Trojan Win32:Small-EQY [Trj]

maaxi2 · 13 Maj 2007 13:21

Prosze o pomoc:

Logfile of HijackThis v1.99.1 Scan saved at 15:12:10, on 2007-05-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\qttask.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\PopTray\PopTray.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Winamp\winamp.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Programy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852” O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\system32\qttask.exe” -atboottime O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_26.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab O17 - HKLM\System\CCS\Services\Tcpip…{218221DF-AE09-4217-AF76-463CB4F0535F}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

Gutek · 13 Maj 2007 15:29

usuń wpisy HJT

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżkę

C:\WINDOWS\System32\rpcc.dll i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

Daj log z HJT + Silenta

maaxi2 · 15 Maj 2007 12:55

Log z hijackthis:

Logfile of HijackThis v1.99.1 Scan saved at 14:40:49, on 2007-05-15 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\qttask.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\PopTray\PopTray.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Programy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852” O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\system32\qttask.exe” -atboottime O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_26.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab O17 - HKLM\System\CCS\Services\Tcpip…{218221DF-AE09-4217-AF76-463CB4F0535F}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

Log z Silenta: “Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [“Google Inc.”] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CnxDslTaskBar” = "“C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852"” [“Conexant Systems, Inc.”] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [file not found] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “QuickTime Task” = ““C:\WINDOWS\system32\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045” [“DT Soft Ltd.”] “SNPSTD2” = “C:\WINDOWS\vsnpstd2.exe” [empty string] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “DVDTray” = “C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe” [“Hewlett-Packard Company”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided) \StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}(Default) = (no title provided) -> {HKLM…CLSID} = “FDMIECookiesBHO Class” \InProcServer32(Default) = “C:\Program Files\Free Download Manager\iefdmcks.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll” [“RealNetworks, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> rpcc\DLLName = “C:\WINDOWS\System32\rpcc.dll” [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A9}” -> {HKLM…CLSID} = " " \InProcServer32(Default) = “C:\PROGRA~1\ANYREA~1\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ContMenu(Default) = “{EBDF1F20-C829-11D1-8233-0020AF3E97A9}” -> {HKLM…CLSID} = " " \InProcServer32(Default) = “C:\PROGRA~1\ANYREA~1\contmenu.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Documents and Settings\matrix\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\matrix\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “matrix” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\matrix\Menu Start\Programy\Autostart “PopTray” -> shortcut to: “C:\Program Files\PopTray\PopTray.exe” [“Renier Crause”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Adobe Reader Synchronizer” -> shortcut to: “C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = (no title provided) -> {HKLM…CLSID} = “&Badanie” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] gb, gb, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll” [null data]} LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Norton Unerase Protection, NProtectService, “C:\Program Files\Norton Utilities\NPROTECT.EXE” [“Symantec Corporation”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Speed Disk service, Speed Disk service, “C:\Program Files\Speed Disk\nopdb.exe” [“Symantec Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 106 seconds, including 18 seconds for message boxes)

Miałem mały problem po wykonaniu tych instrukcji co podałeś nie mogłem uruchomić systemu windows pisało że usunięto plik NTDLR

zrobiłem naprawę instalatorem i chyba jest w porządku bo działa i nie ma wirusa

qrczak13 · 15 Maj 2007 17:19

start > uruchom > cmd > wpisz

sc stop gb

sc delete gb

DEL C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll

Zafiksuj w HJT.

Daj nowe 2 logi.

maaxi2 · 15 Maj 2007 18:19

Log z hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 20:11, on 2007-05-15

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\PopTray\PopTray.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\System32\wbem\wbemstest.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\FREEDO~1\fdm.exe

D:\Programy\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852”

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\system32\qttask.exe” -atboottime

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045

O4 - HKLM…\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe

O4 - HKLM…\RunServices: [server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_26.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab

O17 - HKLM\System\CCS\Services\Tcpip…{218221DF-AE09-4217-AF76-463CB4F0535F}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

Log silenta tylko to się pojawia:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

FATAL ERROR!

“Silent Runners” cannot use WMI to identify the operating system.

This is caused by corruption of the WMI installation.

WMI is complex and it is recommended that you use a Microsoft

tool, “WMIDiag.vbs,” to diagnose WMI on your system.

