Ostrzeżenie na pulpicie o wirusach (+ log)

[moodygirl2]

Witam,dotychczas z komputerem było wszystko w porządku, rano natomiast na pulpicie pojawiła wiadomość na białym tle o dwóch wykrytych wirusach.
Win32/Adware.Virtumonde oraz Win32/PrivacyRemover.M64
Po tym komputer zaczął wariować:resetował się,przy uruchamianiu pojawiały się jakies dziwne strony..nie mam pojęcia co z tym zrobić, antywirusy nie pomagają.

Log. Combofix

Kod: Zaznacz wszystko

ComboFix 08-09-03.06 - XXX 2008-09-04 23:07:48.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.255 [GMT 2:00]
Running from: D:\Moje dokumenty\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\XXX\Dane aplikacji\rhcgj1j0e3fr
C:\Program Files\rhcgj1j0e3fr
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\blphclj1j0e3fr.scr
C:\WINDOWS\system32\lphclj1j0e3fr.exe
C:\WINDOWS\system32\phclj1j0e3fr.bmp
C:\WINDOWS\system32\tdssservers.dat

.
(((((((((((((((((((((((((   Files Created from 2008-08-04 to 2008-09-04  )))))))))))))))))))))))))))))))
.

2008-09-04 10:10 . 2008-09-04 10:10   <DIR>   d--------   C:\Program Files\Common Files\Symantec Shared
2008-09-04 09:38 . 2008-09-04 09:38   <DIR>   d--------   C:\Program Files\Spyware Doctor
2008-09-04 09:38 . 2008-09-04 09:38   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-09-04 09:38 . 2008-08-25 11:36   81,288   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-04 09:38 . 2008-08-25 11:36   66,952   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-04 09:38 . 2008-08-25 11:36   40,840   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-04 09:38 . 2008-06-02 15:19   29,576   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-09-04 09:32 . 2008-09-04 09:32   <DIR>   d--------   C:\Program Files\Anti-Trojan-55
2008-09-04 09:01 . 2008-09-04 09:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-09-04 08:59 . 2008-09-04 08:59   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-09-04 07:30 . 2008-09-04 07:30   30,720   --a------   C:\WINDOWS\system32\a.exe(1).VIR
2008-09-04 05:23 . 2008-09-04 05:23   <DIR>   d--hs----   C:\FOUND.142
2008-09-02 10:00 . 2008-09-02 10:00   <DIR>   d--hs----   C:\FOUND.141
2008-09-01 22:42 . 2008-09-01 22:43   382,352   --a------   C:\jre-6u7-windows-i586-p-iftw.exe
2008-09-01 21:53 . 2008-09-01 21:53   <DIR>   d--hs----   C:\FOUND.140
2008-08-31 23:04 . 2008-08-31 23:04   <DIR>   d--------   C:\Program Files\RelevantKnowledge
2008-08-31 20:24 . 2008-08-31 20:24   <DIR>   d--hs----   C:\FOUND.139
2008-08-29 22:35 . 2008-08-29 22:35   9,065,576   --a------   C:\Opera_9.52_installer_in.exe
2008-08-29 18:38 . 2008-08-29 18:38   <DIR>   d--hs----   C:\FOUND.138
2008-08-29 15:21 . 2008-08-29 15:21   <DIR>   d--hs----   C:\FOUND.137
2008-08-28 19:04 . 2008-08-28 19:04   <DIR>   d--hs----   C:\FOUND.136
2008-08-28 16:07 . 2008-08-28 16:07   <DIR>   d--hs----   C:\FOUND.135
2008-08-26 20:15 . 2008-08-26 20:15   <DIR>   d--hs----   C:\FOUND.134
2008-08-26 12:11 . 2008-08-26 12:11   <DIR>   d--hs----   C:\FOUND.133
2008-08-22 21:08 . 2008-08-22 21:08   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
2008-08-22 18:06 . 2008-08-22 18:06   <DIR>   d--hs----   C:\FOUND.132
2008-08-21 22:38 . 2008-08-21 22:38   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2008-08-21 22:20 . 2008-08-21 22:21   <DIR>   d--------   C:\Program Files\Panda Security
2008-08-21 21:30 . 2008-08-21 21:30   <DIR>   d--hs----   C:\FOUND.131
2008-08-21 14:01 . 2008-08-21 14:01   <DIR>   d--hs----   C:\FOUND.130
2008-08-21 07:03 . 2008-08-21 07:03   <DIR>   d--hs----   C:\FOUND.129
