Trojan-Clicker.Win32.Small.kj orazTrojan-PSW.Win32.OnLineGa

system · 30 Marzec 2007 16:14

Przy skanowaniu kasperskim online te dwa rodzaje wirusów sie pokazały na kompie mojej koleżanki.

Proszę o przejrzenie loga z kasperskiego i wytłumaczenie czym i w jaki sposób usunąć to świństwo z kompa załączam log z kasperskiego.

Z góry dziekuje za pomoc

------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT 30 marzec 2007 17:41:34 System operacyjny: Microsoft Windows XP Home Edition, Dodatek Service Pack 2 (Build 2600) Kaspersky Online Scanner wersja: 5.0.83.0 Ostatnia aktualizacja Kaspersky Anti-Virus30/03/2007 Liczba wpisów w bazie danych Kaspersky Anti-Virus289115 ------------------------------------------------------------------------------- Ustawienia skanowania: Skanowanie przy użyciu następujących baz danych: rozszerzone Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Foldery: F:\ H:\ Statystyki skanowania: Liczba skanowanych obiektów: 25971 Liczba wykrytych wirusów: 4 Liczba zainfekowanych obiektów: 31 / 0 Liczba podejrzanych obiektów: 0 Czas trwania skanowania: 01:23:14 Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie F:\WINDOWS\25135121248.exe Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\WINDOWS\systpro32.exe Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\WINDOWS\systempro32.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\Documents and Settings\Marta\SendTo\winhy.exe Zainfekowanych: Trojan-PSW.Win32.OnLineGames.jn pominięty F:\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.i pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP9\A0007961.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP9\A0007953.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP9\A0007969.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP9\A0007979.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP10\A0008007.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP10\A0009007.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP10\A0009016.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP10\A0009701.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP12\A0009804.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP12\A0010804.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP12\A0011804.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP12\A0011809.exe Zainfekowanych: Trojan-PSW.Win32.OnLineGames.jn pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP12\A0012804.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP12\A0012809.exe Zainfekowanych: Trojan-PSW.Win32.OnLineGames.jn pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP13\A0012833.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP13\A0012862.exe/WISE0044.BIN/stream/data0005 Zainfekowanych: not-a-virus:AdWare.Win32.Softomate.aa pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP13\A0012862.exe/WISE0044.BIN/stream Zainfekowanych: not-a-virus:AdWare.Win32.Softomate.aa pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP13\A0012862.exe/WISE0044.BIN Zainfekowanych: not-a-virus:AdWare.Win32.Softomate.aa pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP13\A0012862.exe WiseSFX: zainfekowany - 3 pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP13\A0012862.exe WiseSFX Dropper: zainfekowany - 3 pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP13\A0012863.dll Zainfekowanych: not-a-virus:AdWare.Win32.Softomate.aa pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP14\A0013833.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP14\A0014833.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP14\A0015833.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP14\A0015843.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{75E9374C-5F35-4FF3-ABC0-D1B8C201D248}\RP14\A0015855.dll Zainfekowanych: Trojan-Clicker.Win32.Small.kj pominięty F:\System Volume Information_restore{AEDB8CB2-8F96-4BF9-B07C-9D98F917601E}\RP100\change.log Object is locked pominięty H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty H:\System Volume Information_restore{AEDB8CB2-8F96-4BF9-B07C-9D98F917601E}\RP100\change.log Object is locked pominięty Proces skanowania został zakończony.

F jest partycją z systemem (xp) a H partycja dodatkowa

adam9870 · 30 Marzec 2007 16:19

Usuń wszystko to, co Kaspersky znalazł. Ale do zainfekowanych plików, które znajdują się w katalogu System Volume Information zrób tak:

http://forum.dobreprogramy.pl/viewtopic.php?t=143739

Potem wklej log z ComboScan.

system · 30 Marzec 2007 16:33

ale czym mam to usunąc killboxem? i w jaki sposób ?

adam9870 · 30 Marzec 2007 16:42

Uruchamiasz system w trybie awaryjnym i po prostu usuwasz ręcznie:

Tylko przed tym włącz pokazywanie ukrytych plików i folderów, ponieważ te obiekty mogą być ukryte. Potem zajmujesz się usuwaniem plików z folderu System Volume Information (po wyłączaniu przywracania ten folder sam powinien się opróżnić i zapewne i nie będzie potrzeby robienia innych rzeczy z nim związanych) i wklejasz log z ComboScan i SilentRunners.

system · 3 Kwiecień 2007 17:35

Zrobiłam tak jak kazałes i daje logi z sillenta i comboscan

sillent

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} “1” = “C:\WINDOWS\systpro32.exe” [file not found] “BianFeng” = “C:\Documents and Settings\Marta\SendTo\winhy.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {F97DA966-F09D-4cab-BF29-75A0026986EA}(Default) = “XBTP02634” -> {HKLM…CLSID} = “XBTP02634 Class” \InProcServer32(Default) = “C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <> “Userinit” = “C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marta\USTAWI~1\Temp\winime.exe” [MS], [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Startup items in “Marta” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}” -> {HKLM…CLSID} = “BearShare MediaBar” \InProcServer32(Default) = “C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll” [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}” = (no title provided) -> {HKLM…CLSID} = “BearShare MediaBar” \InProcServer32(Default) = “C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll” [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}” = (no title provided) -> {HKLM…CLSID} = “BearShare MediaBar” \InProcServer32(Default) = “C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll” [file not found] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 11 seconds. ---------- (total run time: 96 seconds)

Złączono Posta : 03.04.2007 (Wto) 19:37

comboscan:

