Heur.w32 - resetuje kompa, zawiesza system

[Vaderos]

Witam,
Ostatnio z systemem dzieją mi się dziwne rzeczy: komp sam się resetuje (efekt podobny do zaniku zasilania), system się podwiesza, nie odpalają się pliki exe , nie uruchamia mi się Menadżer zadań (wyświetla info że został wyłączony przez admina, mimo że to ja nim jestem), nie odpalają się pliki Excela.
Przeskanowałem system MKS'em, który znalazł Heur.W32 w wielu plikach.
Proszę o pomoc.

W załączeniu podsyłam loh z programu Hijackthis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:36, on 2008-11-16
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mks_vir_9\bin\mksupdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mks_vir_9\bin\mks_mon_svc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\mks_vir_9\bin\mks_scan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Vader\USTAWI~1\Temp\winoqggh.exe
C:\DOCUME~1\Vader\USTAWI~1\Temp\winukih.exe
C:\DOCUME~1\Vader\USTAWI~1\Temp\winvgtw.exe
C:\Documents and Settings\Vader\Pulpit\Nowy folder (4)\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_9\bin\mksupdate.exe
O23 - Service: mks_vir file monitor (mks_mon_svc) - Unknown owner - C:\Program Files\mks_vir_9\bin\mks_mon_svc.exe
O23 - Service: MkS_Scan - Mks Sp. z o.o. - C:\Program Files\mks_vir_9\bin\mks_scan.exe
O23 - Service: MySql - Unknown owner - C:\Program Files\usr/MYSQL/bin/mysqld.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6558 bytes



[wojtas]

Uruchom KVRT

sciagnij :
nie masz 2 antywirusów ? jesli tak pozbac sie jednego..

combofixa

ale nie uruchamiaj...

Otworz notatnik i wklej w nim to:

Folder::
C:\DOCUME~1\Vader\USTAWI~1\Temp

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[Vaderos]

Mam chyba coś gorszego, ponieważ COMBOFIX wiesza się w momencie gdy chce resetować windowsa - prosi czekać i nic, mimo że system jako tako działa i nawet da się go czasami zamknąć.
Próbowałem wyłączać wszystkie programy, odinstalowałem wszystkie antyviry, nawet logowałem się na innego admina.
Jeszcze gorsze jest to, że nie chce pobrać mi programu KVRT (google nie wyszukują strony jak podam nazwę i link bezpośredni do ściągnięcia nie otwiera mi się).
Zgłupiałem doszczętnie. Błagam o pomoc, bo formatowanie nie wchodzi w grę - mam zbyt dużo dokumentów.

Dodano Dzisiaj, 10:20:
Acha, COMBOFIX jeszcze w niedzielę stworzył mi log'a, a teraz nie chce.
Loga tego zrobiłem bez parametru

Folder::
C:\DOCUME~1\Vader\USTAWI~1\Temp

Log poniżej:

Kod: Zaznacz wszystko

ComboFix 08-11-14.01 - Vader 2008-11-16  9:45:01.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.849 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Vader\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-10-16 do 2008-11-16  )))))))))))))))))))))))))))))))
.