It can be downloaded here:

http://go.microsoft.com/fwlink/?LinkId=62562

Gutek · 15 Maj 2007 18:29

wpisy do usunięcia pliki ręcznie

maaxi2 · 15 Maj 2007 18:39

Jak się usuwa ręcznie? Trzeba wyszukać te aplikacje? i usunąć wszystkie jakie znalazło?

Gutek · 15 Maj 2007 20:12

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżkę

C:\WINDOWS\System32\wbem\wbemstest.exe

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

zafixuj w HJT

maaxi2 · 16 Maj 2007 20:33

Log z HJT po tym zabiegu:

Logfile of HijackThis v1.99.1 Scan saved at 22:27, on 2007-05-16 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\PopTray\PopTray.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Programy\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852” O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\system32\qttask.exe” -atboottime O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM…\RunServices: [server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe O4 - HKCU…\RunServices: [server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_26.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab O17 - HKLM\System\CCS\Services\Tcpip…{218221DF-AE09-4217-AF76-463CB4F0535F}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

Log z Silenta:

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

Gutek · 16 Maj 2007 20:38

Daj log z Combofix

maaxi2 · 16 Maj 2007 21:01

“matrix” - 2007-05-16 22:55:01 Dodatek Service Pack. 1 ComboFix 07-05.13.V - Running from: “D:\Programy\Programy do Trojan˘w” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_GB ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 )))))))))))))))))))))))))))))))))) 2007-05-16 00:14 487,424 -r------- C:\WINDOWS\RtlExUpd.dll 2007-05-16 00:14 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe 2007-05-16 00:14 2007-05-16 00:12 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe 2007-05-16 00:12 86,016 -r------- C:\WINDOWS\SoundMan.exe 2007-05-16 00:12 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2007-05-16 00:12 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-05-16 00:12 4,275,712 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2007-05-16 00:12 364,544 -r------- C:\WINDOWS\RtlUpd.exe 2007-05-16 00:12 2,879,488 -r------- C:\WINDOWS\SkyTel.exe 2007-05-16 00:12 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe 2007-05-16 00:12 2,158,592 -r------- C:\WINDOWS\MicCal.exe 2007-05-16 00:12 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-05-15 23:28 2007-05-15 17:01 63,768 --a------ C:\WINDOWS\system32\dxdllreg.exe 2007-05-15 13:45 2007-05-15 13:36 34,176 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2007-05-15 13:36 204,288 -ra------ C:\WINDOWS\system32\fdco1ins.dll 2007-05-15 13:36 159,232 -ra------ C:\WINDOWS\system32\fdco_l1036.dll 2007-05-15 13:36 159,232 -ra------ C:\WINDOWS\system32\fdco_l1034.dll 2007-05-15 13:36 159,232 -ra------ C:\WINDOWS\system32\fdco_l1031.dll 2007-05-15 13:36 158,720 -ra------ C:\WINDOWS\system32\fdco_l1046.dll 2007-05-15 13:36 158,720 -ra------ C:\WINDOWS\system32\fdco_l1040.dll 2007-05-15 13:36 156,672 -ra------ C:\WINDOWS\system32\fdco_l1042.dll 2007-05-15 13:36 156,672 -ra------ C:\WINDOWS\system32\fdco_l1041.dll 2007-05-15 13:36 155,648 -ra------ C:\WINDOWS\system32\fdco_l1028.dll 2007-05-15 13:36 155,136 -ra------ C:\WINDOWS\system32\fdco_l2052.dll 2007-05-15 13:27 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-05-15 13:27 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-05-14 03:14 2007-05-14 02:46 2007-05-13 14:49 2007-05-13 13:43 2007-05-09 15:59 2007-05-09 15:25 2007-05-07 00:02 2007-05-06 16:01 2007-05-06 14:38 2007-05-04 22:38 2007-05-04 22:37 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2007-05-04 22:37 284,840 --a------ C:\WINDOWS\system32\mp4sdmod.dll 2007-05-04 22:28 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-05-01 19:38 2007-05-01 18:14 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll 2007-05-01 18:14 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll 2007-05-01 18:14 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll 2007-05-01 18:14 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-05-01 18:14 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-05-01 18:14 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll 2007-05-01 18:14 2007-04-30 12:26 2007-04-29 12:37 2007-04-29 12:24 2007-04-29 12:24 2007-04-29 12:24 2007-04-29 12:23 57,664 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-04-29 12:23 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL 2007-04-29 12:23 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL 2007-04-29 12:23 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-04-29 12:23 34,354 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS 2007-04-29 12:23 31,744 --a------ C:\WINDOWS\system32\S32STAT.DLL 2007-04-29 12:23 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-04-29 12:23 252,176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL 2007-04-29 12:23 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL 2007-04-29 12:23 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL 2007-04-29 12:23 1,046,288 --a------ C:\WINDOWS\system32\MSJET35.DLL 2007-04-29 12:23 2007-04-29 12:23 2007-04-29 12:23 2007-04-29 12:23 2007-04-29 11:53 50,688 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll 2007-04-29 11:53 2007-04-29 11:52 82,148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys 2007-04-29 11:52 61,312 --a------ C:\WINDOWS\system32\drivers\VComm.sys 2007-04-29 11:52 28,271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys 2007-04-29 11:52 20,480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys 2007-04-29 11:52 11,860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys 2007-04-29 09:42 2007-04-29 09:36 2007-04-25 20:09 4 --a------ C:\WINDOWS\system32\proc20744962.bin 2007-04-25 20:09 2007-04-24 12:00 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-04-24 12:00 2007-04-23 20:12 77,824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll 2007-04-23 20:12 63,488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys 2007-04-23 20:12 51,169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS 2007-04-23 20:12 48,556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys 2007-04-23 20:12 48,076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys 2007-04-23 20:12 40,960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe 2007-04-23 20:11 7,680 --a------ C:\WINDOWS\system32\btinstall.dll 2007-04-23 20:11 49,152 --a------ C:\WINDOWS\system32\btfunc.dll 2007-04-23 20:11 23,000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys 2007-04-23 20:11 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys 2007-04-23 20:11 13,304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys 2007-04-23 20:11 116,021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys 2007-04-23 20:11 11,736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys 2007-04-23 20:11 10,804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys 2007-04-23 16:01 2007-04-22 23:56 2007-04-22 23:28 2007-04-21 19:29 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-04-21 17:15 53,248 --a------ C:\WINDOWS\amcap.exe 2007-04-21 17:14 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll 2007-04-21 17:14 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll 2007-04-21 17:14 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll 2007-04-21 17:14 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll 2007-04-21 17:14 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys 2007-04-21 17:14 20,480 --a------ C:\WINDOWS\usnpstd2.exe 2007-04-21 17:14 2007-04-21 17:13 21,248 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-04-21 17:13 2007-04-21 17:13 2007-04-21 17:12 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-04-21 17:12 2007-04-21 13:34 2007-04-21 13:32 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-04-21 11:34 2007-04-21 11:33 2007-04-21 11:30 2007-04-21 00:23 2007-04-20 22:37 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-04-20 22:37 2007-04-20 22:16 2007-04-20 22:15 2007-04-20 22:08 2007-04-20 22:06 1,252 --a------ C:\WINDOWS\unins000.dat 2007-04-20 22:04 2007-04-20 21:53 2007-04-20 21:52 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll 2007-04-20 21:52 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll 2007-04-20 21:52 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-04-20 21:52 65,536 --a------ C:\WINDOWS\system32\mplapx.dll 2007-04-20 21:52 65,536 --a------ C:\WINDOWS\system32\mplam6.dll 2007-04-20 21:52 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-04-20 21:52 152,064 --a------ C:\WINDOWS\system32\unrar.dll 2007-04-20 21:52 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll 2007-04-20 21:52 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll 2007-04-20 21:52 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll 2007-04-20 21:52 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-04-20 21:52 2007-04-20 21:10 2007-04-20 19:33 2007-04-20 17:57 2007-04-20 17:54 2007-04-20 17:53 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-04-20 17:53 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll 2007-04-20 17:53 2007-04-20 17:52 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll 2007-04-20 17:52 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll 2007-04-20 17:52 35,840 -ra------ C:\WINDOWS\system32\nvconrm.dll 2007-04-20 17:52 35,840 -ra------ C:\WINDOWS\system32\NVCOI.DLL 2007-04-20 17:52 305,152 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2007-04-20 17:52 289,792 -ra------ C:\WINDOWS\system32\idecoiins.dll 2007-04-20 17:52 289,792 -ra------ C:\WINDOWS\system32\idecoi.dll 2007-04-20 17:52 222,592 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2007-04-20 17:52 208,896 -ra------ C:\WINDOWS\system32\nvusmb.exe 2007-04-20 17:52 208,896 -ra------ C:\WINDOWS\system32\NVUNINST.EXE 2007-04-20 17:52 