2008-08-20 20:34 . 2008-08-20 20:34   <DIR>   d--hs----   C:\FOUND.128
2008-08-20 11:05 . 2008-08-20 11:05   <DIR>   d--------   C:\Program Files\SAGEM WiFi manager
2008-08-20 11:05 . 2007-01-16 13:52   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-08-20 11:05 . 2007-01-16 13:52   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-08-20 11:04 . 2008-08-20 11:04   <DIR>   d--------   C:\Program Files\SAGEM
2008-08-20 11:04 . 2008-08-20 11:04   <DIR>   d--------   C:\Documents and Settings\XXX\Dane aplikacji\InstallShield
2008-08-20 11:00 . 2007-01-10 10:14   450,560   --a------   C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-08-20 10:59 . 2005-06-17 10:26   114,688   --a------   C:\WINDOWS\system32\WLANUTL.dll
2008-08-20 10:59 . 2005-06-17 10:26   61,440   --a------   C:\WINDOWS\system32\W32N50.dll
2008-08-18 09:26 . 2008-08-18 09:26   <DIR>   d--hs----   C:\FOUND.127
2008-08-18 09:12 . 2008-08-18 09:12   <DIR>   d--hs----   C:\FOUND.126
2008-08-18 02:38 . 2008-08-18 02:38   <DIR>   d--------   C:\Program Files\PhotoScape
2008-08-17 21:43 . 2008-08-17 21:43   <DIR>   d--hs----   C:\FOUND.125
2008-08-13 01:36 . 2008-05-01 16:33   331,776   ---------   C:\WINDOWS\system32\dllcache\msadce.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2060-08-18 17:02   1,496,064   ------w   C:\WINDOWS\system32\CC3250MT.DLL
2060-08-18 16:40   909,824   ------w   C:\WINDOWS\system32\cp3245mt.dll
2060-08-18 16:40   24,064   ------w   C:\WINDOWS\system32\borlndmm.dll
2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09   1,811,656   ----a-w   C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:33   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-07-07 20:33   253,952   ------w   C:\WINDOWS\system32\dllcache\es.dll
2008-07-06 19:27   ---------   d-----w   C:\Program Files\Burrrn
2008-06-29 14:11   724,992   ----a-w   C:\WINDOWS\iun6002.exe
2008-06-24 16:24   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-24 16:24   74,240   ------w   C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:42   3,592,192   ------w   C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:23   70,656   ------w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:23   625,664   ------w   C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20   13,824   ------w   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23   161,792   ------w   C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:42   246,784   ------w   C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:42   148,992   ----a-w   C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44   138,368   ------w   C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52   225,920   ------w   C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 18:01   273,024   ------w   C:\WINDOWS\system32\dllcache\bthport.sys
2008-03-16 13:27   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-05-09 12:49   14   ----a-w   C:\Documents and Settings\XXX\getfile.dat
2007-01-12 21:43   3,657,784   ----a-w   C:\Program Files\gg76.exe
2006-07-17 16:06   12,838,400   ----a-w   C:\Program Files\MP10Setup.exe
2006-06-18 17:53   20,982   ----a-w   C:\Program Files\videodownloader-1.0-fx.xpi
2006-06-18 15:08   1,804,304   ----a-w   C:\Program Files\FxFotoSetup.exe
2004-08-03 22:44   4,639   ----a-w   C:\Program Files\mplayer2.exe
2003-01-12 10:41   3,392   ----a-w   C:\WINDOWS\inf\OTHER\cmiainfo.sys
2006-12-22 19:45   6,998   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
2006-12-17 19:39   168   --sh--r   C:\WINDOWS\system32\3EED0B0FA3.sys
2006-12-22 19:45   56   --sh--r   C:\WINDOWS\system32\BACE88251C.sys
.