2008-11-15 22:22 . 2008-11-15 22:23   <DIR>   d--------   c:\program files\Counter-Strike
2008-11-15 18:01 . 2008-11-15 18:01   <DIR>   d--------   c:\program files\EA GAMES
2008-11-12 09:47 . 2008-11-12 09:47   197   --a------   c:\windows\system32\MRT.INI
2008-11-12 09:43 . 2008-11-12 09:43   1,393   --a------   c:\windows\imsins.BAK
2008-11-12 09:41 . 2008-09-04 18:17   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll
2008-11-12 09:41 . 2008-10-24 12:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 14:00 . 2008-11-11 14:00   <DIR>   dr-------   c:\documents and settings\NetworkService\Ulubione
2008-11-11 13:08 . 2008-11-11 13:08   58,368   --a------   c:\windows\system32\a74LJ7bQ.exe
2008-11-11 12:41 . 2008-11-11 12:41   <DIR>   d--------   c:\program files\CCleaner
2008-11-10 18:00 . 2008-11-10 18:00   <DIR>   d--------   c:\documents and settings\Renia\Dane aplikacji\McAfee.com Personal Firewall
2008-11-09 20:31 . 2008-11-09 20:31   <DIR>   d--------   C:\DoctorWeb
2008-11-09 20:30 . 2008-11-09 20:30   0   --a------   c:\windows\system32\setup_XP.ini
2008-11-09 19:36 . 2008-04-14 18:20   1,689,088   ---h---t-   c:\windows\system32\d422ea0.dll
2008-11-09 19:36 . 2008-04-14 18:20   82,432   ---h---t-   c:\windows\system32\cf17fa2.dll
2008-11-09 19:36 . 2008-04-14 18:20   82,432   ---h---t-   c:\windows\system32\158b75f8.dll
2008-11-09 19:35 . 2008-04-14 18:20   1,689,088   ---h---t-   c:\windows\system32\2072f028.dll
2008-11-09 16:49 . 2008-11-09 16:49   <DIR>   d--------   c:\documents and settings\Vader\Dane aplikacji\McAfee.com Personal Firewall
2008-11-09 13:49 . 2008-11-09 17:41   <DIR>   d--------   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP
2008-11-09 13:29 . 2008-11-09 13:29   <DIR>   d--------   c:\documents and settings\LocalService\Dane aplikacji\McAfee.com Personal Firewall
2008-11-09 13:28 . 2008-11-11 11:22   8,256   --a------   c:\windows\system32\Status.MPF
2008-11-09 12:03 . 2008-11-09 12:03   <DIR>   d--------   c:\program files\McAfee.com
2008-11-09 12:03 . 2008-11-09 12:03   <DIR>   d--------   c:\documents and settings\Mikis\Dane aplikacji\McAfee.com Personal Firewall
2008-11-08 21:16 . 2008-11-08 21:16   <DIR>   d--------   c:\documents and settings\Mikis\DoctorWeb
2008-11-08 20:21 . 2008-11-08 20:21   <DIR>   d--------   c:\program files\SkanerOnline
2008-11-08 14:55 . 2008-11-08 14:55   <DIR>   d--------   c:\documents and settings\Mikis\Dane aplikacji\Mikrotik
2008-11-08 13:58 . 2008-11-15 16:19   363   --a------   c:\windows\gmer.ini
2008-11-08 10:55 . 2008-11-08 10:55   <DIR>   d--------   c:\program files\Trend Micro
2008-11-08 10:52 . 2008-11-08 10:52   <DIR>   d--------   c:\program files\SpywareBlaster
2008-11-08 10:52 . 2008-11-08 10:52   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-08 10:48 . 2008-11-08 10:48   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2008-11-08 10:48 . 2008-11-08 13:41   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-11-07 22:24 . 2008-11-07 22:24   <DIR>   d--------   c:\program files\Lavasoft
2008-11-07 22:24 . 2008-11-09 13:49   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2008-11-07 22:24 . 2008-11-07 22:24   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2008-11-07 14:20 . 2008-11-07 14:20   <DIR>   d--h-----   c:\windows\system32\GroupPolicy
2008-11-04 11:23 . 2008-11-04 11:39   <DIR>   d--------   C:\Instalki 2
2008-11-03 17:24 . 2008-11-03 17:24   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2008-11-03 17:23 . 2008-11-03 17:23   21,419   --a------   c:\windows\system32\drivers\AegisP.sys
2008-11-03 17:22 . 2008-11-03 17:22   <DIR>   d--------   c:\program files\RALINK
2008-11-03 17:22 . 2006-11-02 17:12   348,416   --a------   c:\windows\system32\drivers\rt73.sys
2008-11-03 17:22 . 2006-06-20 22:53   319,488   --a------   c:\windows\system32\AegisI5.exe
2008-11-03 17:22 . 2006-06-17 12:29   295,018   --a------   c:\windows\system32\Install7x.dll
2008-11-03 17:22 . 2005-11-30 11:33   2,048   --a------   c:\windows\system32\drivers\rt73.bin
2008-11-03 17:22 . 2006-03-06 15:36   45   --a------   c:\windows\filespec7x
2008-11-02 10:44 . 2008-11-02 10:55   <DIR>   d--------   C:\Ksiazki
2008-10-30 22:49 . 2008-10-31 16:24   <DIR>   d--------   C:\temp dysk F
2008-10-30 12:44 . 2008-10-30 12:45   <DIR>   d--------   C:\Music
2008-10-30 12:14 . 2008-10-30 12:14   <DIR>   d--------   C:\Visio2000Technical
2008-10-30 11:40 . 2008-10-30 11:40   <DIR>   d--------   C:\UZYTKI
2008-10-30 11:40 . 2008-10-30 11:40   <DIR>   d--------   C:\TELEFONY
2008-10-30 11:17 . 2008-10-30 11:17   <DIR>   d--------   c:\program files\MSXML 4.0
2008-10-30 02:24 . 2008-10-30 02:24   42,320   --a------   c:\windows\system32\xfcodec.dll
2008-10-28 22:09 . 2008-10-28 22:09   <DIR>   d--------   c:\program files\Sony Ericsson
2008-10-28 22:09 . 2008-10-28 22:09   <DIR>   d--------   c:\program files\Common Files\Teleca Shared
2008-10-28 22:09 . 2008-10-28 22:09   <DIR>   d--------   c:\documents and settings\All Users\Documents
2008-10-28 22:09 . 2008-10-28 22:09   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2008-10-24 13:43 . 2008-10-15 17:36   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll
2008-10-17 19:56 . 2008-10-17 19:56   <DIR>   d--------   c:\program files\MagicISO
2008-10-16 17:53 . 2008-09-08 11:41   333,824   -----c---   c:\windows\system32\dllcache\srv.sys
2008-10-16 17:52 . 2008-08-14 14:26   2,190,464   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 17:52 . 2008-08-14 14:26   2,146,816   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 17:52 . 2008-08-14 14:26   2,067,328   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 17:52 . 2008-08-14 14:26   2,025,472   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 17:52 . 2008-09-15 16:27   1,846,656   -----c---   c:\windows\system32\dllcache\win32k.sys