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe 2007-04-20 17:52 208,896 --a------ C:\WINDOWS\system32\nvuide.exe 2007-04-20 17:52 204,288 --a------ C:\WINDOWS\system32\fdco1.dll 2007-04-20 17:52 13,056 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2007-04-20 17:52 101,632 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys 2007-04-20 17:52 100,736 -ra------ C:\WINDOWS\system32\drivers\nvata.sys 2007-04-20 17:52 2007-04-20 17:52 2007-04-20 17:51 36,352 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys 2007-04-20 17:51 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-04-20 17:51 2007-04-20 17:51 2007-04-20 15:30 2007-04-20 15:02 96,768 --a------ C:\WINDOWS\system32\logagent.exe 2007-04-20 15:02 940,544 --a------ C:\WINDOWS\system32\wmspdmoe.dll 2007-04-20 15:02 895,736 --a------ C:\WINDOWS\system32\wmvdmod.dll 2007-04-20 15:02 774,904 --a------ C:\WINDOWS\system32\wmsdmod.dll 2007-04-20 15:02 716,288 --a------ C:\WINDOWS\system32\wmadmoe.dll 2007-04-20 15:02 66,560 --a------ C:\WINDOWS\system32\wpdmtpus.dll 2007-04-20 15:02 61,952 --a------ C:\WINDOWS\system32\wpdconns.dll 2007-04-20 15:02 6,656 --a------ C:\WINDOWS\system32\laprxy.dll 2007-04-20 15:02 47,104 --a------ C:\WINDOWS\system32\uwdf.exe 2007-04-20 15:02 413,944 --a------ C:\WINDOWS\system32\wmspdmod.dll 2007-04-20 15:02 396,528 --a------ C:\WINDOWS\system32\wmadmod.dll 2007-04-20 15:02 38,912 --a------ C:\WINDOWS\system32\wdfmgr.exe 2007-04-20 15:02 364,784 --a------ C:\WINDOWS\system32\MSSCP.dll 2007-04-20 15:02 36,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-04-20 15:02 335,872 --a------ C:\WINDOWS\system32\WMDRMdev.dll 2007-04-20 15:02 331,776 --a------ C:\WINDOWS\system32\wpdmtpdr.dll 2007-04-20 15:02 331,264 --a------ C:\WINDOWS\system32\wpdsp.dll 2007-04-20 15:02 33,792 --a------ C:\WINDOWS\system32\WMDMPS.dll 2007-04-20 15:02 315,904 --a------ C:\WINDOWS\system32\MSWMDM.dll 2007-04-20 15:02 290,816 --a------ C:\WINDOWS\system32\WMDRMNet.dll 2007-04-20 15:02 28,160 --a------ C:\WINDOWS\system32\WMDMLOG.dll 2007-04-20 15:02 25,088 --a------ C:\WINDOWS\system32\MsPMSNSv.dll 2007-04-20 15:02 224,768 --a------ C:\WINDOWS\system32\wmasf.dll 2007-04-20 15:02 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-04-20 15:02 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-04-20 15:02 18,944 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys 2007-04-20 15:02 173,568 --a------ C:\WINDOWS\system32\MsPMSP.dll 2007-04-20 15:02 164,864 --a------ C:\WINDOWS\system32\cewmdm.dll 2007-04-20 15:02 150,016 --a------ C:\WINDOWS\system32\wmidx.dll 2007-04-20 15:02 15,872 --a------ C:\WINDOWS\system32\wdfapi.dll 2007-04-20 15:02 129,784 --a------ C:\WINDOWS\system32\pxafs.dll 2007-04-20 15:02 115,880 --a------ C:\WINDOWS\system32\pxinsi64.exe 2007-04-20 15:02 114,176 --a------ C:\WINDOWS\system32\wpdmtp.dll 2007-04-20 15:02 1,512,448 --a------ C:\WINDOWS\system32\WMVADVE.DLL 2007-04-20 15:02 1,218,808 --a------ C:\WINDOWS\system32\wmvadvd.dll 2007-04-20 15:02 1,119,744 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2007-04-20 15:02 1,027,072 --a------ C:\WINDOWS\system32\wmnetmgr.dll 2007-04-20 15:02 1,003,008 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2007-04-20 15:00 2007-04-20 14:24 2007-04-20 14:24 2007-04-20 14:24 2007-04-20 14:24 2007-04-20 14:20 2007-04-20 13:55 2007-04-20 13:55 2007-04-20 13:29 2007-04-20 13:29 2007-04-20 13:26 2007-04-20 13:25 2007-04-20 13:23 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll 2007-04-20 13:23 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-04-20 13:23 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2007-04-20 13:23 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-04-20 13:23 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-04-20 13:23 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-04-20 13:23 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-04-20 13:23 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-04-20 13:23 76,800 --a------ C:\WINDOWS\system32\dmscript.dll 2007-04-20 13:23 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-04-20 13:23 723,968 --a------ C:\WINDOWS\system32\dpnet.dll 2007-04-20 13:23 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2007-04-20 13:23 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-04-20 13:23 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-04-20 13:23 667,648 --a------ C:\WINDOWS\system32\dinput8.dll 2007-04-20 13:23 648,704 --a------ C:\WINDOWS\system32\dinput.dll 2007-04-20 13:23 64,512 --a------ C:\WINDOWS\system32\amstream.dll 2007-04-20 13:23 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-04-20 13:23 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-04-20 13:23 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll 2007-04-20 13:23 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-04-20 13:23 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-04-20 13:23 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2007-04-20 13:23 