21:03 2007-04-16 21:01 2007-04-16 20:50 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:50 2007-04-16 20:01 1,277 --a------ C:\WINDOWS\mozver.dat 2007-04-16 20:00 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-16 19:56 2007-04-16 19:53 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-04-16 19:53 2007-04-16 19:53 2007-04-16 19:51 639,066 --a------ C:\WINDOWS\system32\DivX.dll 2007-04-16 19:44 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-04-16 19:44 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-04-16 19:44 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2007-04-16 19:44 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-04-16 19:44 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-04-16 19:44 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-04-16 19:44 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-04-16 19:44 2007-04-16 19:43 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-04-16 19:43 626,688 --a------ C:\WINDOWS\system32\xvid.dll 2007-04-16 19:43 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-04-16 19:43 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-04-16 19:43 155,648 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-04-16 19:43 2007-04-16 19:43 2007-04-16 19:43 2007-04-16 19:43 2007-04-16 19:42 2007-04-16 19:42 2007-04-16 19:42 2007-04-16 19:42 2007-04-16 19:41 2007-04-16 19:38 2007-04-16 19:37 917,504 --a------ C:\WINDOWS\system\cmids3d.dll 2007-04-16 19:37 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-04-16 19:37 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll 2007-04-16 19:37 712,704 --a------ C:\WINDOWS\system32\a3d.dll 2007-04-16 19:37 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-04-16 19:37 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-04-16 19:37 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-04-16 19:37 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-04-16 19:37 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-04-16 19:37 53,248 --a------ C:\WINDOWS\system32\cmuda.dll 2007-04-16 19:37 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-04-16 19:37 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-04-16 19:37 451,599 --a------ C:\WINDOWS\system32\drivers\cmuda.sys 2007-04-16 19:37 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-04-16 19:37 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-04-16 19:37 28,672 --a------ C:\WINDOWS\system32\udaprop.dll 2007-04-16 19:37 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-04-16 19:37 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-04-16 19:37 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-04-16 19:37 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-04-16 19:36 45,056 -ra------ C:\WINDOWS\winio.dll 2007-04-16 19:36 32,768 --a------ C:\WINDOWS\SIS_LIB.DLL 2007-04-16 19:36 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-04-16 19:36 304,640 --a------ C:\WINDOWS\IsUn0415.exe 2007-04-16 19:36 30,848 -ra------ C:\WINDOWS\system32\drivers\SISAGPX.SYS 2007-04-16 19:36 3,583 --a------ C:\WINDOWS\SiSport.sys 2007-04-16 19:36 3,072 -ra------ C:\WINDOWS\winio.sys 2007-04-16 19:36 28,672 -ra------ C:\WINDOWS\htpatch.exe 2007-04-16 19:36 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll 2007-04-16 19:36 237,568 --a------ C:\WINDOWS\CMIUninstall.exe 2007-04-16 19:36 212,992 --a------ C:\WINDOWS\CmiRmRedundDir.exe 2007-04-16 19:36 106,496 --a------ C:\WINDOWS\SiSUSBrg.exe 2007-04-16 19:36 2007-04-16 19:35 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-04-16 19:35 110,677 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-04-16 19:35 2007-04-16 19:35 2007-04-16 19:35 2007-04-16 19:35 2007-04-16 19:34 2007-04-16 19:33 2007-04-16 19:32 1,835,008 --ah----- C:\DOCUME~1\XXX\NTUSER.DAT 2007-04-16 19:32 2007-04-16 19:32 2007-04-16 19:32 2007-04-16 19:32 2007-04-16 19:32 2007-04-16 19:32 2007-04-16 19:32 2007-04-16 19:31 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-04-16 19:31 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-04-16 19:31 2007-04-16 19:31 2007-04-16 19:31 2007-04-16 19:31 2007-04-16 19:31 2007-04-16 19:31 2007-04-16 19:26 229,376 —h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-04-16 19:26 0 -rahs---- C:\MSDOS.SYS 2007-04-16 19:26 0 -rahs---- C:\IO.SYS 2007-04-16 19:26 0 --a------ C:\CONFIG.SYS 2007-04-16 19:26 0 --a------ C:\AUTOEXEC.BAT 2007-04-16 19:26 2007-04-16 19:26 2007-04-16 19:25 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-04-16 19:24 2007-04-16 19:24 2007-04-16 19:24 2007-04-16 19:24 2007-04-16 19:24 2007-04-16 19:24 2007-04-16 19:23 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-04-16 19:22 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-04-16 19:22 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-04-16 19:22 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-04-16 19:22 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-04-16 19:22 466,200 --a------ C:\WINDOWS\system32\wuapi.dll 2007-04-16 19:22 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-04-16 19:22 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-04-16 19:22 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-04-16 19:22 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-04-16 19:22 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-04-16 19:22 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-04-16 19:22 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-04-16 19:22 128,280 --a------ C:\WINDOWS\system32\wucltui.dll 2007-04-16 19:22 125,208 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-04-16 19:22 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-04-16 19:22 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-04-16 19:22 2007-04-16 19:22 2007-04-16 19:22 2007-04-16 19:22 2007-04-16 19:22 2007-04-16 19:21 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2007-04-16 19:21 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-04-16 19:21 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-04-16 19:21 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-04-16 19:21 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-04-16 19:21 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-04-16 19:21 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-04-16 19:21 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-04-16 19:21 49,664 --a------ C:\WINDOWS\system32\inetres.dll 2007-04-16 19:21 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-04-16 19:21 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-04-16 19:21 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-04-16 19:21 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-04-16 19:21 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-04-16 19:21 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-04-16 19:21 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-04-16 19:21 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-04-16 19:21 278,528 --a------ C:\WINDOWS\system32\mstask.dll 2007-04-16 19:21 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-04-16 19:21 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-04-16 19:21 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-04-16 19:21 23,040 --a------ C:\WINDOWS\system32\fltmc.exe 2007-04-16 19:21 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-04-16 19:21 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2007-04-16 19:21 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-04-16 