Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
System sie nieodpala.
13 Mar 2008, 14:05
Witam, mam problem z systemem, po rozruchu pojawia sie jakiś proces, (nieznany mi) zamykam go, i... uruchamiają sie reszta programów, jak go niezamknę to jest goły pulpit, jest to raczej wirus, miałem Perfect Keylogger, i kilka innych śmieci, wywaliłem to Avast'em i Proces z Hijacka, Zamieszczę tu logi z Combofix i Hijack This.
Hijack This
Combofix
Hijack This
- Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:18, on 2008-03-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
d:\Programy\Alwil Software\Avast4\aswUpdSv.exe
d:\Programy\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\Programy\cfos speed\cFosSpeed.exe
D:\Programy\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programy\ALWILS~1\Avast4\ashDisp.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Programy\cfos speed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Programy\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
D:\PROGRAMY\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\MaRiUsZ\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 - Hosts: 121.128.133.26 gwgt1.joymax.com
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [cFosSpeed] D:\Programy\cfos speed\cFosSpeed.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] d:\Programy\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FA834D1-6FF0-4137-9A66-7D08E0C44EA3}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programy\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programy\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programy\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programy\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Programy\cfos speed\spd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 4241 bytes
Combofix
- Kod:
ComboFix 08-03-10.1 - MaRiUsZ 2008-03-13 13:01:36.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.566 [GMT 1:00]
Running from: C:\Documents and Settings\MaRiUsZ\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.
2008-03-13 12:26 . 2008-03-13 12:26 <DIR> d-------- C:\Documents and Settings\MaRiUsZ\Dane aplikacji\Hamachi
2008-03-12 21:09 . 2008-03-12 21:09 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-10 21:56 . 2008-03-10 21:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-10 21:55 . 2008-03-10 21:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-10 21:55 . 2008-03-10 21:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-10 21:55 . 2008-03-13 00:27 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-10 21:54 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-03-10 21:54 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-10 21:54 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-10 21:54 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-10 21:54 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-10 21:54 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-10 21:54 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-10 21:54 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-10 21:54 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-10 21:14 . 2008-03-10 21:14 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-10 13:58 . 2008-03-10 13:58 <DIR> d-------- C:\Program Files\uTorrent
2008-03-10 13:58 . 2008-03-10 13:58 <DIR> d-------- C:\Documents and Settings\MaRiUsZ\Dane aplikacji\uTorrent
2008-03-10 10:35 . 2008-03-10 10:35 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-10 10:13 . 2006-02-14 09:20 567,016 --------- C:\WINDOWS\system32\dllcache\WgaLogon.dll
2008-03-10 10:13 . 2006-02-14 09:20 273,128 --------- C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-03-09 23:44 . 2008-03-09 23:44 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-09 23:43 . 2008-03-09 23:43 <DIR> d--hs---- C:\FOUND.003
2008-03-09 23:36 . 2008-03-13 00:29 737,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-09 23:36 . 2008-03-13 00:29 4,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-09 23:34 . 2008-03-09 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\MailFrontier
2008-03-09 23:34 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-09 23:34 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-09 21:10 . 2008-03-09 21:10 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-09 17:41 . 2008-03-09 17:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Sony Ericsson
2008-03-09 17:40 . 2008-03-09 17:40 <DIR> d-------- C:\Documents and Settings\MaRiUsZ\Dane aplikacji\InstallShield
2008-03-09 17:30 . 1999-09-29 20:04 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
2008-03-09 14:18 . 2007-12-07 03:14 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-09 14:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-09 14:18 . 2007-07-01 04:36 1,036,288 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-09 14:18 . 2007-12-07 03:14 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-09 14:18 . 2007-12-07 03:14 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-09 14:18 . 2007-12-07 03:14 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-09 14:18 . 2007-12-07 03:14 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-09 14:18 . 2007-12-07 03:14 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-09 14:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-08 12:49 . 2008-03-08 12:50 <DIR> d-------- C:\Silkroad
2008-03-08 00:43 . 2008-03-08 00:43 <DIR> d-------- C:\Documents and Settings\MaRiUsZ\Dane aplikacji\Media Player Classic
2008-03-07 22:25 . 2006-09-09 09:46 131,072 -ra------ C:\WINDOWS\system32\mtkjpeg.dll