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys 2007-04-20 13:23 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-04-20 13:23 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-04-20 13:23 470,528 --a------ C:\WINDOWS\system32\qdvd.dll 2007-04-20 13:23 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll 2007-04-20 13:23 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-04-20 13:23 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll 2007-04-20 13:23 44,032 --a------ C:\WINDOWS\system32\dimap.dll 2007-04-20 13:23 436,224 --a------ C:\WINDOWS\system32\d3dim.dll 2007-04-20 13:23 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys 2007-04-20 13:23 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-04-20 13:23 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys 2007-04-20 13:23 381,952 --a------ C:\WINDOWS\system32\dsound.dll 2007-04-20 13:23 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-04-20 13:23 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll 2007-04-20 13:23 350,208 --a------ C:\WINDOWS\system32\d3drm.dll 2007-04-20 13:23 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll 2007-04-20 13:23 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-04-20 13:23 33,280 --a------ C:\WINDOWS\system32\dmloader.dll 2007-04-20 13:23 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-04-20 13:23 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-04-20 13:23 316,928 --a------ C:\WINDOWS\system32\qdv.dll 2007-04-20 13:23 31,744 --a------ C:\WINDOWS\system32\pid.dll 2007-04-20 13:23 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-04-20 13:23 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll 2007-04-20 13:23 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll 2007-04-20 13:23 292,864 --a------ C:\WINDOWS\system32\ddraw.dll 2007-04-20 13:23 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe 2007-04-20 13:23 27,136 --a------ C:\WINDOWS\system32\dmband.dll 2007-04-20 13:23 257,024 --a------ C:\WINDOWS\system32\qcap.dll 2007-04-20 13:23 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-04-20 13:23 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-04-20 13:23 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-04-20 13:23 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-04-20 13:23 230,400 --a------ C:\WINDOWS\system32\dplayx.dll 2007-04-20 13:23 223,232 --a------ C:\WINDOWS\system32\gcdef.dll 2007-04-20 13:23 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-04-20 13:23 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-04-20 13:23 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll 2007-04-20 13:23 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll 2007-04-20 13:23 181,248 --a------ C:\WINDOWS\system32\dmime.dll 2007-04-20 13:23 18,944 --a------ C:\WINDOWS\system32\encapi.dll 2007-04-20 13:23 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2007-04-20 13:23 18,432 --a------ C:\WINDOWS\system32\dswave.dll 2007-04-20 13:23 173,056 --a------ C:\WINDOWS\system32\qasf.dll 2007-04-20 13:23 16,896 --a------ C:\WINDOWS\system32\msyuv.dll 2007-04-20 13:23 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe 2007-04-20 13:23 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2007-04-20 13:23 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-04-20 13:23 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys 2007-04-20 13:23 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys 2007-04-20 13:23 132,608 --a------ C:\WINDOWS\system32\devenum.dll 2007-04-20 13:23 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-04-20 13:23 13,312 --a------ C:\WINDOWS\system32\msdmo.dll 2007-04-20 13:23 122,880 --a------ C:\WINDOWS\system32\dmusic.dll 2007-04-20 13:23 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll 2007-04-20 13:23 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys 2007-04-20 13:23 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll 2007-04-20 13:23 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys 2007-04-20 13:23 10,496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys 2007-04-20 13:23 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys 2007-04-20 13:23 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll 2007-04-20 13:23 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll 2007-04-20 13:23 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-04-20 13:23 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll 2007-04-20 13:23 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll 2007-04-20 13:23 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll 2007-04-20 13:23 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll 2007-04-20 13:23 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll 2007-04-20 13:23 2007-04-20 13:14 2007-04-20 13:14 2007-04-20 13:13 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 13:12 2007-04-20 12:42 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-20 12:42 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-20 