Trojan horse Back.Door.Generic3.YUZ

czyrzu · 8 Kwiecień 2007 08:02

nie wiem jak sie pozbyc tego trojana pomozcie

wklejam log z antyvira AVG

- - - @HL_UpdateOK alertmgr:445-435;avgcc:445-438;avgui:443-438;avi:989-944;core:444-435; corent:444-435;ems:442-434;fshmfx86:442-441;fshntw:445-362;fshxp:442-434;iavi:758-679; kernel:446-441;lng:445-437;lngus:445-437;update:445-441; - @HL_TestStarted @TestName_02 - @HL_ReportFind C:\WINDOWS\system32\cmh.exe @EID_Id_trj BackDoor.Generic3.YUZ - @HL_ReportFind C:\System Volume Information_restore{540303C5-D586-495E-A64D-A34294B98B8D}\RP5\A0000224.exe @EID_Id_trj BackDoor.Generic5.XLW - @HL_ReportFind C:\System Volume Information_restore{540303C5-D586-495E-A64D-A34294B98B8D}\RP5\A0000225.exe @EID_Id_trj IRC/BackDoor.SdBot2.LCL - @HL_UpdateOK avi:991-989;iavi:760-758;setup:445-438; - @HL_TestEnded @TestName_02 3 - @HL_ActionTaken C:\WINDOWS\system32\cmh.exe @HL_ActCleaned - @HL_ActionTaken C:\System Volume Information_restore{540303C5-D586-495E-A64D-A34294B98B8D}\RP5\A0000224.exe @HL_ActCleaned - @HL_ActionTaken C:\System Volume Information_restore{540303C5-D586-495E-A64D-A34294B98B8D}\RP5\A0000225.exe @HL_ActCleaned - @HL_TestStarted @TestName_02 - @HL_ReportFind C:\System Volume Information_restore{EE72516F-B110-453A-8621-A787D13714BE}\RP11\A0000770.exe @EID_Id_trj BackDoor.Generic3.YUZ - @HL_TestEnded @TestName_02 1 - @HL_ActionTaken C:\System Volume Information_restore{EE72516F-B110-453A-8621-A787D13714BE}\RP11\A0000770.exe @HL_ActCleaned - @HL_UpdateOK iavi:761-760;

Logfile of HijackThis v1.99.1 Scan saved at 09:48:58, on 2007-04-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\RunDll32.exe D:\WinXP\Winamp\winampa.exe E:\WINDOWS\system32\RUNDLL32.EXE D:\WinXP\AVG7\avgcc.exe E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe E:\Program Files\Messenger\msmsgs.exe D:\winxp\AutoConnect\AutoConnect.exe D:\WinXP\AVG7\avgamsvr.exe D:\WinXP\AVG7\avgupsvc.exe D:\WinXP\AVG7\avgemc.exe D:\WinXP\BlueSoleil\BTNtService.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\System32\svchost.exe D:\WinXp\uTorrent\utorrent.exe D:\WinXp\Gadu-Gadu\gg.exe D:\WinXp\Microsoft Office\Office10\OUTLOOK.EXE D:\Winxp\Microsoft Office\Office10\WINWORD.EXE D:\WinXp\Mozilla Firefox\firefox.exe D:\WinXp\Winamp\winamp.exe E:\WINDOWS\System32\WScript.exe D:\Dokumenty\instalki\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\WinXP\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [WinampAgent] D:\WinXP\Winamp\winampa.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [AVG7_CC] D:\WinXP\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKCU…\Run: [Gadu-Gadu] “D:\WinXp\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “E:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [AutoConnect] d:\winxp\AutoConnect\AutoConnect.exe O4 - Global Startup: Microsoft Office.lnk = D:\WinXp\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Winxp\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{B90979EB-F3D5-4DC4-9AB1-0107C9EB27F0}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\WinXP\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\WinXP\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\WinXP\AVG7\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\WinXP\BlueSoleil\BTNtService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““D:\WinXp\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “MSMSGS” = ““E:\Program Files\Messenger\msmsgs.exe” /background” [MS] “AutoConnect” = “d:\winxp\AutoConnect\AutoConnect.exe” [“http://autoconnect.prv.pl”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS] “WinampAgent” = “D:\WinXP\Winamp\winampa.exe” [null data] “NvCplDaemon” = “RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “AVG7_CC” = “D:\WinXP\AVG7\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”] “NeroFilterCheck” = “E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “SunJavaUpdateSched” = ““E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\WinXP\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “E:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “E:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “E:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “E:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “E:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “D:\Winxp\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Winxp\Microsoft Office\Office10\msohev.dll” [MS] “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “D:\WinXP\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension” -> {HKLM…CLSID} = “AVG7 Find Extension Class” \InProcServer32(Default) = “D:\WinXP\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “D:\WinXP\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “D:\WinXP\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “E:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “E:\WINDOWS\web\wallpaper\Idylla.bmp” Startup items in “czyrzu” & “All Users” startup folders: -------------------------------------------------------- E:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “D:\WinXp\Microsoft Office\Office10\OSA.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “E:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “E:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG E-mail Scanner, AVGEMS, “D:\WinXP\AVG7\avgemc.exe” [“GRISOFT, s.r.o.”] AVG7 Alert Manager Server, Avg7Alrt, “D:\WinXP\AVG7\avgamsvr.exe” [“GRISOFT, s.r.o.”] AVG7 Update Service, Avg7UpdSvc, “D:\WinXP\AVG7\avgupsvc.exe” [“GRISOFT, s.r.o.”] BlueSoleil Hid Service, BlueSoleil Hid Service, “D:\WinXP\BlueSoleil\BTNtService.exe” [null data] HTTP SSL, HTTPFilter, “E:\WINDOWS\System32\svchost.exe -k HTTPFilter” {“E:\WINDOWS\System32\w3ssl.dll” [MS]} NVIDIA Display Driver Service, NVSvc, “E:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 129 seconds, including 7 seconds for message boxes)