2008-03-06 15:49 . 2005-06-15 10:20 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-03-06 15:49 . 2008-03-13 12:44 26,682 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-06 15:49 . 2005-06-15 10:20 14,757 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-06 15:43 . 2008-03-02 19:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-03-06 15:43 . 2008-03-02 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-03-06 15:43 . 2008-03-02 19:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-03-06 15:43 . 2008-03-02 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-03-06 15:43 . 2008-03-02 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-03-06 15:43 . 2008-03-02 19:02 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-06 15:43 . 2008-03-02 19:02 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-03-06 15:33 . 2008-03-06 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2008-03-06 15:33 . 2008-03-06 15:37 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-03-06 15:31 . 2008-03-06 15:31 <DIR> d-------- C:\WINDOWS\nview
2008-03-05 22:50 . 2008-03-05 22:50 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-05 22:50 . 2004-08-03 23:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-05 20:28 . 2008-03-05 20:28 <DIR> d-------- C:\Documents and Settings\MaRiUsZ\Dane aplikacji\Tibia
2008-03-05 19:51 . 2008-03-05 19:51 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-05 16:41 . 2008-03-05 16:41 <DIR> d-------- C:\Documents and Settings\MaRiUsZ\Dane aplikacji\Talkback
2008-03-05 16:41 . 2008-03-05 16:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-04 14:32 . 2008-03-04 14:32 <DIR> d-------- C:\Program Files\SpeedFan
2008-03-04 14:32 . 2008-03-04 14:32 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-03-03 22:55 . 2008-03-03 22:55 <DIR> d--hs---- C:\FOUND.001
2008-03-03 15:41 . 2008-03-03 15:41 <DIR> d-------- C:\Documents and Settings\MaRiUsZ\.jpi_cache
2008-03-03 15:41 . 2008-03-03 15:41 <DIR> d-------- C:\Documents and Settings\MaRiUsZ\.java
2008-03-03 15:23 . 2007-08-10 16:26 693,712 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2008-03-03 15:22 . 2007-08-10 16:26 281,552 --a------ C:\WINDOWS\system32\cfosspeed.dll
2008-03-02 20:38 . 2008-03-02 20:38 <DIR> d-------- C:\WINDOWS\system32\pl-PL
2008-03-02 20:37 . 2008-03-02 20:37 <DIR> d-------- C:\Program Files\MSBuild
2008-03-02 20:33 . 2008-03-02 20:33 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-02 20:33 . 2008-03-02 20:33 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-02 20:29 . 2008-03-02 20:29 <DIR> d-------- C:\Documents and Settings\MaRiUsZ\Dane aplikacji\Gadu-Gadu
2008-03-02 20:29 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-02 20:20 . 2008-03-02 20:20 <DIR> d--hs---- C:\FOUND.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 18:36 --------- d-----w C:\Program Files\Thomson
2008-03-02 18:35 --------- d-----w C:\Program Files\Java
2008-03-02 18:34 --------- d-----w C:\Program Files\Neostrada TP
2008-03-02 18:30 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-03-02 18:27 4,501 ----a-w C:\WINDOWS\gdrv.sys
2008-03-02 18:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 18:27 --------- d-----w C:\Program Files\Realtek
2008-03-02 18:25 --------- d-----w C:\Program Files\Intel
2008-03-02 18:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-02 18:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-02 18:12 --------- d-----w C:\Program Files\Usługi online
2008-01-11 05:41 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-19 22:58 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_21.40.12.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2007-03-06 03:28:40 216,288 ------w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 03:29:50 386,784 ------w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 ------w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
- 2004-08-03 21:44:28 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-12-01 10:45:28 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2004-08-03 21:42:38 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-12-01 10:42:34 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-18 20:47:08 276,992 ------w C:\WINDOWS\system32\audiodev.dll
- 2004-08-03 21:43:54 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-18 20:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-08-03 21:43:54 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2008-03-12 23:27:06 266,240 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2004-08-03 21:42:38 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-12-01 10:42:34 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-08-03 21:43:54 286,208 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-18 20:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-08-03 21:43:54 159,232 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-08-03 21:44:34 695,296 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2004-08-03 21:44:02 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-18 20:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-08-03 21:44:22 103,936 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-18 19:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-03 21:44:04 310,272 ----a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-03 21:44:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-03 21:44:04 240,640 ----a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-08-03 22:44:04 368,640 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-12-01 10:42:56 244,224 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2005-05-04 13:45:32 2,890,240 ----a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-03 21:44:32 259,072 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-08-03 21:44:06 52,736 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-08-03 21:44:06 201,728 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-08-03 21:44:34 356,352 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-18 20:47:16 414,208 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-08-03 21:44:06 246,272 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2004-08-03 21:44:10 237,568 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-18 20:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-08-03 22:44:28 774,144 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-12-01 10:49:02 1,677,824 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-03 21:44:28 208,896 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2006-12-01 10:45:28 