12:42 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-20 12:42 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-04-20 12:42 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-04-20 12:42 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-20 12:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-04-20 12:42 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-20 12:42 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-20 12:42 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-04-20 12:42 2007-04-20 12:22 618,112 -ra------ C:\WINDOWS\system32\drivers\CnxEtU.sys 2007-04-20 12:22 52,736 -ra------ C:\WINDOWS\system32\drivers\CnxTgNW.sys 2007-04-20 12:22 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll 2007-04-20 12:22 2,719,744 -ra------ C:\WINDOWS\system32\cnxci.dll 2007-04-20 12:22 131,072 -ra------ C:\WINDOWS\system32\drivers\CnxEtP.sys 2007-04-20 12:21 2007-04-20 12:20 2007-04-20 12:20 2007-04-20 12:18 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-04-20 12:18 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-04-20 12:18 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-04-20 12:17 57,856 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-04-20 12:17 56,832 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-04-20 12:17 2007-04-20 12:17 2007-04-20 12:17 2007-04-20 12:16 72,192 --a------ C:\WINDOWS\system32\storprop.dll 2007-04-20 12:16 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-04-20 12:16 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-04-20 12:16 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-04-20 12:16 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 12:16 2007-04-20 10:29 3,407,872 --ah----- C:\DOCUME~1\matrix\NTUSER.DAT 2007-04-20 10:29 2007-04-20 10:29 2007-04-20 10:29 2007-04-20 10:29 2007-04-20 10:29 2007-04-20 10:29 2007-04-20 10:29 2007-04-20 10:29 2007-04-20 10:27 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-04-20 10:27 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-04-20 10:27 2007-04-20 10:27 2007-04-20 10:27 2007-04-20 10:27 2007-04-20 10:27 2007-04-20 10:24 380,928 —h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-04-20 10:24 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-04-20 10:24 0 -rahs---- C:\MSDOS.SYS 2007-04-20 10:24 0 -rahs---- C:\IO.SYS 2007-04-20 10:24 0 --a------ C:\CONFIG.SYS 2007-04-20 10:24 0 --a------ C:\AUTOEXEC.BAT 2007-04-20 10:24 2007-04-20 10:24 2007-04-20 10:23 2007-04-20 10:23 2007-04-20 10:23 2007-04-20 10:23 2007-04-20 10:22 9,728 --a------ C:\WINDOWS\system32\mstinit.exe 2007-04-20 10:22 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-04-20 10:22 81,408 --a------ C:\WINDOWS\system32\msoert2.dll 2007-04-20 10:22 73,728 --a------ C:\WINDOWS\system32\ils.dll 2007-04-20 10:22 69,632 --a------ C:\WINDOWS\system32\icwdial.dll 2007-04-20 10:22 69,248 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-04-20 10:22 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-04-20 10:22 65,536 --a------ C:\WINDOWS\system32\msconf.dll 2007-04-20 10:22 63,488 --a------ C:\WINDOWS\system32\srclient.dll 2007-04-20 10:22 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-04-20 10:22 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-04-20 10:22 49,152 --a------ C:\WINDOWS\system32\inetres.dll 2007-04-20 10:22 40,960 --a------ C:\WINDOWS\system32\safrslv.dll 2007-04-20 10:22 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-04-20 10:22 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-04-20 10:22 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-04-20 10:22 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-04-20 10:22 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-04-20 10:22 270,336 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-04-20 10:22 26,624 --a------ C:\WINDOWS\system32\safrdm.dll 2007-04-20 10:22 253,952 --a------ C:\WINDOWS\system32\mstask.dll 2007-04-20 10:22 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-04-20 10:22 23,016 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-04-20 10:22 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-04-20 10:22 227,328 --a------ C:\WINDOWS\system32\srrstr.dll 2007-04-20 10:22 221,696 --a------ C:\WINDOWS\system32\qmgr.dll 2007-04-20 10:22 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-04-20 10:22 160,256 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-04-20 10:22 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-04-20 10:22 159,232 --a------ C:\WINDOWS\system32\srsvc.dll 2007-04-20 10:22 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-04-20 10:22 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-04-20 10:22 2007-04-20 10:22 2007-04-20 10:22 2007-04-20 10:22 2007-04-20 10:22 2007-04-20 10:22 2007-04-20 10:22 2007-04-20 10:22 2007-04-20 10:22 2007-04-20 10:22 2007-04-20 10:21 99,328 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-04-20 10:21 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-04-20 