ps. i dobry jest ten AVG? co o nim myslicie

adam9870 · 8 Kwiecień 2007 08:59

Logi są Ok.

adam9870:

Kliknij prawym klawiszem myszki na ikonę Mój komputer => wybierz Właściwości => przejdź na zakładkę Przywracanie systemu => zaznacz opcję Wyłącz przywracanie systemu na wszystkich dyskach, a dalej tylko potwierdź. Oczywiście potem z powrotem możesz włączyć przywracanie ponieważ ta funkcja bywa czasami przydatna w przypadku awarii systemu etc… Wrzuć log z ComboFix. Aby zrobić w nim log należy go uruchomić = nacisnąć klawisz Y = czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C. ps. i dobry jest ten AVG? co o nim myslicie Bardzo dobry. AVG to najlepszy program antyspyware jaki znam. Daje on radę bardzo poważnym i trudnym do usunięcia szkodnikom. M.in tzw. chińszczyźnie, trojanowi Vundo, VX2 itp. szkodników, które atakują niejednego internautę.

czyrzu · 8 Kwiecień 2007 09:59

“czyrzu” - 07-04-08 11:52:13 Dodatek Service Pack 2 ComboFix 07-04-05 - Running from: “E:\Documents and Settings\czyrzu\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-03-08 to 2007-04-08 )))))))))))))))))))))))))))))))))) 2007-04-08 09:50 2007-04-07 16:20 545 --a------ E:\WINDOWS\UC.PIF 2007-04-07 16:20 545 --a------ E:\WINDOWS\RAR.PIF 2007-04-07 16:20 545 --a------ E:\WINDOWS\PKZIP.PIF 2007-04-07 16:20 545 --a------ E:\WINDOWS\PKUNZIP.PIF 2007-04-07 16:20 545 --a------ E:\WINDOWS\NOCLOSE.PIF 2007-04-07 16:20 545 --a------ E:\WINDOWS\LHA.PIF 2007-04-07 16:20 545 --a------ E:\WINDOWS\ARJ.PIF 2007-04-07 10:41 2007-04-07 09:19 2007-04-07 08:57 2007-04-06 21:12 2007-04-06 18:52 262,144 --a------ E:\DOCUME~1\ALLUSE~1\ntuser.dat 2007-04-06 18:50 221,184 --a------ E:\WINDOWS\system32\wmpns.dll 2007-04-06 18:30 2007-04-06 18:26 2007-04-06 15:36 2007-04-06 15:36 2007-04-06 15:20 2007-04-06 15:10 2007-04-06 15:09 1,193 --a------ E:\WINDOWS\mozver.dat 2007-04-06 11:52 2007-04-06 11:50 2007-04-06 11:50 2007-04-06 10:55 16,760 --a------ E:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2007-04-06 10:54 499,712 --a------ E:\WINDOWS\system32\msvcp71.dll 2007-04-06 10:54 348,160 --a------ E:\WINDOWS\system32\msvcr71.dll 2007-04-06 10:36 2007-04-06 10:01 208,896 --a------ E:\WINDOWS\system32\NVUNINST.EXE 2007-04-06 10:01 208,896 --a------ E:\WINDOWS\system32\nvudisp.exe 2007-04-06 10:01 2007-04-06 10:01 2007-04-06 09:48 2007-04-06 09:45 85,376 --a------ E:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-04-06 09:45 5,504 --a------ E:\WINDOWS\system32\drivers\MSTEE.sys 2007-04-06 09:45 19,328 --a------ E:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-04-06 09:45 17,024 --a------ E:\WINDOWS\system32\drivers\CCDECODE.sys 2007-04-06 09:45 15,360 --a------ E:\WINDOWS\system32\drivers\StreamIP.sys 2007-04-06 09:45 11,136 --a------ E:\WINDOWS\system32\drivers\SLIP.sys 2007-04-06 09:45 10,880 --a------ E:\WINDOWS\system32\drivers\NdisIP.sys 2007-04-06 09:42 54,784 --a------ E:\WINDOWS\system32\drivers\vfwwdm32.dll 2007-04-06 09:41 82,148 --a------ E:\WINDOWS\system32\drivers\VcommMgr.sys 2007-04-06 09:41 77,824 -ra------ E:\WINDOWS\system32\drivers\SioUi2k.dll 2007-04-06 09:41 7,680 --a------ E:\WINDOWS\system32\btinstall.dll 2007-04-06 09:41 63,488 -ra------ E:\WINDOWS\system32\drivers\wssbtr1f.sys 2007-04-06 09:41 61,312 --a------ E:\WINDOWS\system32\drivers\VComm.sys 2007-04-06 09:41 51,169 -ra------ E:\WINDOWS\system32\drivers\OXSER.SYS 2007-04-06 09:41 49,152 --a------ E:\WINDOWS\system32\btfunc.dll 2007-04-06 09:41 48,556 -ra------ E:\WINDOWS\system32\drivers\SktBt2k.sys 2007-04-06 09:41 48,076 -ra------ E:\WINDOWS\system32\drivers\Sio9502k.sys 2007-04-06 09:41 40,960 -ra------ E:\WINDOWS\system32\drivers\SCTray.exe 2007-04-06 09:41 28,271 --a------ E:\WINDOWS\system32\drivers\BTHidMgr.sys 2007-04-06 09:41 23,000 --a------ E:\WINDOWS\system32\drivers\btcusb.sys 2007-04-06 09:41 20,480 --a------ E:\WINDOWS\system32\drivers\blueletaudio.sys 2007-04-06 09:41 148,830 --a------ E:\WINDOWS\system32\drivers\bcbthub.sys 2007-04-06 09:41 13,304 --a------ E:\WINDOWS\system32\drivers\BTNetFilter.sys 2007-04-06 09:41 116,021 --a------ E:\WINDOWS\system32\drivers\fw203x.sys 2007-04-06 09:41 11,860 --a------ E:\WINDOWS\system32\drivers\vbtenum.sys 2007-04-06 09:41 11,736 --a------ E:\WINDOWS\system32\drivers\VHIDMini.sys 2007-04-06 09:41 10,804 --a------ E:\WINDOWS\system32\drivers\BtNetDrv.sys 2007-04-06 09:36 36,528 --------- E:\WINDOWS\system32\drivers\PxHelp20.sys 2007-04-06 09:36 2,560 --------- E:\WINDOWS\system32\drivers\cdralw2k.sys 2007-04-06 09:36 2,432 --------- E:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-04-06 09:36 129,784 --------- E:\WINDOWS\system32\pxafs.dll 2007-04-06 09:36 115,880 --------- E:\WINDOWS\system32\pxinsi64.exe 2007-04-06 09:36 2007-04-06 09:29 22,752 --a------ E:\WINDOWS\system32\spupdsvc.exe 2007-04-06 09:29 2007-04-06 09:29 2007-04-06 09:27 2007-04-06 09:23 82,944 --a------ E:\WINDOWS\system32\drivers\wdmaud.sys 2007-04-06 09:23 6,400 --a------ E:\WINDOWS\system32\drivers\splitter.sys 2007-04-06 09:23 52,864 --a------ E:\WINDOWS\system32\drivers\DMusic.sys 2007-04-06 09:23 0 --a------ E:\WINDOWS\nsreg.dat 2007-04-06 09:23 2007-04-06 09:22 917,504 --a------ E:\WINDOWS\system\cmids3d.dll 2007-04-06 09:22 77,824 --a------ E:\WINDOWS\system32\cmuda.dll 2007-04-06 09:22 743,367 --a------ E:\WINDOWS\system32\drivers\cmuda.sys 2007-04-06 09:22 712,704 --a------ E:\WINDOWS\system32\Audio3D.dll 2007-04-06 09:22 712,704 --a------ E:\WINDOWS\system32\a3d.dll 2007-04-06 09:22 7,552 --a------ E:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-04-06 09:22 60,800 --a------ E:\WINDOWS\system32\drivers\sysaudio.sys 2007-04-06 09:22 60,288 --a------ E:\WINDOWS\system32\drivers\drmk.sys 2007-04-06 09:22 54,272 --a------ E:\WINDOWS\system32\drivers\swmidi.sys 2007-04-06 09:22 5,376 --a------ E:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-04-06 09:22 4,992 --a------ E:\WINDOWS\system32\drivers\MSPQM.sys 2007-04-06 09:22 4,096 --a------ E:\WINDOWS\system32\ksuser.dll 2007-04-06 09:22 32,768 --a------ E:\WINDOWS\system32\udaprop.dll 2007-04-06 09:22 28,672 --a------ E:\WINDOWS\system32\cmirmdrv.dll 2007-04-06 09:22 28,672 --a------ E:\WINDOWS\CMIRmDriver.dll 2007-04-06 09:22 258,048 --a------ E:\WINDOWS\CMIUninstall.exe 2007-04-06 09:22 221,184 --a------ E:\WINDOWS\system32\cmirmdrv.exe 2007-04-06 09:22 212,992 --a------ E:\WINDOWS\CmiRmRedundDir.exe 2007-04-06 09:22 2,944 --a------ E:\WINDOWS\system32\drivers\drmkaud.sys 2007-04-06 09:22 172,416 --a------ E:\WINDOWS\system32\drivers\kmixer.sys 2007-04-06 09:22 145,792 --a------ E:\WINDOWS\system32\drivers\portcls.sys 2007-04-06 09:22 142,464 --a------ E:\WINDOWS\system32\drivers\aec.sys 2007-04-06 09:22 1,900,544 --a------ E:\WINDOWS\system32\cmiwcnfg.dll 2007-04-06 09:21 306,688 --a------ E:\WINDOWS\IsUninst.exe 