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 20:42   ---------   d-----w   c:\documents and settings\Mikis\Dane aplikacji\uTorrent
2008-11-15 17:52   ---------   d-----w   c:\documents and settings\Mikis\Dane aplikacji\Xfire
2008-11-15 17:01   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-15 09:25   ---------   d-----w   c:\program files\Mozilla Thunderbird
2008-11-12 21:01   ---------   d-----w   c:\program files\Xfire
2008-11-08 19:38   ---------   d-----w   c:\program files\Tlen.pl
2008-11-06 09:43   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2008-11-06 09:41   8,067,616   --sha-w   c:\windows\system32\drivers\fidbox.dat
2008-11-06 09:41   66,204   --sha-w   c:\windows\system32\drivers\fidbox.idx
2008-11-06 09:41   5,600   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2008-11-06 09:41   1,015,840   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2008-11-05 17:50   ---------   d-----w   c:\program files\Opera
2008-11-03 07:43   ---------   d-----w   c:\documents and settings\Vader\Dane aplikacji\Skype
2008-11-03 07:27   ---------   d-----w   c:\documents and settings\Vader\Dane aplikacji\skypePM
2008-10-30 15:42   ---------   d-----w   c:\program files\SuperMemo UX
2008-10-26 11:13   ---------   d-----w   c:\documents and settings\Mikis\Dane aplikacji\foobar2000
2008-10-25 21:34   ---------   d-----w   c:\documents and settings\Mikis\Dane aplikacji\Tlen.pl
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 18:05   182,928   ----a-w   c:\windows\system32\PnkBstrB.exe
2008-10-22 18:05   159,992   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2008-10-17 19:07   ---------   d-----w   c:\program files\Common Files\Adobe
2008-10-17 13:28   ---------   d-----w   c:\program files\DC++
2008-10-12 18:20   ---------   d-----w   c:\program files\Rainlendar2
2008-10-12 17:11   724,992   ----a-w   c:\windows\iun6002.exe
2008-10-12 14:21   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\PopCap Games
2008-10-12 11:51   ---------   d-----w   c:\program files\RocketDock
2008-10-12 11:33   ---------   d-----w   c:\program files\uTorrent
2008-10-12 11:01   ---------   d-----w   c:\program files\NeoTheme
2008-10-04 20:14   105,984   ----a-w   c:\windows\system32\c_dll.dll
2008-10-03 06:40   ---------   d-----w   c:\documents and settings\Vader\Dane aplikacji\foobar2000
2008-09-30 19:00   ---------   d-----w   c:\program files\foobar2000
2008-09-30 18:35   ---------   d-----w   c:\documents and settings\Vader\Dane aplikacji\SpeedSim
2008-09-30 15:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
2008-09-28 13:04   66,872   ----a-w   c:\windows\system32\PnkBstrA.exe
2008-09-23 17:18   ---------   d-----w   c:\program files\Common Files\Blizzard Entertainment
2008-09-22 19:38   ---------   d-----w   c:\documents and settings\Vader\Dane aplikacji\Xfire
2008-09-20 20:01   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2008-09-20 20:00   ---------   d-----w   c:\program files\Electronic Arts
2008-09-17 14:49   52,736   ----a-w   c:\windows\ipuninst.exe
2008-09-15 15:27   1,846,656   ----a-w   c:\windows\system32\win32k.sys
2008-09-14 15:35   19,344   ----a-w   c:\windows\system32\ealregsnapshot1.reg
2008-09-10 01:15   1,307,648   ----a-w   c:\windows\system32\msxml6.dll
2008-09-04 17:17   1,106,944   ----a-w   c:\windows\system32\msxml3.dll
2008-08-26 08:27   826,368   ----a-w   c:\windows\system32\wininet.dll
2007-12-15 18:40   32   ----a-w   c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-11-08_18.33.57.64   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 16:41:47   24,804   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCall.dll
+ 2008-11-09 16:41:49   121,465   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla.dll
+ 2008-11-09 12:49:12   121,465   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla.exe
+ 2008-11-09 16:41:47   120,965   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla10.dll
+ 2008-11-09 16:41:48   121,015   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla11.dll
+ 2008-11-09 16:41:48   121,119   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla12.dll
+ 2008-11-09 16:41:48   120,715   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla13.dll
+ 2008-11-09 16:41:48   120,664   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla14.dll
+ 2008-11-09 16:41:48   120,715   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla15.dll
+ 2008-11-09 16:41:48   120,662   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla16.dll
+ 2008-11-09 16:41:49   120,716   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla17.dll
+ 2008-11-09 16:41:48   120,660   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla18.dll
+ 2008-11-09 16:41:49   121,117   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla2.dll
+ 2008-11-09 16:41:48   136,000   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla21.dll
+ 2008-11-09 12:49:10   136,000   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla21.exe
+ 2008-11-09 16:41:48   120,737   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla24.dll
+ 2008-11-09 16:41:48   120,684   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla25.dll
+ 2008-11-09 16:41:49   129,846   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla26.dll
+ 2008-11-09 16:41:48   137,536   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla27.dll
+ 2008-11-09 16:41:48   127,798   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla28.dll
+ 2008-11-09 16:41:48   127,936   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla29.dll
+ 2008-11-09 12:49:10   127,936   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla29.exe
+ 2008-11-09 16:41:48   638,976   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla3.dll