10:21 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-04-20 10:21 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-04-20 10:21 9,216 --a------ C:\WINDOWS\system32\icaapi.dll 2007-04-20 10:21 89,088 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-04-20 10:21 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-04-20 10:21 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-04-20 10:21 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-04-20 10:21 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-04-20 10:21 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-04-20 10:21 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-04-20 10:21 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-04-20 10:21 61,952 --a------ C:\WINDOWS\system32\rdshost.exe 2007-04-20 10:21 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-04-20 10:21 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-04-20 10:21 598,016 --a------ C:\WINDOWS\system32\mstscax.dll 2007-04-20 10:21 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-04-20 10:21 57,856 --a------ C:\WINDOWS\system32\licwmi.dll 2007-04-20 10:21 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-04-20 10:21 56,832 --a------ C:\WINDOWS\system32\remotepg.dll 2007-04-20 10:21 56,832 --a------ C:\WINDOWS\system32\colbact.dll 2007-04-20 10:21 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-04-20 10:21 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-04-20 10:21 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-04-20 10:21 534,016 --a------ C:\WINDOWS\system32\spider.exe 2007-04-20 10:21 53,248 --a------ C:\WINDOWS\system32\servdeps.dll 2007-04-20 10:21 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-04-20 10:21 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-04-20 10:21 495,616 --a------ C:\WINDOWS\system32\comuid.dll 2007-04-20 10:21 494,592 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-04-20 10:21 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-04-20 10:21 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-04-20 10:21 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-04-20 10:21 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-04-20 10:21 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-04-20 10:21 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-04-20 10:21 390,144 --a------ C:\WINDOWS\system32\mstsc.exe 2007-04-20 10:21 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-04-20 10:21 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-04-20 10:21 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-04-20 10:21 342,016 --a------ C:\WINDOWS\system32\mspaint.exe 2007-04-20 10:21 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-04-20 10:21 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-04-20 10:21 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-04-20 10:21 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-04-20 10:21 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-04-20 10:21 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-04-20 10:21 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-04-20 10:21 215,040 --a------ C:\WINDOWS\system32\catsrv.dll 2007-04-20 10:21 201,216 --a------ C:\WINDOWS\system32\termsrv.dll 2007-04-20 10:21 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-04-20 10:21 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-04-20 10:21 19,456 --a------ C:\WINDOWS\system32\qprocess.exe 2007-04-20 10:21 189,440 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-04-20 10:21 183,296 --a------ C:\WINDOWS\system32\accwiz.exe 2007-04-20 10:21 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-04-20 10:21 177,152 --a------ C:\WINDOWS\system32\cmprops.dll 2007-04-20 10:21 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-04-20 10:21 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-04-20 10:21 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-04-20 10:21 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-04-20 10:21 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-04-20 10:21 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-04-20 10:21 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-04-20 10:21 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-04-20 10:21 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-04-20 10:21 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-04-20 10:21 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-04-20 10:21 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-04-20 10:21 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-04-20 10:21 142,336 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-04-20 10:21 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-04-20 10:21 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-04-20 10:21 135,680 --a------ C:\WINDOWS\system32\rdchost.dll 2007-04-20 10:21 130,048 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-04-20 10:21 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-04-20 