ComboScan v20070306.20 run by Marta on 2007-04-01 at 15:01:46 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. – Last 2 Restore Point(s) – 2: 2007-04-01 13:01:48 UTC - RP17 - ComboScan Restore Point 1: 2007-04-01 12:48:26 UTC - RP16 - Punkt kontrolny systemu Performed disk cleanup. – HijackThis (run as Marta.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 15:02:13, on 2007-04-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Marta\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\Marta.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.satfilm.net.pl:0;gopher=proxy.satfilm.net.pl:0;http=proxy.satfilm.net.pl:0;https=proxy.satfilm.net.pl:0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marta\USTAWI~1\Temp\winime.exe O1 - Hosts: 222.76.217.141 hymht.h74.1stxy.net O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing) O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “C:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys 1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys 2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys 3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys 1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys 3S cmuda (C-Media WDM Audio Interface) - C:\WINDOWS\system32\drivers\cmuda.sys 3R FETNDIS (VIA Rhine Family Fast Ethernet Adapter Driver) - C:\WINDOWS\system32\drivers\fetnd5b.sys 3S NTSIM - C:\WINDOWS\system32\ntsim.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys 3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\usbstor.sys 0R viaagp (Filtr magistrali AGP VIA) - C:\WINDOWS\system32\drivers\viaagp.sys 0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS 3R VIAudio (VIA AC’97 Audio Controller (WDM)) - C:\WINDOWS\system32\drivers\viaudio.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2R aswUpdSv (avast! iAVS4 Control Service) - “C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe” 2R avast! Antivirus - “C:\Program Files\Alwil Software\Avast4\ashServ.exe” 3R avast! Mail Scanner - “C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service 3R avast! Web Scanner - “C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service – Files created between 2007-03-01 and 2007-04-01 ----------------------------- 2007-04-01 13:58:12 464 --a------ C:\WINDOWS\system32\DivX.dll 2007-03-29 11:06:52 0 d–hs---- C:\FOUND.001 2007-03-29 10:09:52 0 d-------- C:\Program Files\MyGlobalSearch 2007-03-29 10:09:52 0 d-------- C:\My Downloads 2007-03-29 10:09:51 0 d-------- C:\Program Files\BearShare 2007-03-28 13:10:18 345088 --a------ C:\WINDOWS\Pbrush.exe 2007-03-27 22:06:39 0 dr-h----- C:\MSOCache 2007-03-22 18:01:06 32768 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll 2007-03-22 18:01:06 2605056 --a------ C:\WINDOWS\system32\BCGCBPRO800u.dll 2007-03-22 18:01:05 2600960 --a------ C:\WINDOWS\system32\BCGCBPRO800.dll 2007-03-22 18:01:03 1047552 --a------ C:\WINDOWS\system32\mfc71u.dll 2007-03-22 18:01:03 0 d-------- C:\Program Files\Nero 2007-03-22 16:34:46 0 d-------- C:\WINDOWS\system32\appmgmt 2007-03-22 16:14:08 0 d-------- C:\WINDOWS\SoftwareDistribution 2007-03-22 16:14:06 0 d-------- C:\WINDOWS\Prefetch 2007-03-22 16:08:39 40832 -----n— C:\WINDOWS\system32\drivers\irbus.sys 2007-03-22 16:08:38 9728 -----n— C:\WINDOWS\system32\comsdupd.exe 2007-03-22 16:08:34 34735 -----n— C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-03-22 16:08:34 29455 -----n— C:\WINDOWS\system32\drivers\ati1xbxx.sys 2007-03-22 16:08:34 36463 -----n— C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-03-22 16:08:34 21343 -----n— C:\WINDOWS\system32\drivers\ati1ttxx.sys 2007-03-22 16:08:34 26367 -----n— C:\WINDOWS\system32\drivers\ati1snxx.sys 2007-03-22 16:08:34 63663 -----n— C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-03-22 16:08:34 30671 -----n— C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-03-22 16:08:34 12047 -----n— C:\WINDOWS\system32\drivers\ati1pdxx.sys 2007-03-22 16:08:34 11615 -----n— C:\WINDOWS\system32\drivers\ati1mdxx.sys 2007-03-22 16:08:34 56623 -----n— C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-03-22 16:08:34 43008 -----n— C:\WINDOWS\system32\drivers\amdagp.sys 2007-03-22 16:08:34 42752 -----n— C:\WINDOWS\system32\drivers\alim1541.sys 2007-03-22 16:08:34 44928 -----n— C:\WINDOWS\system32\drivers\agpcpq.sys 2007-03-22 16:08:34 42368 -----n— C:\WINDOWS\system32\drivers\agp440.sys 2007-03-22 16:08:34 3775 -----n— C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-03-22 16:08:34 3711 -----n— C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-03-22 16:08:34 3135 -----n— C:\WINDOWS\system32\drivers\adv08nt5.dll 2007-03-22 16:08:34 3647 -----n— C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-03-22 16:08:34 3615 -----n— C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-03-22 16:08:34 3967 -----n— C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-03-22 16:08:34 4255 -----n— C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-03-22 16:08:33 15104 -----n— C:\WINDOWS\system32\drivers\hidir.sys 2007-03-22 16:08:33 25728 -----n— C:\WINDOWS\system32\drivers\hidbth.sys 2007-03-22 16:08:33 46464 -----n— C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-03-22 16:08:33 124800 -----n— C:\WINDOWS\system32\drivers\fltmgr.sys 2007-03-22 16:08:33 15423 -----n— C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2007-03-22 16:08:33 18944 -----n— C:\WINDOWS\system32\drivers\bthusb.sys 2007-03-22 16:08:33 35456 -----n— C:\WINDOWS\system32\drivers\bthprint.sys 2007-03-22 16:08:33 275200 -----n— C:\WINDOWS\system32\drivers\bthport.sys 2007-03-22 16:08:33 100992 -----n— C:\WINDOWS\system32\drivers\bthpan.sys 2007-03-22 16:08:33 38016 -----n— C:\WINDOWS\system32\drivers\bthmodem.sys 2007-03-22 16:08:33 17024 -----n— C:\WINDOWS\system32\drivers\bthenum.sys 2007-03-22 16:08:33 17279 -----n— C:\WINDOWS\system32\drivers\atv10nt5.dll 2007-03-22 16:08:33 14143 -----n— C:\WINDOWS\system32\drivers\atv06nt5.dll 2007-03-22 16:08:33 25471 -----n— C:\WINDOWS\system32\drivers\atv04nt5.dll 2007-03-22 16:08:33 11359 -----n— C:\WINDOWS\system32\drivers\atv02nt5.dll 2007-03-22 16:08:33 21183 -----n— C:\WINDOWS\system32\drivers\atv01nt5.dll 