+ 2008-11-09 16:41:49   120,945   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla30.dll
+ 2008-11-09 16:41:48   120,858   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla31.dll
+ 2008-11-09 16:41:48   136,000   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla32.dll
+ 2008-11-09 16:41:49   120,860   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla33.dll
+ 2008-11-09 16:41:49   155,648   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla34.dll
+ 2008-11-09 16:41:49   121,200   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla35.dll
+ 2008-11-09 16:41:47   128,191   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla36.dll
+ 2008-11-09 12:49:10   128,191   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla36.exe
+ 2008-11-09 16:41:48   128,005   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla37.dll
+ 2008-11-09 16:41:48   126,019   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla38.dll
+ 2008-11-09 16:41:47   122,373   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla4.dll
+ 2008-11-09 16:41:48   126,060   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla41.dll
+ 2008-11-09 12:49:10   126,060   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla41.exe
+ 2008-11-09 16:41:47   120,951   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla5.dll
+ 2008-11-09 16:41:47   120,664   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla6.dll
+ 2008-11-09 16:41:49   126,116   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla7.dll
+ 2008-11-09 16:41:48   120,942   ----a-w   c:\windows\A239B0C1C4874BCFAE789B414ECBF7F3.TMP\WiseCustomCalla9.dll
- 2008-07-31 18:16:44   53,248   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-11-15 17:11:51   53,248   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-07-31 18:16:45   12,800   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-11-15 17:11:51   12,800   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-07-31 18:16:46   473,600   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-11-15 17:11:51   473,600   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-07-31 18:16:39   567,296   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-15 17:11:52   567,296   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-31 18:16:46   145,920   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-11-15 17:11:52   145,920   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-07-31 18:16:47   159,232   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-11-15 17:11:52   159,232   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-07-31 18:16:48   364,544   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-11-15 17:11:53   364,544   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-07-31 18:16:48   178,176   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-11-15 17:11:53   178,176   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-07-31 18:16:44   223,232   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-11-15 17:11:50   223,232   ----a-w   c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-10-24 11:21:09   455,296   ------w   c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-12 08:43:25   32,768   ----a-r   c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2005-03-18 15:23:10   53,248   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 16:23:10   53,248   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
- 2005-03-18 15:23:10   12,800   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 16:23:10   12,800   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
- 2005-03-18 15:23:14   473,600   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2005-03-18 16:23:14   473,600   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
- 2005-03-18 15:23:10   145,920   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 16:23:10   145,920   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
- 2005-03-18 15:23:10   159,232   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 16:23:10   159,232   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
- 2005-03-18 15:23:14   364,544   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 16:23:14   364,544   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
- 2005-03-18 15:23:12   178,176   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 16:23:12   178,176   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
- 2005-03-18 15:23:14   223,232   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2005-03-18 16:23:14   223,232   ----a-w   c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
- 2008-04-14 17:20:39   1,306,624   -c----w   c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:15:56   1,307,648   -c----w   c:\windows\system32\dllcache\msxml6.dll
- 2008-10-07 19:19:40   16,721,856   ----a-w   c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25   17,396,160   ----a-w   c:\windows\system32\MRT.exe
+ 2007-03-15 11:00:36   466,432   ----a-w   c:\windows\system32\SkanerOnline.dll
+ 2007-01-19 08:40:42   89,088   ----a-w   c:\windows\system32\SkanerOnlineUninstall.exe
- 2007-11-30 11:21:28   19,320   ------w   c:\windows\system32\spmsg.dll
+ 2008-07-08 13:20:04   19,320   ------w   c:\windows\system32\spmsg.dll
+ 2008-09-30 15:42:08   1,286,152   ----a-w   c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12   91,656   ----a-w   c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 93184]
"Spik"="c:\program files\Spik\Spik.exe" [2008-02-20 181736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 222608]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-10-26 229376]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 93184]