2007-04-06 09:15 43,136 -ra------ E:\WINDOWS\system32\drivers\bcm4sbxp.sys 2007-04-06 09:13 2007-04-06 09:10 64,000 --a------ E:\WINDOWS\system32\drivers\e4ldr.sys 2007-04-06 09:10 50,007 --a------ E:\WINDOWS\system32\drivers\adildr.sys 2007-04-06 09:10 46,892 --a------ E:\WINDOWS\system32\ADADIX16.DLL 2007-04-06 09:10 4,981 --a------ E:\WINDOWS\system32\ADADIX2K.DLL 2007-04-06 09:10 24,576 --a------ E:\WINDOWS\enddisk32.exe 2007-04-06 09:10 22,395 --a------ E:\WINDOWS\system32\drivers\fpga.bin 2007-04-06 09:10 176,128 --a------ E:\WINDOWS\autoclk.exe 2007-04-06 09:10 155,648 --a------ E:\WINDOWS\system32\adadix32.dll 2007-04-06 09:10 152,220 --a------ E:\WINDOWS\system32\drivers\L1E4I2.BIN 2007-04-06 09:10 152,220 --a------ E:\WINDOWS\system32\drivers\L1E4I1.BIN 2007-04-06 09:10 152,220 --a------ E:\WINDOWS\system32\drivers\L1E4I0.BIN 2007-04-06 09:10 152,132 --a------ E:\WINDOWS\system32\drivers\L1E4P2.BIN 2007-04-06 09:10 152,132 --a------ E:\WINDOWS\system32\drivers\L1E4P1.BIN 2007-04-06 09:10 152,132 --a------ E:\WINDOWS\system32\drivers\L1E4P0.BIN 2007-04-06 09:10 152,126 --a------ E:\WINDOWS\system32\drivers\L1E9P2.BIN 2007-04-06 09:10 152,126 --a------ E:\WINDOWS\system32\drivers\L1E9P1.BIN 2007-04-06 09:10 152,126 --a------ E:\WINDOWS\system32\drivers\L1E9P0.BIN 2007-04-06 09:10 152,126 --a------ E:\WINDOWS\system32\drivers\L1E9I2.BIN 2007-04-06 09:10 152,126 --a------ E:\WINDOWS\system32\drivers\L1E9I1.BIN 2007-04-06 09:10 152,126 --a------ E:\WINDOWS\system32\drivers\L1E9I0.BIN 2007-04-06 09:10 152,036 --a------ E:\WINDOWS\system32\drivers\L1E4D2.BIN 2007-04-06 09:10 152,034 --a------ E:\WINDOWS\system32\drivers\L1E4D1.BIN 2007-04-06 09:10 152,034 --a------ E:\WINDOWS\system32\drivers\L1E4D0.BIN 2007-04-06 09:10 143,360 --a------ E:\WINDOWS\adiras.exe 2007-04-06 09:10 135,168 --a------ E:\WINDOWS\system32\unaddrv.exe 2007-04-06 09:10 127,456 --a------ E:\WINDOWS\system32\IPDETECT.EXE 2007-04-06 09:10 126,976 --a------ E:\WINDOWS\system32\coclassfast.dll 2007-04-06 09:10 126,489 --a------ E:\WINDOWS\system32\drivers\adiusbaw.sys 2007-04-06 09:10 116,992 --a------ E:\WINDOWS\system32\drivers\e4usbaw.sys 2007-04-06 09:10 2007-04-06 09:10 2007-04-06 09:10 2007-04-05 22:49 3,072 --a------ E:\WINDOWS\system32\drivers\audstub.sys 2007-04-05 22:48 77,312 --a------ E:\WINDOWS\system32\usbui.dll 2007-04-05 22:48 58,624 --a------ E:\WINDOWS\system32\drivers\redbook.sys 2007-04-05 22:48 44,672 --a------ E:\WINDOWS\system32\drivers\UAGP35.SYS 2007-04-05 22:48 4,527,488 --a------ E:\WINDOWS\system32\nv4_disp.dll 2007-04-05 22:48 3,994,624 --a------ E:\WINDOWS\system32\drivers\nv4_mini.sys 2007-04-05 22:47 8,192 -ra------ E:\WINDOWS\system32\kbdhept.dll 2007-04-05 22:47 6,656 -ra------ E:\WINDOWS\system32\kbdhela3.dll 2007-04-05 22:47 6,144 -ra------ E:\WINDOWS\system32\kbdtuq.dll 2007-04-05 22:47 6,144 -ra------ E:\WINDOWS\system32\kbdtuf.dll 2007-04-05 22:47 6,144 -ra------ E:\WINDOWS\system32\kbdhela2.dll 2007-04-05 22:47 6,144 -ra------ E:\WINDOWS\system32\kbdgkl.dll 2007-04-05 22:47 5,632 -ra------ E:\WINDOWS\system32\kbdmon.dll 2007-04-05 22:47 5,632 -ra------ E:\WINDOWS\system32\kbdkyr.dll 2007-04-05 22:47 5,632 -ra------ E:\WINDOWS\system32\kbdhe319.dll 2007-04-05 22:47 5,632 -ra------ E:\WINDOWS\system32\kbdhe220.dll 2007-04-05 22:47 5,632 -ra------ E:\WINDOWS\system32\kbdhe.dll 2007-04-05 22:47 5,632 -ra------ E:\WINDOWS\system32\kbdazel.dll 