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2007-08-13 17:54:10 765,952 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:32:12 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2004-08-03 21:44:16 408,064 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-08-03 21:44:16 670,720 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2007-10-25 09:00:50 230,912 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-18 20:47:18 222,208 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-08-03 21:44:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-08-03 21:44:16 23,552 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-08-03 21:43:42 190,976 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-12-01 10:45:42 258,560 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-08-03 21:44:16 151,552 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-18 20:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-08-03 21:44:16 1,050,624 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-18 20:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-30 01:22:16 4,734,976 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-03 21:44:16 114,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-03 22:44:16 98,304 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-12-01 10:45:50 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-03 21:44:16 233,472 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-08-03 22:44:30 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-12-01 10:46:06 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-08-03 21:43:44 2,977,792 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-12-01 11:01:50 8,277,504 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-08-03 21:44:16 102,400 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-12-01 10:46:18 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-08-03 21:44:16 759,296 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-08-03 21:44:16 1,119,744 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-08-03 21:44:16 484,864 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-08-03 21:44:16 896,512 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2007-10-25 09:01:10 2,109,440 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-18 20:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-08-03 21:44:16 809,984 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-08-03 21:44:16 1,001,472 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 20:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
+ 2006-10-18 19:00:00 38,528 ------w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 17:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 18:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-18 19:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-08-03 21:44:34 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2004-08-03 21:44:02 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-18 20:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-08-03 21:44:22 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 19:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 20:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-18 20:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-03 21:44:04 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-18 20:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-03 21:44:04 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-18 20:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-03 21:44:04 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 14:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2005-05-04 13:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-03 21:44:32 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-08-03 21:44:06 52,736 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-08-03 21:44:06 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2004-08-03 21:44:34 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-10-18 20:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-08-03 21:44:06 246,272 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2008-03-10 20:30:42 66,376 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-13 11:49:56 66,376 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-10 20:30:42 82,010 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-03-13 11:49:56 82,010 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-03-10 20:30:42 427,592 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-13 11:49:56 427,592 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-10 20:30:42 484,634 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-03-13 11:49:56 484,634 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2006-10-18 20:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-18 20:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 20:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-18 20:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 20:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2004-08-03 21:44:10 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-18 20:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2008-03-13 11:42:38 5,448 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2006-10-16 15:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-18 20:58:00 8,704 ------w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-18 20:47:18 4,096 ------w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-18 20:58:00 8,704 ------w C:\WINDOWS\system32\wdfmgr.exe
- 2004-08-03 21:44:16 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-08-03 21:44:16 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2007-10-25 09:00:50 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-18 20:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.DLL
- 2004-08-03 21:44:16 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-08-03 21:44:16 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 20:47:18 429,056 ------w C:\WINDOWS\system32\wmdrmdev.dll