c:\documents and settings\Mikis\Menu Start\Programy\Autostart\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-10-30 3173712]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 107520]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-11-03 745472]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\UnrealTournament\\NetGamesUSA.com\\ngWorldStats\\bin\\ngWorldStats.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\RocketDock\\RocketDock.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"=
"c:\\Program Files\\Spik\\Spik.exe"=
"c:\\Program Files\\RALINK\\Common\\RaUI.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\Program Files\\LClock\\lclock.exe"=
"c:\\Documents and Settings\\Mikis\\Pulpit\\gmer\\gmer.exe"=
"c:\\WINDOWS\\system32\\ctfmon.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\opqmoj.sys []
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S0 St320hg;St320hg;c:\windows\system32\DRIVERS\st320hg.sys [2002-09-12 85696]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\DRIVERS\snpp106.sys [2008-02-21 239488]
.
Zawartość folderu 'Zaplanowane zadania'

2008-11-11 c:\windows\Tasks\At1.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-16 c:\windows\Tasks\At10.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At11.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-14 c:\windows\Tasks\At12.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At13.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At14.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At15.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At16.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At17.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At18.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At19.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-11 c:\windows\Tasks\At2.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At20.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At21.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At22.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At23.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-15 c:\windows\Tasks\At24.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-11 c:\windows\Tasks\At3.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-11 c:\windows\Tasks\At4.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-11 c:\windows\Tasks\At5.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-11 c:\windows\Tasks\At6.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-11 c:\windows\Tasks\At7.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-14 c:\windows\Tasks\At8.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]

2008-11-14 c:\windows\Tasks\At9.job
- c:\windows\system32\a74LJ7bQ.exe [2008-11-11 13:08]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Vader\Dane aplikacji\Mozilla\Firefox\Profiles\cekm4dtp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.onet.pl
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npcnmozillainterface.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOggX.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npwpk.dll
FF -: plugin - c:\program files\Spik\mozilla\npwpk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 09:48:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:\program files\usr/MYSQL/bin/mysqld.exe"
.
Czas ukończenia: 2008-11-16  9:53:38
ComboFix-quarantined-files.txt  2008-11-16 08:52:39
ComboFix2.txt  2008-11-08 18:59:51
ComboFix3.txt  2008-11-08 17:35:28

Przed: 3 134 902 272 bajtów wolnych
Po: 3,471,503,360 bajtów wolnych

374   --- E O F ---   2008-11-12 08:47:49


[djarta]

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\opqmoj.sys []

Zły znak.


Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
c:\windows\system32\a74LJ7bQ.exe
c:\windows\system32\drivers\opqmoj.sys
c:\windows\Tasks\At1.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Driver::
abp470n5


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

c:\windows\system32\158b75f8.dll

Sprawdź go na --> http://virusscan.jotti.org/
albo na http://www.virustotal.com/en/indexf.html.



======================
K.

[Vaderos]

zły znak to łagodne stwierdzenie ...
COMBOFIX działa dalej tak samo - zawiesza sie przy próbie restartu (wszystko do tego momentu działa jakby OK), no i w końcu robię reset z palucha, ale nie tworzy się log.
Istnieją jakieś odpowiedniki Combofix'a ?

Mimo że log nie powstał skasowałem ręcznie katalogi c:\combofix i c:\C:\Qoobox i powtórzyłem całą procedurę. Nadal to samo

Strony z antyvirami nie ładują się !!!
Tragedia

[djarta]

Nie masz loga - tak?

A plik sprawdzony?

Daj log z RSIT'a.



=====================
K.

[Vaderos]

Proszę bardzo:

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.04 (written by random/random)
Run by Vader at 2008-11-18 15:50:52
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 3 GB (4%) free of 80 GB
Total RAM: 1279 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51, on 2008-11-18
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\DOCUME~1\Vader\USTAWI~1\Temp\mcdpf.exe
C:\DOCUME~1\Vader\USTAWI~1\Temp\winqoewos.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Vader\USTAWI~1\Temp\ijxu.exe
C:\Program Files\Spik\Spik.exe
C:\WINDOWS\system32\rsvp.exe
C:\DOCUME~1\Vader\USTAWI~1\Temp\heroj.exe
C:\Documents and Settings\Vader\Pulpit\Nowy folder (4)\RSIT.exe
C:\Program Files\trend micro\Vader.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - C:\Program Files\usr/MYSQL/bin/mysqld.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5604 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 222608]
"Spik"=C:\Program Files\Spik\Spik.exe [2008-11-13 103912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 93184]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\UnrealTournament\NetGamesUSA.com\ngWorldStats\bin\ngWorldStats.exe"="D:\UnrealTournament\NetGamesUSA.com\ngWorldStats\bin\ngWorldStats.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe:*:Enabled:ipsec"
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ipsec"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:ipsec"
"C:\Program Files\RocketDock\RocketDock.exe"="C:\Program Files\RocketDock\RocketDock.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe:*:Enabled:ipsec"
"C:\Program Files\Spik\Spik.exe"="C:\Program Files\Spik\Spik.exe:*:Enabled:ipsec"
"C:\Program Files\RALINK\Common\RaUI.exe"="C:\Program Files\RALINK\Common\RaUI.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:ipsec"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\Ati2evxx.exe"="C:\WINDOWS\system32\Ati2evxx.exe:*:Enabled:ipsec"
"C:\Program Files\LClock\lclock.exe"="C:\Program Files\LClock\lclock.exe:*:Enabled:ipsec"
"C:\Documents and Settings\Mikis\Pulpit\gmer\gmer.exe"="C:\Documents and Settings\Mikis\Pulpit\gmer\gmer.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"C:\WINDOWS\SOUNDMAN.EXE"="C:\WINDOWS\SOUNDMAN.EXE:*:Enabled:ipsec"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\injn.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\injn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\rbds.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\rbds.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winhjfjt.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winhjfjt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winergt.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winergt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winglewh.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winglewh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\cngl.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\cngl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\wbadbi.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\wbadbi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\huvbt.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\huvbt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winlcoxy.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winlcoxy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\wincplc.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\wincplc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\xdsrkv.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\xdsrkv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winjfiuab.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winjfiuab.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\eygbc.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\eygbc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winikcg.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winikcg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winqjoaf.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winqjoaf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\windkqm.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\windkqm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winhxnckh.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winhxnckh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\sxsjo.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\sxsjo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winfvlywl.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winfvlywl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\tjmvkl.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\tjmvkl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\tmca.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\tmca.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\jimshl.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\jimshl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winkgvlqx.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winkgvlqx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\xixi.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\xixi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Mikis\USTAWI~1\Temp\winujupmy.exe"="C:\DOCUME~1\Mikis\USTAWI~1\Temp\winujupmy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Mikis\USTAWI~1\Temp\ejcn.exe"="C:\DOCUME~1\Mikis\USTAWI~1\Temp\ejcn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Mikis\USTAWI~1\Temp\winsdnku.exe"="C:\DOCUME~1\Mikis\USTAWI~1\Temp\winsdnku.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Mikis\USTAWI~1\Temp\udnpio.exe"="C:\DOCUME~1\Mikis\USTAWI~1\Temp\udnpio.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Mikis\USTAWI~1\Temp\wincsxyll.exe"="C:\DOCUME~1\Mikis\USTAWI~1\Temp\wincsxyll.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\pmlncp.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\pmlncp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\eywpy.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\eywpy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winxtkd.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winxtkd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\wincmlxl.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\wincmlxl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winlrycwl.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winlrycwl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\kxlhww.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\kxlhww.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winoqggh.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winoqggh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winukih.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winukih.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winvgtw.