2007-03-22 16:08:33 63488 -----n— C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-03-22 16:08:33 31744 -----n— C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-03-22 16:08:33 73216 -----n— C:\WINDOWS\system32\drivers\atintuxx.sys 2007-03-22 16:08:33 13824 -----n— C:\WINDOWS\system32\drivers\atinttxx.sys 2007-03-22 16:08:33 28672 -----n— C:\WINDOWS\system32\drivers\atinsnxx.sys 2007-03-22 16:08:33 104960 -----n— C:\WINDOWS\system32\drivers\atinrvxx.sys 2007-03-22 16:08:33 52224 -----n— C:\WINDOWS\system32\drivers\atinraxx.sys 2007-03-22 16:08:33 14336 -----n— C:\WINDOWS\system32\drivers\atinpdxx.sys 2007-03-22 16:08:33 13824 -----n— C:\WINDOWS\system32\drivers\atinmdxx.sys 2007-03-22 16:08:33 57856 -----n— C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-03-22 16:08:33 701440 -----n— C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-03-22 16:08:33 327040 -----n— C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-03-22 16:08:32 180360 -----n— C:\WINDOWS\system32\drivers\ntmtlfax.sys 2007-03-22 16:08:32 12672 -----n— C:\WINDOWS\system32\drivers\mutohpen.sys 2007-03-22 16:08:32 452736 -----n— C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-03-22 16:08:32 1309184 -----n— C:\WINDOWS\system32\drivers\mtlstrm.sys 2007-03-22 16:08:32 126686 -----n— C:\WINDOWS\system32\drivers\mtlmnt5.sys 2007-03-22 16:08:32 15488 -----n— C:\WINDOWS\system32\drivers\mssmbios.sys 2007-03-22 16:08:32 11868 -----n— C:\WINDOWS\system32\drivers\mdmxsdk.sys 2007-03-22 16:08:32 29056 -----n— C:\WINDOWS\system32\drivers\ip6fw.sys 2007-03-22 16:08:32 40320 -----n— C:\WINDOWS\system32\drivers\intelppm.sys 2007-03-22 16:08:32 263040 -----n— C:\WINDOWS\system32\drivers\http.sys 2007-03-22 16:08:32 1041536 -----n— C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2007-03-22 16:08:32 685056 -----n— C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-03-22 16:08:32 220032 -----n— C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2007-03-22 16:08:31 11325 -----n— C:\WINDOWS\system32\drivers\vchnt5.dll 2007-03-22 16:08:31 78464 -----n— C:\WINDOWS\system32\drivers\usbvideo.sys 2007-03-22 16:08:31 12672 -----n— C:\WINDOWS\system32\drivers\usb8023x.sys 2007-03-22 16:08:31 44672 -----n— C:\WINDOWS\system32\drivers\uagp35.sys 2007-03-22 16:08:31 6016 -----n— C:\WINDOWS\system32\drivers\smbali.sys 2007-03-22 16:08:31 13240 -----n— C:\WINDOWS\system32\drivers\slwdmsup.sys 2007-03-22 16:08:31 95424 -----n— C:\WINDOWS\system32\drivers\slnthal.sys 2007-03-22 16:08:31 404990 -----n— C:\WINDOWS\system32\drivers\slntamr.sys 2007-03-22 16:08:31 129535 -----n— C:\WINDOWS\system32\drivers\slnt7554.sys 2007-03-22 16:08:31 41088 -----n— C:\WINDOWS\system32\drivers\sisagp.sys 2007-03-22 16:08:31 3901 -----n— C:\WINDOWS\system32\drivers\siint5.dll 2007-03-22 16:08:31 10240 -----n— C:\WINDOWS\system32\drivers\sffp_sd.sys 2007-03-22 16:08:31 11136 -----n— C:\WINDOWS\system32\drivers\sffdisk.sys 2007-03-22 16:08:31 67584 -----n— C:\WINDOWS\system32\drivers\sdbus.sys 2007-03-22 16:08:31 166912 -----n— C:\WINDOWS\system32\drivers\s3gnbm.sys 2007-03-22 16:08:31 30080 -----n— C:\WINDOWS\system32\drivers\rndismpx.sys 2007-03-22 16:08:31 59648 -----n— C:\WINDOWS\system32\drivers\rfcomm.sys 2007-03-22 16:08:31 13776 -----n— C:\WINDOWS\system32\drivers\recagent.sys 2007-03-22 16:08:30 25471 -----n— C:\WINDOWS\system32\drivers\watv10nt.sys 2007-03-22 16:08:30 22271 -----n— C:\WINDOWS\system32\drivers\watv06nt.sys 2007-03-22 16:08:30 11935 -----n— C:\WINDOWS\system32\drivers\wadv11nt.sys 2007-03-22 16:08:30 11871 -----n— C:\WINDOWS\system32\drivers\wadv09nt.sys 2007-03-22 16:08:30 11295 -----n— C:\WINDOWS\system32\drivers\wadv08nt.sys 2007-03-22 16:08:30 11807 -----n— C:\WINDOWS\system32\drivers\wadv07nt.sys 2007-03-22 16:08:30 13568 -----n— C:\WINDOWS\system32\drivers\wacompen.sys 2007-03-22 16:08:30 71680 -----n— C:\WINDOWS\system32\blastcln.exe 2007-03-22 16:08:30 7168 -----n— C:\WINDOWS\system32\bitsprx3.dll 2007-03-22 16:08:30 8192 -----n— C:\WINDOWS\system32\bitsprx2.dll 2007-03-22 16:08:30 14336 -----n— C:\WINDOWS\system32\auditusr.exe 2007-03-22 16:08:30 516768 -----n— C:\WINDOWS\system32\ativvaxx.dll 2007-03-22 16:08:30 32768 -----n— C:\WINDOWS\system32\ativtmxx.dll 2007-03-22 16:08:30 1888992 -----n— C:\WINDOWS\system32\ati3duag.dll 2007-03-22 16:08:30 870784 -----n— C:\WINDOWS\system32\ati3d1ag.dll 2007-03-22 16:08:30 201728 -----n— C:\WINDOWS\system32\ati2dvag.dll 2007-03-22 16:08:30 377984 -----n— C:\WINDOWS\system32\ati2dvaa.dll 2007-03-22 16:08:30 229376 -----n— C:\WINDOWS\system32\ati2cqag.dll 2007-03-22 16:08:29 2113536 -----n— C:\WINDOWS\system32\dxdiagn.dll 2007-03-22 16:08:29 1689088 -----n— C:\WINDOWS\system32\d3d9.dll 2007-03-22 16:08:29 13824 -----n— C:\WINDOWS\system32\cmsetacl.dll 2007-03-22 16:08:29 50688 -----n— C:\WINDOWS\system32\btpanui.dll 2007-03-22 16:08:29 30208 -----n— C:\WINDOWS\system32\bthserv.dll 2007-03-22 16:08:29 20992 -----n— C:\WINDOWS\system32\bthci.dll 2007-03-22 16:08:28 338432 -----n— C:\WINDOWS\system32\ir41_qcx.dll 2007-03-22 16:08:28 120320 -----n— C:\WINDOWS\system32\ir41_qc.dll 2007-03-22 16:08:28 81920 -----n— C:\WINDOWS\system32\ieencode.dll 2007-03-22 16:08:28 24576 -----n— C:\WINDOWS\system32\httpapi.dll 2007-03-22 16:08:28 32285 -----n— C:\WINDOWS\system32\hsfcisp2.dll 2007-03-22 16:08:28 60416 -----n— C:\WINDOWS\system32\fwcfg.dll 2007-03-22 16:08:28 193024 -----n— C:\WINDOWS\system32\fsquirt.exe 2007-03-22 16:08:28 22528 -----n— C:\WINDOWS\system32\fltmc.exe 2007-03-22 16:08:28 16896 -----n— C:\WINDOWS\system32\fltlib.dll 2007-03-22 16:08:27 86016 -----n— C:\WINDOWS\system32\mdmxsdk.dll 2007-03-22 16:08:27 7168 -----n— C:\WINDOWS\system32\kbdukx.dll 2007-03-22 16:08:27 7680 -----n— C:\WINDOWS\system32\kbdsmsno.dll 2007-03-22 16:08:27 7680 -----n— C:\WINDOWS\system32\kbdsmsfi.dll 2007-03-22 16:08:27 7168 -----n— C:\WINDOWS\system32\kbdno1.dll 2007-03-22 16:08:27 6144 -----n— C:\WINDOWS\system32\kbdmlt48.dll 2007-03-22 16:08:27 6144 -----n— C:\WINDOWS\system32\kbdmlt47.dll 2007-03-22 16:08:27 5632 -----n— C:\WINDOWS\system32\kbdmaori.dll 2007-03-22 16:08:27 6656 -----n— C:\WINDOWS\system32\kbdinmal.dll 2007-03-22 16:08:27 6656 -----n— C:\WINDOWS\system32\kbdinben.dll 2007-03-22 16:08:27 6144 -----n— C:\WINDOWS\system32\kbdinbe1.dll 2007-03-22 16:08:27 7168 -----n— C:\WINDOWS\system32\kbdfi1.dll 2007-03-22 16:08:27 183808 -----n— C:\WINDOWS\system32\ir50_qcx.dll 2007-03-22 16:08:27 200192 -----n— C:\WINDOWS\system32\ir50_qc.dll 2007-03-22 16:08:26 52736 -----n— C:\WINDOWS\system32\mspmsnsv.dll 2007-03-22 16:08:26 118784 -----n— C:\WINDOWS\system32\msdadiag.dll 2007-03-22 16:08:25 1737856 -----n— C:\WINDOWS\system32\mtxparhd.dll 2007-03-22 16:08:24 427008 -----n— C:\WINDOWS\system32\xpob2res.dll 2007-03-22 16:08:24 397056 -----n— C:\WINDOWS\system32\s3gnb.dll 2007-03-22 16:08:24 49152 -----n— C:\WINDOWS\system32\powercfg.exe 2007-03-22 16:08:24 48640 -----n— C:\WINDOWS\system32\pnrpnsp.dll 2007-03-22 16:08:24 526848 -----n— C:\WINDOWS\system32\p2psvc.dll 2007-03-22 16:08:24 88064 -----n— C:\WINDOWS\system32\p2pnetsh.dll 2007-03-22 16:08:24 312320 -----n— C:\WINDOWS\system32\p2pgraph.dll 2007-03-22 16:08:24 86016 -----n— C:\WINDOWS\system32\p2pgasvc.dll 2007-03-22 16:08:24 116224 -----n— C:\WINDOWS\system32\p2p.dll 2007-03-22 16:08:23 2953216 -----n— C:\WINDOWS\system32\xpsp2res.dll 2007-03-22 16:08:23 15872 -----n— C:\WINDOWS\system32\w3ssl.dll 2007-03-22 16:08:23 44032 -----n— C:\WINDOWS\system32\twext.dll 2007-03-22 16:08:23 75776 -----n— C:\WINDOWS\system32\strmfilt.dll 2007-03-22 16:08:23 8192 -----n— C:\WINDOWS\system32\smbinst.exe 2007-03-22 16:08:23 73796 -----n— C:\WINDOWS\system32\slserv.exe 2007-03-22 16:08:23 32866 -----n— C:\WINDOWS\system32\slrundll.exe 2007-03-22 16:08:23 188508 -----n— C:\WINDOWS\system32\slgen.dll 2007-03-22 16:08:23 286792 -----n— C:\WINDOWS\system32\slextspk.dll 2007-03-22 16:08:23 73832 -----n— C:\WINDOWS\system32\slcoinst.dll 2007-03-22 16:08:23 29184 -----n— C:\WINDOWS\system32\sdhcinst.dll 2007-03-22 16:08:22 190976 -----n— C:\WINDOWS\system32\wmerror.dll 2007-03-22 16:08:22 17408 -----n— C:\WINDOWS\system32\winshfhc.dll 2007-03-22 16:08:21 233472 -----n— C:\WINDOWS\system32\wmpdxm.dll 2007-03-22 16:08:21 114688 -----n— C:\WINDOWS\system32\wmpasf.dll 2007-03-22 16:08:20 108032 -----n— C:\WINDOWS\system32\wshbth.dll 2007-03-22 16:08:20 81408 -----n— C:\WINDOWS\system32\wscsvc.dll 2007-03-22 16:08:20 13824 -----n— C:\WINDOWS\system32\wscntfy.exe 2007-03-22 16:08:19 120320 -----n— C:\WINDOWS\system32\wuweb.dll 2007-03-22 16:08:19 36864 -----n— C:\WINDOWS\system32\wups.dll 2007-03-22 16:08:19 113664 -----n— C:\WINDOWS\system32\wucltui.dll 2007-03-22 16:08:19 184320 -----n— C:\WINDOWS\system32\wuaueng1.dll 2007-03-22 16:08:19 168960 -----n— C:\WINDOWS\system32\wuauclt1.exe 2007-03-22 16:08:19 431616 -----n— C:\WINDOWS\system32\wuapi.dll 2007-03-22 16:08:18 50176 -----n— C:\WINDOWS\system32\xmlprovi.dll 2007-03-22 16:08:18 129536 -----n— C:\WINDOWS\system32\xmlprov.dll 2007-03-22 16:08:18 32866 -----n— C:\WINDOWS\slrundll.exe 2007-03-22 16:08:17 0 d-------- C:\WINDOWS\peernet 2007-03-22 16:08:16 0 d-------- C:\WINDOWS\provisioning 2007-03-22 16:06:24 0 d-------- C:\WINDOWS\ServicePackFiles 2007-03-22 16:02:02 15872 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-03-22 15:59:20 0 d-------- C:\WINDOWS\EHome 2007-03-20 15:48:15 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-03-20 15:48:12 364544 -----n— C:\WINDOWS\system32\TwnLib4.dll 2007-03-20 15:48:12 471040 -----n— C:\WINDOWS\system32\ImagXRA7.dll 2007-03-20 15:48:11 262144 -----n— C:\WINDOWS\system32\ImagXR7.dll 2007-03-20 15:48:11 476320 -----n— C:\WINDOWS\system32\ImagXpr7.dll 2007-03-20 15:48:11 1568768 -----n— C:\WINDOWS\system32\ImagX7.dll 2007-03-20 15:48:09 38912 -----n— C:\WINDOWS\system32\picn20.dll 2007-03-20 15:48:04 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-03-20 15:48:04 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-20 15:48:00 0 d-------- C:\Program Files\Ahead 2007-03-20 15:28:46 0 d-------- C:\Program Files\Winamp 2007-03-20 14:29:01 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-03-20 14:19:40 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-03-20 14:19:40 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-03-20 14:19:40 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-03-20 14:19:39 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-03-20 14:19:39 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-03-20 14:19:34 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-03-20 14:02:03 0 d-------- C:\Program Files\Common Files\Adobe 2007-03-20 13:56:28 0 d-------- C:\Program Files\Common Files\ACD Systems 2007-03-20 13:56:28 0 d-------- C:\Program Files\ACD Systems 2007-03-20 13:56:26 809984 --a------ C:\WINDOWS\system32\wmvdmod.dll 2007-03-20 13:56:26 484864 --a------ C:\WINDOWS\system32\wmspdmod.dll 2007-03-20 13:56:26 759296 --a------ C:\WINDOWS\system32\wmsdmod.dll 2007-03-20 13:56:26 408064 --a------ C:\WINDOWS\system32\wmadmod.dll 2007-03-20 13:56:26 240640 --a------ C:\WINDOWS\system32\mpg4dmod.dll 2007-03-20 13:56:26 384512 --a------ C:\WINDOWS\system32\mp4sdmod.dll 2007-03-20 13:56:26 310272 --a------ C:\WINDOWS\system32\mp43dmod.dll 2007-03-20 13:56:25 1001472 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2007-03-20 13:56:25 896512 --a------ C:\WINDOWS\system32\wmspdmoe.dll 2007-03-20 13:56:25 1119744 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2007-03-20 13:56:25 1050624 --a------ C:\WINDOWS\system32\wmnetmgr.dll 2007-03-20 13:56:25 151552 --a------ C:\WINDOWS\system32\wmidx.dll 2007-03-20 13:56:25 670720 --a------ C:\WINDOWS\system32\wmadmoe.dll 2007-03-20 13:56:25 237568 --a------ C:\WINDOWS\system32\qasf.dll 2007-03-20 13:56:25 103936 --a------ C:\WINDOWS\system32\logagent.exe 2007-03-20 13:56:25 6656 --a------ C:\WINDOWS\system32\laprxy.dll 2007-03-20 13:56:24 259072 --a------ C:\WINDOWS\system32\msnetobj.dll 2007-03-20 13:56:24 286208 --a------ C:\WINDOWS\system32\blackbox.dll 2007-03-20 13:56:23 695296 --a------ C:\WINDOWS\system32\drmv2clt.dll 2007-03-20 13:56:23 87040 --a------ C:\WINDOWS\system32\drmstor.dll 2007-03-20 13:56:23 299520 --a------ C:\WINDOWS\system32\drmclien.dll 2007-03-20 13:56:16 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-03-20 13:53:02 0 d-------- C:\WINDOWS\Downloaded