19:21 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2007-04-16 19:21 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-04-16 19:21 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-04-16 19:21 2007-04-16 19:20 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-04-16 19:20 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-04-16 19:20 2007-04-16 19:20 2007-04-16 19:20 2007-04-16 19:19 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-04-16 19:19 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-04-16 19:19 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-04-16 19:19 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-04-16 19:19 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-04-16 19:19 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-04-16 19:19 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-04-16 19:19 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-04-16 19:19 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-04-16 19:19 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-04-16 19:19 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-04-16 19:19 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-04-16 19:19 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-04-16 19:19 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-04-16 19:19 60,928 --a------ C:\WINDOWS\system32\remotepg.dll 2007-04-16 19:19 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2007-04-16 19:19 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-04-16 19:19 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-04-16 19:19 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-04-16 19:19 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-04-16 19:19 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-04-16 19:19 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-04-16 19:19 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-04-16 19:19 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-04-16 19:19 539,136 --a------ C:\WINDOWS\system32\spider.exe 2007-04-16 19:19 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-04-16 19:19 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-04-16 19:19 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-04-16 19:19 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-04-16 19:19 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-04-16 19:19 408,576 --a------ C:\WINDOWS\system32\mstsc.exe 2007-04-16 19:19 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-04-16 19:19 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-04-16 19:19 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-04-16 19:19 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-04-16 19:19 351,744 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-04-16 19:19 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-04-16 19:19 345,088 --a------ C:\WINDOWS\system32\mspaint.exe 2007-04-16 19:19 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-04-16 19:19 296,448 --a------ C:\WINDOWS\system32\termsrv.dll 2007-04-16 19:19 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-04-16 19:19 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-04-16 19:19 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-04-16 19:19 225,792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-04-16 19:19 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-04-16 19:19 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-04-16 19:19 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-04-16 19:19 20,992 --a------ C:\WINDOWS\system32\qprocess.exe 2007-04-16 19:19 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-04-16 19:19 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-04-16 19:19 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-04-16 19:19 187,904 --a------ C:\WINDOWS\system32\cmprops.dll 2007-04-16 19:19 187,904 --a------ C:\WINDOWS\system32\accwiz.exe 2007-04-16 19:19 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-04-16 19:19 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-04-16 19:19 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-04-16 19:19 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-04-16 19:19 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-04-16 19:19 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-04-16 19:19 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-04-16 19:19 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-04-16 19:19 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-04-16 19:19 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-04-16 19:19 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-04-16 19:19 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-04-16 19:19 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-04-16 19:19 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-04-16 19:19 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-04-16 19:19 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-04-16 19:19 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-04-16 19:19 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-04-16 19:19 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-04-16 19:19 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-04-16 19:19 124,928 --a------ C:\WINDOWS\system32\mplay32.exe 2007-04-16 19:19 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-04-16 19:19 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-04-16 19:19 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-04-16 19:19 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-04-16 19:19 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-04-16 19:19 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-04-16 19:19 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-04-16 19:19 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-04-16 19:19 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-04-16 19:19 2007-04-16 19:19 2007-04-16 19:19 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-17 09:16 49492 --a------ C:\WINDOWS\system32\perfc015.dat 2007-04-17 09:16 355486 --a------ C:\WINDOWS\system32\perfh015.dat 2007-04-16 21:06 62 --ahs---- C:\DOCUME~1\XXX\DANEAP~1\desktop.ini 2007-04-16 19:24 -------- d-------- C:\Program Files\usugi online 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:38 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:37 1843840 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-05 22:19 185856 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “avgnt”="“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min" “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” “HTpatch”=“C:\WINDOWS\htpatch.exe” “SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe” “Cmaudio”=“RunDll32 cmicnfg.cpl,CMICtrlWnd” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”" “WinampAgent”="“C:\Program Files\Winamp\winampa.exe”" “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”="“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SISPORT ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-21 15:57:06 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???/??[??? [?? [???[???[?C??? [$???[???S??[???m??[???w???(???{??w???w???w???w???[???d???b6?[%??[?? [???"??[A??[???[.??wZ??[?3?[?3?[???st.I???[???d???0=?[?K?[scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-21 15:57:08 C:\ComboFix-quarantined-files.txt … 07-04-21 15:57

Złączono Posta : 21.04.2007 (Sob) 15:58

chyba jednak zrobię nowy system