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winvgtw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\enqb.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\enqb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\windmypl.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\windmypl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\dkwda.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\dkwda.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\wferch.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\wferch.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\chnbyx.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\chnbyx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winalpt.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winalpt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winrqlg.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winrqlg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\wincmvu.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\wincmvu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winipyhf.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winipyhf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winndrt.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winndrt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\yekr.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\yekr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\bxde.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\bxde.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\cmnaf.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\cmnaf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winwcnh.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winwcnh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winogrju.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winogrju.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\aknsv.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\aknsv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\gaujke.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\gaujke.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\gwqd.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\gwqd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winbmevs.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winbmevs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winiqbk.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winiqbk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\vhbobk.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\vhbobk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winassw.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winassw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winukdc.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winukdc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\okmn.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\okmn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\aygoae.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\aygoae.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\fndi.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\fndi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\ufsmu.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\ufsmu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winwfcncn.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winwfcncn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winblplmi.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winblplmi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\gtspj.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\gtspj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winngey.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winngey.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winrdtme.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winrdtme.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winxrpepb.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winxrpepb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winyqtho.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winyqtho.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winkycuqp.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winkycuqp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\vyej.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\vyej.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winuccqnn.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winuccqnn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winjwlb.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winjwlb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Vader\USTAWI~1\Temp\winhwvphu.exe"="C:\DOCUME~1\Vader\USTAWI~1\Temp\winhwvphu.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-18 15:50:52 ----D---- C:\rsit
2008-11-18 14:27:11 ----D---- C:\WINDOWS\temp
2008-11-18 14:22:47 ----A---- C:\Boot.bak
2008-11-18 14:22:43 ----RASHD---- C:\cmdcons
2008-11-18 14:20:06 ----D---- C:\Qoobox
2008-11-18 14:20:05 ----D---- C:\ComboFix
2008-11-18 14:20:05 ----A---- C:\WINDOWS\system32\CF8968.exe
2008-11-18 13:40:51 ----A---- C:\WINDOWS\system32\CF1281.exe
2008-11-18 01:05:43 ----A---- C:\WINDOWS\system32\CF17168.exe
2008-11-18 00:49:02 ----A---- C:\WINDOWS\system32\CF13896.exe
2008-11-18 00:34:10 ----A---- C:\WINDOWS\system32\CF10986.exe
2008-11-18 00:05:08 ----A---- C:\WINDOWS\system32\CF5291.exe
2008-11-17 22:13:26 ----SHD---- C:\Config.Msi
2008-11-17 20:01:33 ----A---- C:\WINDOWS\system32\CF23107.exe
2008-11-17 19:56:22 ----A---- C:\WINDOWS\system32\CF22088.exe
2008-11-17 19:42:02 ----A---- C:\WINDOWS\system32\CF19283.exe
2008-11-17 19:19:30 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-11-17 19:14:34 ----SHD---- C:\RECYCLER
2008-11-17 19:14:00 ----A---- C:\WINDOWS\system32\CF13787.exe
2008-11-17 09:02:00 ----A---- C:\WINDOWS\system32\Install7x.dll
2008-11-17 09:02:00 ----A---- C:\WINDOWS\system32\AegisI5.exe
2008-11-16 18:16:22 ----D---- C:\MkSKwar
2008-11-15 22:22:14 ----D---- C:\Program Files\Counter-Strike
2008-11-15 18:01:54 ----D---- C:\Program Files\EA GAMES
2008-11-12 09:47:45 ----A---- C:\WINDOWS\system32\MRT.INI
2008-11-12 09:44:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 09:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 09:43:38 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 09:43:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 20:31:34 ----D---- C:\DoctorWeb
2008-11-09 20:30:17 ----A---- C:\WINDOWS\system32\setup_XP.ini
2008-11-09 19:36:00 ----HT---- C:\WINDOWS\system32\d422ea0.dll
2008-11-09 19:36:00 ----HT---- C:\WINDOWS\system32\cf17fa2.dll
2008-11-09 19:36:00 ----HT---- C:\WINDOWS\system32\158b75f8.dll
2008-11-09 19:35:59 ----HT---- C:\WINDOWS\system32\2072f028.dll
2008-11-09 16:49:48 ----D---- C:\Documents and Settings\Vader\Dane aplikacji\McAfee.com Personal Firewall