2007-04-05 22:47 2007-04-05 22:47 2007-04-05 22:47 2007-04-05 22:47 2007-04-05 22:46 9,936 --a------ E:\WINDOWS\system\LZEXPAND.DLL 2007-04-05 22:46 9,168 --a------ E:\WINDOWS\system\VER.DLL 2007-04-05 22:46 85,532 --a------ E:\WINDOWS\system32\dgsetup.dll 2007-04-05 22:46 83,456 --a------ E:\WINDOWS\system\OLECLI.DLL 2007-04-05 22:46 8,704 --a------ E:\WINDOWS\system32\batt.dll 2007-04-05 22:46 75,776 --a------ E:\WINDOWS\system32\storprop.dll 2007-04-05 22:46 70,144 --a------ E:\WINDOWS\NOTEPAD.EXE 2007-04-05 22:46 70,096 --a------ E:\WINDOWS\system\AVICAP.DLL 2007-04-05 22:46 7,168 --a------ E:\WINDOWS\system32\kbdcz.dll 2007-04-05 22:46 69,552 --a------ E:\WINDOWS\system\MMSYSTEM.DLL 2007-04-05 22:46 6,656 --a------ E:\WINDOWS\system32\kbdycl.dll 2007-04-05 22:46 6,656 --a------ E:\WINDOWS\system32\kbdsl1.dll 2007-04-05 22:46 6,656 --a------ E:\WINDOWS\system32\kbdsl.dll 2007-04-05 22:46 6,656 --a------ E:\WINDOWS\system32\kbdhu.dll 2007-04-05 22:46 6,656 --a------ E:\WINDOWS\system32\kbdcz2.dll 2007-04-05 22:46 6,656 --a------ E:\WINDOWS\system32\kbdcz1.dll 2007-04-05 22:46 6,656 --a------ E:\WINDOWS\system32\kbdcr.dll 2007-04-05 22:46 6,656 --a------ E:\WINDOWS\system32\KBDAL.DLL 2007-04-05 22:46 6,144 -ra------ E:\WINDOWS\system32\kbdlv1.dll 2007-04-05 22:46 6,144 -ra------ E:\WINDOWS\system32\kbdlv.dll 2007-04-05 22:46 6,144 -ra------ E:\WINDOWS\system32\kbdest.dll 2007-04-05 22:46 5,632 -ra------ E:\WINDOWS\system32\kbdlt1.dll 2007-04-05 22:46 5,632 -ra------ E:\WINDOWS\system32\kbdlt.dll 2007-04-05 22:46 5,632 --a------ E:\WINDOWS\system32\kbdro.dll 2007-04-05 22:46 5,632 --a------ E:\WINDOWS\system32\kbdhu1.dll 2007-04-05 22:46 5,120 --a------ E:\WINDOWS\system\SHELL.DLL 2007-04-05 22:46 33,376 --a------ E:\WINDOWS\system\COMMDLG.DLL 2007-04-05 22:46 24,661 --a------ E:\WINDOWS\system32\spxcoins.dll 2007-04-05 22:46 24,064 --a------ E:\WINDOWS\system\OLESVR.DLL 2007-04-05 22:46 19,200 --a------ E:\WINDOWS\system\TAPI.DLL 2007-04-05 22:46 176,157 --a------ E:\WINDOWS\system32\dgrpsetu.dll 2007-04-05 22:46 15,360 --a------ E:\WINDOWS\TASKMAN.EXE 2007-04-05 22:46 13,312 --a------ E:\WINDOWS\system32\irclass.dll 2007-04-05 22:46 127,008 --a------ E:\WINDOWS\system\MSVIDEO.DLL 2007-04-05 22:46 11,264 --a------ E:\WINDOWS\system32\drivers\irenum.sys 2007-04-05 22:46 109,488 --a------ E:\WINDOWS\system\AVIFILE.DLL 2007-04-05 22:46 103,424 --a------ E:\WINDOWS\system32\EqnClass.Dll 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:46 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 22:41 2007-04-05 20:59 262,144 --ah----- E:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-04-05 20:59 1,310,720 --ah----- E:\DOCUME~1\czyrzu\NTUSER.DAT 2007-04-05 20:59 2007-04-05 20:59 2007-04-05 20:59 2007-04-05 20:59 2007-04-05 20:59 2007-04-05 20:59 2007-04-05 20:59 2007-04-05 20:59 2007-04-05 20:59 2007-04-05 20:59 2007-04-05 20:59 2007-04-05 20:58 229,376 --ah----- E:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-04-05 20:58 2007-04-05 20:58 2007-04-05 20:55 229,376 —h----- E:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-04-05 20:55 2007-04-05 20:55 2007-04-05 20:54 112,128 --a------ E:\WINDOWS\system32\mapi32.dll 2007-04-05 20:54 2007-04-05 20:53 2007-04-05 20:53 2007-04-05 20:53 2007-04-05 20:53 2007-04-05 20:53 2007-04-05 20:52 86,016 --a------ E:\WINDOWS\system32\isign32.dll 2007-04-05 20:52 81,920 --a------ E:\WINDOWS\system32\ils.dll 2007-04-05 20:52 8,192 --a------ E:\WINDOWS\system32\bitsprx2.dll 2007-04-05 20:52 73,728 --a------ E:\WINDOWS\system32\icwdial.dll 2007-04-05 20:52 73,472 --a------ E:\WINDOWS\system32\drivers\sr.sys 2007-04-05 20:52 7,168 --a------ E:\WINDOWS\system32\bitsprx3.dll 2007-04-05 20:52 69,632 --a------ E:\WINDOWS\system32\msconf.dll 2007-04-05 20:52 679,424 --a------ E:\WINDOWS\system32\inetcomm.dll 2007-04-05 20:52 67,584 --a------ E:\WINDOWS\system32\srclient.dll 2007-04-05 20:52 67,584 --a------ E:\WINDOWS\system32\acctres.dll 2007-04-05 20:52 65,536 --a------ E:\WINDOWS\system32\icwphbk.dll 2007-04-05 20:52 6,656 --a------ E:\WINDOWS\system32\wuauserv.dll 2007-04-05 20:52 49,664 --a------ E:\WINDOWS\system32\inetres.dll 2007-04-05 20:52 466,200 --a------ E:\WINDOWS\system32\wuapi.dll 2007-04-05 20:52 45,568 --a------ E:\WINDOWS\system32\safrslv.dll 2007-04-05 20:52 43,520 --a------ E:\WINDOWS\system32\safrcdlg.dll 2007-04-05 20:52 43,520 --a------ E:\WINDOWS\system32\racpldlg.dll 2007-04-05 20:52 41,240 --a------ E:\WINDOWS\system32\wups.dll 2007-04-05 20:52 382,464 --a------ E:\WINDOWS\system32\qmgr.dll 2007-04-05 20:52 34,560 --a------ E:\WINDOWS\system32\mnmdd.dll 2007-04-05 20:52 32,768 --a------ E:\WINDOWS\system32\mnmsrvc.exe 2007-04-05 20:52 32,768 --a------ E:\WINDOWS\system32\isrdbg32.dll 2007-04-05 20:52 29,696 --a------ E:\WINDOWS\system32\safrdm.dll 2007-04-05 20:52 28,672 --a------ E:\WINDOWS\system32\nmmkcert.dll 2007-04-05 20:52 278,528 --a------ E:\WINDOWS\system32\mstask.dll 2007-04-05 20:52 278,528 --a------ E:\WINDOWS\system32\inetcfg.dll 2007-04-05 20:52 252,928 --a------ E:\WINDOWS\system32\msoeacct.dll 2007-04-05 20:52 240,128 --a------ E:\WINDOWS\system32\srrstr.dll 2007-04-05 20:52 23,040 --a------ E:\WINDOWS\system32\fltmc.exe 2007-04-05 20:52 195,352 --a------ E:\WINDOWS\system32\wuaueng1.dll 2007-04-05 20:52 192,000 --a------ E:\WINDOWS\system32\schedsvc.dll 2007-04-05 20:52 18,944 --a------ E:\WINDOWS\system32\qmgrprxy.dll 2007-04-05 20:52 175,384 --a------ E:\WINDOWS\system32\wuauclt1.exe 2007-04-05 20:52 173,536 --a------ E:\WINDOWS\system32\wuweb.dll 2007-04-05 20:52 171,008 --a------ E:\WINDOWS\system32\srsvc.dll 2007-04-05 20:52 16,896 --a------ E:\WINDOWS\system32\fltlib.dll 2007-04-05 20:52 16,384 --a------ E:\WINDOWS\system32\icfgnt5.dll 2007-04-05 20:52 128,896 --a------ E:\WINDOWS\system32\drivers\fltmgr.sys 2007-04-05 20:52 128,280 --a------ E:\WINDOWS\system32\wucltui.dll 2007-04-05 20:52 125,208 --a------ E:\WINDOWS\system32\wuauclt.exe 2007-04-05 20:52 12,288 --a------ E:\WINDOWS\system32\nmevtmsg.dll 2007-04-05 20:52 12,288 --a------ E:\WINDOWS\system32\mstinit.exe 2007-04-05 20:52 11,264 --a------ E:\WINDOWS\system32\atrace.dll 2007-04-05 20:52 105,984 --a------ E:\WINDOWS\system32\msoert2.dll 2007-04-05 20:52 1,343,768 --a------ E:\WINDOWS\system32\wuaueng.dll 2007-04-05 20:52 2007-04-05 20:52 2007-04-05 20:52 2007-04-05 20:52 2007-04-05 20:52 2007-04-05 20:52 2007-04-05 20:51 73,216 --a------ E:\WINDOWS\system32\avwav.dll 2007-04-05 20:51 5,632 --a------ E:\WINDOWS\system32\write.exe 2007-04-05 20:51 44,544 --a------ E:\WINDOWS\system32\hticons.dll 2007-04-05 20:51 35,328 --a------ E:\WINDOWS\system32\winchat.exe 2007-04-05 20:51 231,424 --a------ E:\WINDOWS\system32\avtapi.dll 2007-04-05 20:51 21,856 --a------ E:\WINDOWS\system32\emptyregdb.dat 2007-04-05 20:51 16,384 --a------ E:\WINDOWS\system32\avmeter.dll 2007-04-05 20:51 139,264 --a------ E:\WINDOWS\system32\sndvol32.exe 2007-04-05 20:51 2007-04-05 20:51 2007-04-05 20:51 2007-04-05 20:50 97,792 --a------ E:\WINDOWS\system32\comrepl.dll 2007-04-05 20:50 956,416 --a------ E:\WINDOWS\system32\msdtctm.dll 2007-04-05 20:50 94,720 --a------ E:\WINDOWS\system32\tscfgwmi.dll 2007-04-05 20:50 91,136 --a------ E:\WINDOWS\system32\mtxoci.dll 2007-04-05 20:50 9,728 --a------ E:\WINDOWS\system32\reset.exe 2007-04-05 20:50 87,176 --a------ E:\WINDOWS\system32\rdpwsx.dll 2007-04-05 20:50 85,504 --a------ E:\WINDOWS\system32\catsrvps.dll 2007-04-05 20:50 80,896 --a------ E:\WINDOWS\system32\charmap.exe 2007-04-05 20:50 67,072 --a------ E:\WINDOWS\system32\rdshost.exe 2007-04-05 20:50 655,360 --a------ E:\WINDOWS\system32\mstscax.dll 2007-04-05 20:50 625,152 --a------ E:\WINDOWS\system32\catsrvut.dll 2007-04-05 20:50 62,464 --a------ E:\WINDOWS\system32\rdpclip.exe 2007-04-05 20:50 605,696 --a------ E:\WINDOWS\system32\getuname.dll 2007-04-05 20:50 60,928 --a------ E:\WINDOWS\system32\remotepg.dll 2007-04-05 20:50 60,416 --a------ E:\WINDOWS\system32\colbact.dll 2007-04-05 20:50 6,144 --a------ E:\WINDOWS\system32\msdtc.exe 2007-04-05 20:50 58,880 --a------ E:\WINDOWS\system32\msdtclog.dll 2007-04-05 20:50 58,880 --a------ E:\WINDOWS\system32\licwmi.dll 2007-04-05 20:50 57,344 --a------ E:\WINDOWS\system32\sol.exe 2007-04-05 20:50 56,320 --a------ E:\WINDOWS\system32\servdeps.dll 2007-04-05 20:50 55,808 --a------ E:\WINDOWS\system32\freecell.exe 2007-04-05 20:50 540,160 --a------ E:\WINDOWS\system32\comuid.dll 2007-04-05 20:50 54,272 --a------ E:\WINDOWS\system32\stclient.dll 2007-04-05 20:50 539,136 --a------ E:\WINDOWS\system32\spider.exe 2007-04-05 20:50 5,120 --a------ E:\WINDOWS\system32\dcomcnfg.exe 2007-04-05 20:50 498,688 --a------ E:\WINDOWS\system32\clbcatq.dll 2007-04-05 20:50 44,544 --a------ E:\WINDOWS\system32\tscupgrd.exe 2007-04-05 20:50 426,496 --a------ E:\WINDOWS\system32\msdtcprx.dll 2007-04-05 20:50 408,576 --a------ E:\WINDOWS\system32\mstsc.exe 2007-04-05 20:50 40,840 --a------ E:\WINDOWS\system32\drivers\termdd.sys 2007-04-05 20:50 4,608 --a------ E:\WINDOWS\system32\rdpcfgex.dll 2007-04-05 20:50 4,096 --a------ E:\WINDOWS\system32\mtxex.dll 2007-04-05 20:50 38,912 --a------ E:\WINDOWS\system32\cfgbkend.dll 2007-04-05 20:50 351,744 --a------ E:\WINDOWS\system32\hypertrm.dll 2007-04-05 20:50 345,088 --a------ E:\WINDOWS\system32\mspaint.exe 2007-04-05 20:50 33,792 --a------ E:\WINDOWS\system32\regini.exe 2007-04-05 20:50 296,448 --a------ E:\WINDOWS\system32\termsrv.dll 2007-04-05 20:50 25,600 --a------ E:\WINDOWS\system32\comaddin.dll 2007-04-05 20:50 25,088 --a------ E:\WINDOWS\system32\mtxlegih.dll 2007-04-05 20:50 225,792 --a------ E:\WINDOWS\system32\catsrv.dll 2007-04-05 20:50 22,528 --a------ E:\WINDOWS\system32\qwinsta.exe 2007-04-05 20:50 22,528 --a------ E:\WINDOWS\system32\msg.exe 2007-04-05 20:50 21,896 --a------ E:\WINDOWS\system32\drivers\tdtcp.sys 2007-04-05 20:50 20,992 --a------ E:\WINDOWS\system32\qprocess.exe 2007-04-05 20:50 20,480 --a------ E:\WINDOWS\system32\mtxdm.dll 2007-04-05 20:50 196,864 --a------ E:\WINDOWS\system32\drivers\rdpdr.sys 2007-04-05 20:50 19,968 --a------ E:\WINDOWS\system32\rdpsnd.dll 2007-04-05 20:50 187,904 --a------ E:\WINDOWS\system32\cmprops.dll 2007-04-05 20:50 187,904 --a------ E:\WINDOWS\system32\accwiz.exe 