Installations 2007-03-20 13:27:04 0 d-------- C:\Program Files\Common Files\Skype 2007-03-20 13:14:09 0 d-------- C:\Program Files\Skype 2007-03-20 13:11:27 0 d-------- C:\Program Files\CCleaner 2007-03-20 13:08:58 88960 -ra------ C:\WINDOWS\system32\drivers\viaudio.sys 2007-03-20 13:08:58 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-03-20 13:08:57 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-03-20 13:08:57 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-03-20 13:08:57 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-03-20 13:08:56 4096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-03-20 13:08:53 32768 --a------ C:\WINDOWS\system32\UnAudioNT.dll 2007-03-20 13:08:53 0 d-------- C:\Program Files\VIA Technologies, INC 2007-03-20 13:03:27 36224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-03-20 13:02:41 40448 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys 2007-03-20 13:02:39 6016 -ra------ C:\WINDOWS\system32\ntsim.sys 2007-03-20 13:02:26 307200 --a------ C:\WINDOWS\IsUn0415.exe 2007-03-20 12:57:39 115880 -----n— C:\WINDOWS\system32\pxinsi64.exe 2007-03-20 12:57:39 129784 -----n— C:\WINDOWS\system32\pxafs.dll 2007-03-20 12:57:39 36528 -----n— C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-03-20 12:57:39 2560 -----n— C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-03-20 12:57:39 2432 -----n— C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-03-20 12:43:24 237568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-03-20 12:43:17 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-03-20 12:42:44 188416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-03-20 12:42:38 45056 --a------ C:\WINDOWS\system32\ogg.dll 2007-03-20 12:42:29 245760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-03-20 12:42:20 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-03-20 12:42:17 755200 --a------ C:\WINDOWS\system32\ir50_32.dll 2007-03-20 12:40:40 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-03-20 12:40:14 0 d-------- C:\Program Files\Real Alternative 2007-03-20 12:37:39 0 d-------- C:\Program Files\QuickTime Alternative 2007-03-20 12:29:04 0 d-------- C:\Program Files\MarBit 2007-03-20 12:23:15 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-03-20 12:23:15 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-03-20 12:23:14 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-03-20 12:23:14 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-03-20 12:23:12 0 d-------- C:\Program Files\K-Lite Codec Pack 2007-03-20 12:19:44 0 d-------- C:\Program Files\OpenOffice.org 2.0.3 2007-03-20 12:15:54 0 d-------- C:\Program Files\Gadu-Gadu 2007-03-20 12:15:28 0 d-------- C:\Program Files\RegCleaner 2007-03-20 12:01:25 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-03-20 12:01:24 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-03-20 12:01:23 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-03-20 12:01:22 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-03-20 12:01:21 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-03-20 12:01:19 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-03-20 12:01:18 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-03-20 12:01:17 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-03-20 12:01:05 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2007-03-20 12:01:03 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys 2007-03-20 12:01:02 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys 2007-03-20 12:00:52 32768 --a------ C:\WINDOWS\system32\udaprop.dll 2007-03-20 12:00:52 740608 --a------ C:\WINDOWS\system32\drivers\cmuda.sys 2007-03-20 12:00:52 106496 --a------ C:\WINDOWS\system32\cmuda.dll 2007-03-20 12:00:51 1900544 --a------ C:\WINDOWS\system32\cmiwcnfg.dll 2007-03-20 12:00:51 233472 --a------ C:\WINDOWS\system32\cmirmdrv.exe 2007-03-20 12:00:51 28672 --a------ C:\WINDOWS\system32\cmirmdrv.dll 2007-03-20 12:00:51 712704 --a------ C:\WINDOWS\system32\Audio3D.dll 2007-03-20 12:00:51 712704 --a------ C:\WINDOWS\system32\a3d.dll 2007-03-20 12:00:51 917504 --a------ C:\WINDOWS\system\cmids3d.dll 2007-03-20 12:00:46 266240 --a------ C:\WINDOWS\CMIUninstall.exe 2007-03-20 12:00:46 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe 2007-03-20 12:00:46 28672 --a------ C:\WINDOWS\CMIRmDriver.dll 2007-03-20 12:00:46 0 d-------- C:\Program Files\C-Media 3D Audio 2007-03-20 11:58:02 0 d–hs---- C:\FOUND.000 2007-03-20 11:36:43 348160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-03-20 11:36:43 499712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-03-20 11:36:43 1060864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-03-20 11:36:38 0 d-------- C:\Program Files\Alwil Software 2007-03-20 11:33:06 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2007-03-20 11:32:53 306688 --a------ C:\WINDOWS\IsUninst.exe 2007-03-20 11:32:30 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-03-20 11:29:02 192000 --a------ C:\WINDOWS\system32\iuengine.dll 2007-03-20 11:27:37 0 d–hs---- C:\Recycled 2007-03-20 11:21:39 0 d–hs---- C:\WINDOWS\Installer 2007-03-20 11:17:54 0 d–hs---- C:\System Volume Information 2007-03-20 11:12:49 0 d-------- C:\WINDOWS\system32\xircom 2007-03-20 11:12:49 0 d-------- C:\Program Files\microsoft frontpage 2007-03-20 11:12:26 0 -rahs---- C:\MSDOS.SYS 2007-03-20 11:12:26 0 -rahs---- C:\IO.SYS 2007-03-20 11:12:26 0 --a------ C:\CONFIG.SYS 2007-03-20 11:12:26 0 --a------ C:\AUTOEXEC.BAT 2007-03-20 11:12:13 112128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-03-20 11:11:19 0 dr------- C:\WINDOWS\Offline Web Pages 2007-03-20 11:11:19 0 d—s---- C:\WINDOWS\Downloaded Program Files 2007-03-20 11:10:51 0 d-------- C:\WINDOWS\system32\DirectX 2007-03-20 11:10:29 45568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-03-20 11:10:29 29696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-03-20 11:10:29 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-03-20 11:10:29 43520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-03-20 11:10:29 11264 --a------ C:\WINDOWS\system32\atrace.dll 2007-03-20 11:10:22 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-03-20 11:10:21 