2008-11-09 13:49:10 ----D---- C:\WINDOWS\A239B0C1C4874BCFAE789B414ECBF7F3.TMP
2008-11-09 12:03:31 ----D---- C:\Program Files\McAfee.com
2008-11-08 20:21:43 ----D---- C:\Program Files\SkanerOnline
2008-11-08 18:16:59 ----A---- C:\WINDOWS\zip.exe
2008-11-08 18:16:59 ----A---- C:\WINDOWS\VFIND.exe
2008-11-08 18:16:59 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-08 18:16:59 ----A---- C:\WINDOWS\SWSC.exe
2008-11-08 18:16:59 ----A---- C:\WINDOWS\SWREG.exe
2008-11-08 18:16:59 ----A---- C:\WINDOWS\sed.exe
2008-11-08 18:16:59 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-08 18:16:59 ----A---- C:\WINDOWS\grep.exe
2008-11-08 18:16:59 ----A---- C:\WINDOWS\fdsv.exe
2008-11-08 18:16:52 ----D---- C:\WINDOWS\ERDNT
2008-11-08 13:58:02 ----A---- C:\WINDOWS\gmer.ini
2008-11-08 13:58:01 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-08 13:58:01 ----A---- C:\WINDOWS\gmer.exe
2008-11-08 13:58:01 ----A---- C:\WINDOWS\gmer.dll
2008-11-08 10:55:57 ----D---- C:\Program Files\Trend Micro
2008-11-08 10:52:58 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-11-08 10:48:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-07 22:24:51 ----D---- C:\Program Files\Lavasoft
2008-11-07 22:24:49 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-11-07 22:24:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-07 14:20:05 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-11-04 11:23:01 ----D---- C:\Instalki 2
2008-11-03 17:24:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-03 17:22:16 ----D---- C:\Program Files\RALINK
2008-11-02 10:44:30 ----D---- C:\Ksiazki
2008-10-30 22:49:49 ----D---- C:\temp dysk F
2008-10-30 12:44:47 ----D---- C:\Music
2008-10-30 12:14:19 ----D---- C:\Visio2000Technical
2008-10-30 11:40:41 ----D---- C:\UZYTKI
2008-10-30 11:40:27 ----D---- C:\TELEFONY
2008-10-30 11:17:25 ----D---- C:\Program Files\MSXML 4.0
2008-10-28 22:09:18 ----D---- C:\Program Files\Common Files\Teleca Shared
2008-10-28 22:09:15 ----D---- C:\Program Files\Sony Ericsson
2008-10-28 22:09:14 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-10-24 21:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-18 14:51:54 ----D---- C:\Program Files\Mozilla Firefox
2008-11-18 14:30:43 ----D---- C:\WINDOWS\system32\drivers
2008-11-18 14:30:35 ----D---- C:\WINDOWS
2008-11-18 14:26:25 ----D---- C:\WINDOWS\system32
2008-11-18 14:26:25 ----D---- C:\WINDOWS\AppPatch
2008-11-18 14:26:25 ----D---- C:\Program Files\Common Files
2008-11-18 14:25:10 ----D---- C:\Program Files\Internet Explorer
2008-11-18 14:22:47 ----RASH---- C:\boot.ini
2008-11-18 14:20:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-18 14:19:39 ----A---- C:\WINDOWS\wincmd.ini
2008-11-18 13:57:32 ----SHD---- C:\WINDOWS\Installer
2008-11-18 13:57:32 ----D---- C:\Program Files\Spik
2008-11-18 13:56:01 ----D---- C:\WINDOWS\Prefetch
2008-11-18 13:45:23 ----SD---- C:\WINDOWS\Tasks
2008-11-18 00:29:35 ----D---- C:\Program Files
2008-11-18 00:05:09 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-17 22:13:57 ----HD---- C:\WINDOWS\inf
2008-11-17 22:13:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-16 20:01:17 ----D---- C:\WINDOWS\WinSxS
2008-11-16 18:46:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-16 18:26:57 ----D---- C:\Program Files\WarRock
2008-11-16 18:18:25 ----D---- C:\Program Files\RocketDock
2008-11-16 18:17:42 ----D---- C:\Program Files\LClock
2008-11-16 16:25:44 ----D---- C:\WINDOWS\Minidump
2008-11-16 10:40:40 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-11-16 09:48:52 ----A---- C:\WINDOWS\system.ini
2008-11-15 21:41:59 ----RD---- C:\Downloads
2008-11-15 21:41:59 ----D---- C:\Endin' Torrent Files
2008-11-15 18:11:55 ----D---- C:\WINDOWS\system32\DirectX
2008-11-15 18:11:53 ----RSD---- C:\WINDOWS\assembly
2008-11-15 18:01:50 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-14 10:30:32 ----A---- C:\WINDOWS\bestplayer.ini
2008-11-12 09:44:14 ----D---- C:\WINDOWS\Debug
2008-11-12 09:44:00 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-08 20:38:28 ----D---- C:\Program Files\Tlen.pl
2008-11-08 20:21:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-08 19:46:45 ----D---- C:\WINDOWS\system32\config
2008-11-08 18:34:51 ----D---- C:\WINDOWS\repair
2008-11-05 18:50:06 ----D---- C:\Program Files\Opera
2008-11-04 01:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 17:28:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-03 17:28:00 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft
2008-11-03 08:43:11 ----D---- C:\Documents and Settings\Vader\Dane aplikacji\Skype
2008-11-03 08:27:05 ----D---- C:\Documents and Settings\Vader\Dane aplikacji\skypePM
2008-11-01 08:47:33 ----D---- C:\Angielski
2008-10-30 16:42:35 ----D---- C:\Program Files\SuperMemo UX
2008-10-28 22:07:27 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-22 19:05:22 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-17 21419]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\opqmoj.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 hsf_msft;hsf_msft; C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
R3 MODEMCSA;Urządzenie filtru strumieniowego usługi Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-12-25 10368]
R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-11-02 348416]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 wceusbsh;Sterownik hosta szeregowego USB Windows CE; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31872]
S3 a267su7l;a267su7l; C:\WINDOWS\system32\drivers\a267su7l.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-08 85969]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPP106;PC Camera (6029 CIF); C:\WINDOWS\system32\DRIVERS\snpp106.sys [2002-12-05 239488]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-28 66872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 MySql;MySql; C:\Program Files\usr/MYSQL/bin/mysqld.exe [2003-09-14 2928700]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-28 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


[djarta]

Ja nie będę niczego zalecał do usuwania, póki nie dowiem się czy plik 'c:\windows\system32\158b75f8.dll' jest zarażony czy nie.




=======================
K.

[Vaderos]

Chyba udało mi się już pozbyć kłopotów, ponieważ system zachowuje się prawidłowo.
Zrobiłem tak:
na innym dysku (systemowy odłączyłem żeby zmniejszyć ryzyko infekcji) zainstalowałem system i ściągnąłem bez problemów KVRT i wykonałem skany najpierw jednego dysku (ponad 500 wirów Sality), a potem po podłączeniu - następnego (ponad 300 wirów Sality). Sprawdzałem również Threatfire - też znalazł zagrożenia - głównie w poczcie, ale poddał tylko pliki kwarantannie.
Sposób zadziałał i teraz wszystko działo OK, choć COMBOFIX i tak nie resetuje kompa.

Dzięki wielkie za pomoc. Pozdrawiam.

[wojtas]

daj nowe logi..