+ 2006-10-18 20:47:20 348,672 ------w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-18 20:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-03 21:43:42 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-12-01 10:45:42 258,560 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-08-03 21:44:16 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-18 20:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-08-03 21:44:16 1,050,624 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-18 20:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 01:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-03 21:44:16 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-03 21:44:16 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2006-10-18 20:47:20 1,661,440 ------w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-03 21:43:44 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-12-01 11:01:50 8,277,504 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-18 20:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-18 20:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-03 21:44:16 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-12-01 10:46:18 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-18 20:47:20 204,288 ------w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-08-03 21:44:16 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-08-03 21:44:16 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-08-03 21:44:16 484,864 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-08-03 21:44:16 896,512 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
+ 2006-10-18 20:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVD.dll
+ 2006-10-18 20:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVE.DLL
- 2007-10-25 09:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 20:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 20:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-08-03 21:44:16 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-08-03 21:44:16 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-18 20:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-18 20:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-18 20:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
+ 2006-10-18 20:47:22 629,760 ------w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-18 20:47:22 35,840 ------w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-18 20:47:22 154,624 ------w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-18 20:47:22 63,488 ------w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-18 19:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-11-02 10:52:52 42,496 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-18 20:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
+ 2006-10-18 20:47:22 356,352 ------w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-28 19:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 17:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 17:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 17:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 17:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2008-03-13 11:03:32 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_4e0.dat
+ 2008-03-13 11:27:36 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_7c8.dat
+ 2008-03-13 11:43:40 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_7cc.dat
+ 2008-03-13 11:06:38 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_7d8.dat
+ 2008-03-13 11:13:58 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_8c.dat
+ 2008-03-13 10:57:56 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_90.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 03:24 86016 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-10-11 06:33 2807808 C:\WINDOWS\alcwzrd.exe]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]
"cFosSpeed"="D:\Programy\cfos speed\cFosSpeed.exe" [2007-08-10 16:26 846800]
"nwiz"="nwiz.exe" [2005-06-15 10:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="d:\Programy\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 10:20 6803456]
"avast!"="d:\Programy\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\Gadu-Gadu\\gg.exe"=
"D:\\gry\\Silkroad\\Silkroad\\bot\\srobot.exe"=
"D:\\gry\\Valve\\hl.exe"=
"D:\\gry\\CS non STEAM\\hl.exe"=
"D:\\gry\\CS non STEAM\\hlds.exe"=
"D:\\gry\\Real War\\rwclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\mmc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1106:TCP"= 1106:TCP:Server Rome TCP
"1106:UDP"= 1106:UDP:Server Rome UDP
"15779:TCP"= 15779:TCP:Server Rome 2 TCP
"15779:UDP"= 15779:UDP:Server Rome 2 UDP
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-02 19:27]
S3 NTProcDrv;Process creation detector for NT.;D:\gry\Silkroad\Silkroad\bot\NtProcDrv.sys [2005-02-23 15:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 13:03:09
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-13 13:04:26
ComboFix2.txt 2008-03-10 20:40:34
.
2008-03-10 21:53:35 --- E O F ---
13 Mar 2008, 15:24
Jak zostaje Ci goły pulpit wtedy wciśnij ctrl + alt + del 
Plik Nowe zadanie (Uruchom...) wpisz explorer.exe i powinno wszystko wrócić.
Plik Nowe zadanie (Uruchom...) wpisz explorer.exe i powinno wszystko wrócić.
13 Mar 2008, 15:46
Kompa to masz zajeczepiście zapchanego 
FIX
Start>Ustawienia>Panel Sterowania>Opcje Regionalne i Językowe>Języki>Szczegóły>Zaawansowane>Zaptaszkuj Wyłącz zaawansowane Usługi Tekstowe.
- Kod:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 - Hosts: 121.128.133.26 gwgt1.joymax.com
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
FIX
Start>Ustawienia>Panel Sterowania>Opcje Regionalne i Językowe>Języki>Szczegóły>Zaawansowane>Zaptaszkuj Wyłącz zaawansowane Usługi Tekstowe.
13 Mar 2008, 22:43
Ten Proces był i sie pulpit nie pokazywał, wczytywało sie 'Zapraszamy' jakieś 2 minuty.1jaa napisał(a):Jak zostaje Ci goły pulpit wtedy wciśnij ctrl + alt + del
O1 - Hosts: 121.128.133.26 gwgt1.joymax.com
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
To są Hosty do Gry Silkroad Online, było w poradniku aby dodać to bd miejsze lagi.