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-03-20 11:10:21 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-03-20 11:10:20 67584 --a------ C:\WINDOWS\system32\acctres.dll 2007-03-20 11:10:19 49664 --a------ C:\WINDOWS\system32\inetres.dll 2007-03-20 11:10:16 0 d—s---- C:\WINDOWS\Tasks 2007-03-20 11:10:16 86016 --a------ C:\WINDOWS\system32\isign32.dll 2007-03-20 11:10:16 278528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-03-20 11:10:16 65536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-03-20 11:10:16 73728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-03-20 11:10:16 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-03-20 11:10:14 0 d-------- C:\Program Files\Common Files\MSSoap 2007-03-20 11:10:11 0 d-------- C:\WINDOWS\srchasst 2007-03-20 11:10:10 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-03-20 11:10:10 0 d-------- C:\WINDOWS\system32\Macromed 2007-03-20 11:10:09 382464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-03-20 11:10:09 0 d-------- C:\Program Files\Movie Maker 2007-03-20 11:10:06 0 d-------- C:\WINDOWS\PCHealth 2007-03-20 11:10:05 171008 --a------ C:\WINDOWS\system32\srsvc.dll 2007-03-20 11:10:05 240128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-03-20 11:10:05 67584 --a------ C:\WINDOWS\system32\srclient.dll 2007-03-20 11:10:05 0 d-------- C:\WINDOWS\system32\Restore 2007-03-20 11:10:05 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-03-20 11:10:05 69632 --a------ C:\WINDOWS\system32\msconf.dll 2007-03-20 11:10:05 34560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-03-20 11:10:05 81920 --a------ C:\WINDOWS\system32\ils.dll 2007-03-20 11:10:05 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-03-20 11:10:03 105984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-03-20 11:10:03 252928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-03-20 11:10:02 192000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-03-20 11:10:02 678400 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-03-20 11:10:01 12288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-03-20 11:10:01 278528 --a------ C:\WINDOWS\system32\mstask.dll 2007-03-20 11:09:09 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-03-20 11:08:55 0 d-------- C:\WINDOWS\Registration 2007-03-20 11:08:51 0 d–h----- C:\Program Files\WindowsUpdate 2007-03-20 11:08:51 0 d-------- C:\Program Files\Usługi online 2007-03-20 11:08:45 0 d-------- C:\Program Files\Messenger 2007-03-20 11:08:41 5632 --a------ C:\WINDOWS\system32\write.exe 2007-03-20 11:08:41 0 d-------- C:\Program Files\MSN Gaming Zone 2007-03-20 11:08:33 139264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-03-20 11:08:33 132608 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-03-20 11:08:33 349696 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-03-20 11:08:33 187904 --a------ C:\WINDOWS\system32\accwiz.exe 2007-03-20 11:08:32 35328 --a------ C:\WINDOWS\system32\winchat.exe 2007-03-20 11:08:32 44544 --a------ C:\WINDOWS\system32\hticons.dll 2007-03-20 11:08:32 73216 --a------ C:\WINDOWS\system32\avwav.dll 2007-03-20 11:08:32 231424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-03-20 11:08:32 16384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-03-20 11:08:27 605696 --a------ C:\WINDOWS\system32\getuname.dll 2007-03-20 11:08:27 80896 --a------ C:\WINDOWS\system32\charmap.exe 2007-03-20 11:08:27 115200 --a------ C:\WINDOWS\system32\calc.exe 2007-03-20 11:08:26 119808 --a------ C:\WINDOWS\system32\winmine.exe 2007-03-20 11:08:26 57344 --a------ C:\WINDOWS\system32\sol.exe 2007-03-20 11:08:26 9728 --a------ C:\WINDOWS\system32\reset.exe 2007-03-20 11:08:26 67072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-03-20 11:08:26 128000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-03-20 11:08:26 55808 --a------ C:\WINDOWS\system32\freecell.exe 2007-03-20 11:08:26 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-03-20 11:08:26 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-03-20 11:08:25 1225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-03-20 11:08:25 17920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-03-20 11:08:25 16384 --a------ C:\WINDOWS\system32\tskill.exe 2007-03-20 11:08:25 15360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-03-20 11:08:25 15360 --a------ C:\WINDOWS\system32\tscon.exe 2007-03-20 11:08:25 15360 --a------ C:\WINDOWS\system32\shadow.exe 2007-03-20 11:08:25 16384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-03-20 11:08:25 33792 --a------ C:\WINDOWS\system32\regini.exe 2007-03-20 11:08:25 4608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-03-20 11:08:25 22528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-03-20 11:08:25 20992 --a------ C:\WINDOWS\system32\qprocess.exe 2007-03-20 11:08:25 17408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-03-20 11:08:25 22528 --a------ C:\WINDOWS\system32\msg.exe 2007-03-20 11:08:25 15872 --a------ C:\WINDOWS\system32\logoff.exe 2007-03-20 11:08:25 15872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-03-20 11:08:24 11776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-03-20 11:08:24 90112 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-03-20 11:08:24 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-03-20 11:08:24 949248 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-03-20 11:08:24 58880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-03-20 11:08:24 6144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-03-20 11:08:23 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-03-20 11:08:23 4096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-03-20 11:08:23 20480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-03-20 11:08:23 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-03-20 11:08:23 82432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-03-20 11:08:23 25600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-03-20 11:08:23 62464 --a------ C:\WINDOWS\system32\colbact.dll 2007-03-20 11:08:22 54272 --a------ C:\WINDOWS\system32\stclient.dll 2007-03-20 11:08:22 540160 --a------ C:\WINDOWS\system32\comuid.dll 2007-03-20 11:08:22 