2007-04-05 20:50 17,920 --a------ E:\WINDOWS\system32\tsshutdn.exe 2007-04-05 20:50 17,920 --a------ E:\WINDOWS\system32\mmfutil.dll 2007-04-05 20:50 17,408 --a------ E:\WINDOWS\system32\qappsrv.exe 2007-04-05 20:50 161,280 --a------ E:\WINDOWS\system32\msdtcuiu.dll 2007-04-05 20:50 16,384 --a------ E:\WINDOWS\system32\tskill.exe 2007-04-05 20:50 16,384 --a------ E:\WINDOWS\system32\rwinsta.exe 2007-04-05 20:50 15,872 --a------ E:\WINDOWS\system32\logoff.exe 2007-04-05 20:50 15,872 --a------ E:\WINDOWS\system32\cdmodem.dll 2007-04-05 20:50 15,360 --a------ E:\WINDOWS\system32\tsdiscon.exe 2007-04-05 20:50 15,360 --a------ E:\WINDOWS\system32\tscon.exe 2007-04-05 20:50 15,360 --a------ E:\WINDOWS\system32\shadow.exe 2007-04-05 20:50 147,968 --a------ E:\WINDOWS\system32\rdchost.dll 2007-04-05 20:50 147,456 --a------ E:\WINDOWS\system32\comsnap.dll 2007-04-05 20:50 141,824 --a------ E:\WINDOWS\system32\sessmgr.exe 2007-04-05 20:50 139,528 --a------ E:\WINDOWS\system32\drivers\rdpwd.sys 2007-04-05 20:50 132,608 --a------ E:\WINDOWS\system32\sndrec32.exe 2007-04-05 20:50 13,824 --a------ E:\WINDOWS\system32\rdsaddin.exe 2007-04-05 20:50 128,000 --a------ E:\WINDOWS\system32\mshearts.exe 2007-04-05 20:50 124,928 --a------ E:\WINDOWS\system32\mplay32.exe 2007-04-05 20:50 12,040 --a------ E:\WINDOWS\system32\drivers\tdpipe.sys 2007-04-05 20:50 119,808 --a------ E:\WINDOWS\system32\winmine.exe 2007-04-05 20:50 115,200 --a------ E:\WINDOWS\system32\calc.exe 2007-04-05 20:50 110,080 --a------ E:\WINDOWS\system32\clbcatex.dll 2007-04-05 20:50 11,776 --a------ E:\WINDOWS\system32\xolehlp.dll 2007-04-05 20:50 11,264 --a------ E:\WINDOWS\system32\icaapi.dll 2007-04-05 20:50 103,424 --a------ E:\WINDOWS\system32\clipbrd.exe 2007-04-05 20:50 1,267,200 --a------ E:\WINDOWS\system32\comsvcs.dll 2007-04-05 20:50 1,225 --a------ E:\WINDOWS\system32\usrlogon.cmd 2007-04-05 20:50 2007-04-05 20:50 2007-04-05 20:50 2007-03-16 23:09 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-06 19:10 49492 --a------ E:\WINDOWS\system32\perfc015.dat 2007-04-06 19:10 355486 --a------ E:\WINDOWS\system32\perfh015.dat 2007-04-05 22:46 62 --ahs---- E:\DOCUME~1\czyrzu\DANEAP~1\desktop.ini 2007-04-05 20:53 -------- d-------- E:\Program Files\usugi online 2007-03-08 17:38 579072 --a------ E:\WINDOWS\system32\user32.dll 2007-03-08 17:38 40960 --a------ E:\WINDOWS\system32\mf3216.dll 2007-03-08 17:38 281600 --a------ E:\WINDOWS\system32\gdi32.dll 2007-03-08 17:37 1843840 --a------ E:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“D:\WinXp\Gadu-Gadu\gg.exe” /tray" “MSMSGS”="“E:\Program Files\Messenger\msmsgs.exe” /background" “AutoConnect”=“d:\winxp\AutoConnect\AutoConnect.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “Cmaudio”=“RunDll32 cmicnfg.cpl,CMICtrlWnd” “WinampAgent”=“D:\WinXP\Winamp\winampa.exe” “NvCplDaemon”=“RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “AVG7_CC”=“D:\WinXP\AVG7\avgcc.exe /STARTUP” “NeroFilterCheck”=“E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “SunJavaUpdateSched”="“E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “AVG7_Run”=“D:\WinXP\AVG7\avgw.exe /RUNONCE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-08 11:54:09 E:\ComboFix-quarantined-files.txt … 07-04-08 11:54

adam9870 · 8 Kwiecień 2007 10:35

Jest Ok.

czyrzu · 8 Kwiecień 2007 14:10

a tego trojana jak usunac?

adam9870 · 8 Kwiecień 2007 14:21