10:21 125,440 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-04-20 10:21 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-04-20 10:21 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-04-20 10:21 118,272 --a------ C:\WINDOWS\system32\mplay32.exe 2007-04-20 10:21 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-04-20 10:21 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-04-20 10:21 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-04-20 10:21 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-04-20 10:21 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-04-20 10:21 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-04-20 10:21 2007-04-20 10:21 2007-04-20 10:21 2007-04-20 10:21 2007-04-20 10:21 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-15 11:47:41 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-15 11:47:41 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-20 08:23:21 -------- d-----w C:\Program Files\Usługi online (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 23:08] {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}=C:\Program Files\Free Download Manager\iefdmcks.dll [2006-08-10 02:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “CnxDslTaskBar”="“C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852"” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “SkyTel”=“SkyTel.EXE” “QuickTime Task”="“C:\WINDOWS\system32\qttask.exe” -atboottime" “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045" “SNPSTD2”=“C:\WINDOWS\vsnpstd2.exe” “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “DVDTray”=“C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “Server Runtime Process”=“C:\WINDOWS\System32\wbem\wbemstest.exe” “RTHDCPL”=“RTHDCPL.EXE” “SoundMan”=“SOUNDMAN.EXE” “AlcWzrd”=“ALCWZRD.EXE” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CnxDslTaskBar”=“C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” [2005-07-21 22:52] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2005-07-21 08:33] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2005-07-21 08:33] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “SkyTel”=“SkyTel.EXE” []) “QuickTime Task”=“C:\WINDOWS\system32\qttask.exe” [] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2006-01-24 12:15] “nwiz”=“nwiz.exe” [2006-01-24 12:15 C:\WINDOWS\system32\nwiz.exe]) “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-11-12 12:48] “SNPSTD2”=“C:\WINDOWS\vsnpstd2.exe” [] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “DVDTray”=“C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe” [2004-09-03 10:58] “NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2006-01-24 12:15] “Server Runtime Process”=“C:\WINDOWS\System32\wbem\wbemstest.exe” [] “RTHDCPL”=“RTHDCPL.EXE” []) “SoundMan”=“SOUNDMAN.EXE” []) “AlcWzrd”=“ALCWZRD.EXE” []) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-20 18:05] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-04-20 13:26] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-11-14 11:12] “Server Runtime Process”=“C:\WINDOWS\System32\wbem\wbemstest.exe” [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “Server Runtime Process”=“C:\WINDOWS\System32\wbem\wbemstest.exe” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices] “Server Runtime Process”=“C:\WINDOWS\System32\wbem\wbemstest.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Server Runtime Process”=“C:\WINDOWS\System32\wbem\wbemstest.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “Server Runtime Process”=“C:\WINDOWS\System32\wbem\wbemstest.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Server Runtime Process”=“C:\WINDOWS\System32\wbem\wbemstest.exe” HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070516-222656-980 O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE backup-20070515-201130-391 O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe backup-20070514-024307-567 O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll backup-20070514-024307-650 O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-16 22:57:45 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-16 22:58:08 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-05-16 22:58

Gutek · 16 Maj 2007 21:12

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “Server Runtime Process”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Server Runtime Process”=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Server Runtime Process”=- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Server Runtime Process”=- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices] “Server Runtime Process”=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Server Runtime Process”=- [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “Server Runtime Process”=- [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Server Runtime Process”=-

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

maaxi2 · 16 Maj 2007 21:39

Zrobiłem