147456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-03-20 11:08:22 501248 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-03-20 11:08:22 110080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-03-20 11:08:22 85504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-03-20 11:08:22 229888 --a------ C:\WINDOWS\system32\catsrv.dll 2007-03-20 11:08:16 56320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-03-20 11:08:16 17920 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-03-20 11:08:16 187904 --a------ C:\WINDOWS\system32\cmprops.dll 2007-03-20 11:08:12 345088 --a------ C:\WINDOWS\system32\mspaint.exe 2007-03-20 11:08:12 124928 --a------ C:\WINDOWS\system32\mplay32.exe 2007-03-20 11:08:12 103424 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-03-20 11:08:12 0 d-------- C:\Program Files\Windows NT 2007-03-20 11:08:11 6656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-03-20 11:08:11 1134592 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-03-20 11:08:11 112128 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-03-20 11:08:11 94720 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-03-20 11:08:11 539136 --a------ C:\WINDOWS\system32\spider.exe 2007-03-20 11:08:11 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-03-20 11:08:10 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-03-20 11:08:10 296448 --a------ C:\WINDOWS\system32\termsrv.dll 2007-03-20 11:08:10 141824 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-03-20 11:08:10 60928 --a------ C:\WINDOWS\system32\remotepg.dll 2007-03-20 11:08:10 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-03-20 11:08:10 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-03-20 11:08:10 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-03-20 11:08:10 62464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-03-20 11:08:10 147968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-03-20 11:08:10 655360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-03-20 11:08:10 408576 --a------ C:\WINDOWS\system32\mstsc.exe 2007-03-20 11:08:10 11264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-03-20 11:08:10 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-03-20 11:08:09 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-03-20 11:08:09 0 d-------- C:\WINDOWS\system32\MsDtc 2007-03-20 11:08:09 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-03-20 11:08:09 0 d-------- C:\WINDOWS\system32\Com 2007-03-20 11:08:09 628224 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-03-20 11:08:06 58880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-03-20 11:08:01 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-03-20 11:08:00 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-03-20 11:05:02 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-03-20 11:04:39 58624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-03-20 11:04:28 4274816 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-03-20 11:04:28 1897408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-03-20 11:04:11 42240 --a------ C:\WINDOWS\system32\drivers\viaagp.sys 2007-03-20 11:04:01 27165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-03-20 11:03:57 77312 --a------ C:\WINDOWS\system32\usbui.dll 2007-03-20 11:03:55 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-03-20 11:02:57 0 d-------- C:\Program Files\Common Files\ODBC 2007-03-20 11:02:55 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-03-20 11:02:54 0 dr------- C:\Program Files 2007-03-20 11:02:52 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-03-20 11:02:52 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-03-20 11:02:52 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-03-20 11:02:51 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-03-20 11:02:51 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-03-20 11:02:50 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-03-20 11:02:50 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-03-20 11:02:50 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-03-20 11:02:50 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-03-20 11:02:50 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-03-20 11:02:50 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-03-20 11:02:50 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-03-20 11:02:49 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-03-20 11:02:49 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-03-20 11:02:48 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-03-20 11:02:48 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-03-20 11:02:48 6144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-03-20 11:02:46 6656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-03-20 11:02:46 6656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-03-20 11:02:46 5632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-03-20 11:02:46 5632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-03-20 11:02:46 6656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-03-20 11:02:46 6656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-03-20 11:02:46 6656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-03-20 11:02:45 6656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-03-20 11:02:45 7168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-03-20 11:02:45 6656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-03-20 11:02:45 6656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-03-20 11:02:45 13312 --a------ C:\WINDOWS\system32\irclass.dll 2007-03-20 11:02:45 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-03-20 11:02:45 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-03-20 11:02:44 24661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-03-20 11:02:44 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-03-20 11:02:44 85532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-03-20 11:02:44 9168 --a------ C:\WINDOWS\system\VER.DLL 2007-03-20 11:02:44 19200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-03-20 11:02:44 5120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-03-20 11:02:44 24064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-03-20 11:02:44 83456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-03-20 11:02:44 127008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-03-20 11:02:43 15360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-03-20 11:02:43 69552 --a------ C:\WINDOWS\system\mmsystem.dll 2007-03-20 11:02:43 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-03-20 11:02:43 33376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-03-20 11:02:43 109488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-03-20 11:02:43 70096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-03-20 11:02:43 70144 --a------ C:\WINDOWS\notepad.exe 2007-03-20 11:02:42 75776 --a------ C:\WINDOWS\system32\storprop.dll 2007-03-20 11:02:42 8704 --a------ C:\WINDOWS\system32\batt.dll 2007-03-20 11:02:23 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-03-20 11:02:23 0 d-------- C:\WINDOWS\system32\CatRoot 2007-03-20 11:02:05 0 d-------- C:\Documents and Settings 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\WinSxS 2007-03-20 10:57:28 0 dr------- C:\WINDOWS\Web 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\twain_32 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\wbem 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\usmt 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\ShellExt 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\Setup 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\oobe 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\npp 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\mui 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\inetsrv 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\IME 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\icsxml 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\ias 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\export 2007-03-20 10:57:28 0 dr-hs---- C:\WINDOWS\system32\dllcache 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\3076 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\2052 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\1054 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\1045 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\1042 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\1041 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\1037 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\1033 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\1031 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\1028 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\system32\1025 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\security 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\Resources 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\mui 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\msapps 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\ime 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\Driver Cache 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\Debug 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\Connection Wizard 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\AppPatch 2007-03-20 10:57:28 0 d-------- C:\WINDOWS\addins 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\system32 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\system32\wins 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\system32\spool 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\system32\ras 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\system32\drivers 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\system32\dhcp 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\system32\config 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\system 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\repair 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\msagent 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\Media 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\java 2007-03-20 10:57:27 0 d–h----- C:\WINDOWS\inf 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\Help 2007-03-20 10:57:27 0 dr–s---- C:\WINDOWS\Fonts 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\Cursors 2007-03-20 10:57:27 0 d-------- C:\WINDOWS\Config – Find3M Report --------------------------------------------------------------- 2007-03-22 18:02:00 0 d-------- C:\Documents and Settings\Marta\Dane aplikacji\Ahead 2007-03-22 16:19:36 355486 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-22 16:19:36 49492 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-20 14:02:30 0 d-------- C:\Documents and Settings\Marta\Dane aplikacji\Adobe 2007-03-20 13:56:52 0 d-------- C:\Documents and Settings\Marta\Dane aplikacji\ACD Systems 2007-03-20 13:14:14 0 d-------- C:\Documents and Settings\Marta\Dane aplikacji\Skype 2007-03-20 12:40:16 0 d-------- C:\Documents and Settings\Marta\Dane aplikacji\Real 2007-03-20 12:20:40 0 d-------- C:\Documents and Settings\Marta\Dane aplikacji\OpenOffice.org2 2007-03-20 11:44:28 0 d-------- C:\Documents and Settings\Marta\Dane aplikacji\Macromedia 2007-03-20 11:21:38 0 d-------- C:\Documents and Settings\Marta\Dane aplikacji\Identities 2007-03-20 11:02:38 62 --ahs---- C:\Documents and Settings\Marta\Dane aplikacji\desktop.ini 2007-03-20 11:02:18 0 d—s---- C:\Documents and Settings\Marta\Dane aplikacji\Microsoft – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “Cmaudio”=“RunDll32 cmicnfg.cpl,CMICtrlWnd” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] “1”=“C:\WINDOWS\systpro32.exe” “BianFeng”=“C:\Documents and Settings\Marta\SendTo\winhy.exe” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 – Hosts ----------------------------------------------------------------

adam9870 · 3 Kwiecień 2007 18:57

Start >>> uruchom >>> cmd >>> w konsoli, która się otworzy wpisz:

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marta\USTAWI~1\Temp\winime .exe O1 - Hosts: 222.76.217.141 hymht.h74.1stxy.net O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

Usuń wpisy HJT jeśli będą.

Czy sam ustawiałeś te przekierowania w pliku hosts? Jeśli nie to edytuj go:

http://forum.dobreprogramy.pl/viewtopic … 470#636470