------- Sigcheck -------

2005-06-19 22:07  504832  612af70aa1b537a1ffc9185d0a046f7f   C:\WINDOWS\system32\winlogon.exe
2008-04-14 19:21  510464  51fd2e13d723857b9ca239ae77150f48   C:\WINDOWS\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\winlogon.exe
.
(((((((((((((((((((((((((((((   snapshot_2008-07-01_16.49.04,04   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:14:48   100,352   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08   138,368   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:42   147,968   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:42   246,784   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42   360,960   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:40   225,920   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08   138,496   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:48:54   147,968   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:48:54   246,784   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12   361,600   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:28   225,856   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:04   138,496   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:44   147,968   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:44   246,784   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02   361,600   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44   225,856   ------w   C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:40:46   19,320   ------w   C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:40:46   234,360   ------w   C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:40:46   26,488   ------w   C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:40:48   763,256   ------w   C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:40:48   398,200   ------w   C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2004-08-03 19:14:16   138,496   ------w   C:\WINDOWS\$NtUninstallKB951748$\afd.sys
+ 2008-02-20 05:38:08   148,992   ------w   C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
+ 2004-08-03 20:44:06   246,784   ------w   C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
+ 2007-11-30 12:40:46   234,360   ------w   C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe
+ 2007-11-30 12:40:48   398,200   ------w   C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll
+ 2007-10-30 16:20:56   360,064   ------w   C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
+ 2006-08-16 09:37:30   225,664   ------w   C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys
+ 2008-08-21 20:43:02   181,760   ----a-w   C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48   118,784   ----a-w   C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48   53,248   ----a-w   C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-08-21 20:43:04   142,848   ----a-w   C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-06-30 08:39:58   128,256   ----a-w   C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2008-01-09 13:01:48   118,784   ----a-w   C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48   53,248   ----a-w   C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2000-08-31 06:00:00   73,728   ----a-w   C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00   89,504   ----a-w   C:\WINDOWS\fdsv.exe
+ 2008-04-23 07:20:42   124,928   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 07:20:42   347,136   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 07:20:42   214,528   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 07:20:42   133,120   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 07:20:42   63,488   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:43:26   70,656   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 07:20:42   153,088   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 07:20:42   230,400   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:52   161,792   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 07:20:42   383,488   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 07:20:42   384,512   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 07:20:42   6,066,176   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 07:20:44   44,544   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 07:20:44   267,776   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58   13,824   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:43:46   625,664   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 07:20:44   27,648   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 07:20:44   459,264   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 07:20:44   52,224   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-23 23:20:44   3,591,680   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 07:20:44   478,208   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 07:20:44   193,024   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 07:20:44   671,232   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 07:20:44   102,912   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 07:20:44   44,544   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 03:28:40   216,288   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 03:29:50   386,784   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 07:20:44   105,984   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 07:20:44   1,159,680   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 07:20:44   233,472   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 07:20:44   826,368   ------w   C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
+ 2008-07-16 13:31:50   2,000   ----a-w   C:\WINDOWS\SoftwareDistribution\EventCache\{0F2010CB-2AD7-4F1C-84A8-2DAD8D193182}.bin
- 2008-04-23 07:20:42   124,928   ----a-w   C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:42:04   124,928   ----a-w   C:\WINDOWS\system32\advpack.dll
+ 1998-04-23 17:14:16   216,064   ----a-w   C:\WINDOWS\system32\CP5DLL32.DLL
+ 2006-08-16 11:59:44   100,352   ------w   C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2008-04-23 07:20:42   124,928   ------w   C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:42:04   124,928   ------w   C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-04-23 07:20:42   347,136   ------w   C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:42:04   347,136   ------w   C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 07:20:42   214,528   ------w   C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:42:06   214,528   ------w   C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-04-23 07:20:42   133,120   ------w   C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:42:06   133,120   ------w   C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-23 07:20:42   63,488   ------w   C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:42:06   63,488   ------w   C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-04-23 07:20:42   153,088   ------w   C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:42:06   153,088   ------w   C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 07:20:42   230,400   ------w   C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:42:06   230,400   ------w   C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-23 07:20:42   383,488   ------w   C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:42:06   383,488   ------w   C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-04-23 07:20:42   384,512   ------w   C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:42:06   384,512   ------w   C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-23 07:20:42   6,066,176   ------w   C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:42:08   6,066,176   ------w   C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-04-23 07:20:44   44,544   ------w   C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:42:08   44,544   ------w   C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-04-23 07:20:44   267,776   ------w   C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:42:08   267,776   ------w   C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-21 06:18:06   683,520   ------w   C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:51:52   683,520   ------w   C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-04-23 07:20:44   27,648   ------w   C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:42:08   27,648   ------w   C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-04-23 07:20:44   459,264   ------w   C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:42:10   459,264   ------w   C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-04-23 07:20:44   52,224   ------w   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:42:10   52,224   ------w   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-04-23 07:20:44   478,208   ------w   C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:42:12   477,696   ------w   C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-23 07:20:44   193,024   ------w   C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:42:12   193,024   ------w   C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 07:20:44   671,232   ------w   C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:42:12   671,232   ------w   C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-23 07:20:44   102,912   ------w   C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:42:12   102,912   ------w   C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 07:20:44   44,544   ------w   C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:42:12   44,544   ------w   C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-04-23 07:20:44   105,984   ------w   C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:42:12   105,984   ------w   C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 07:20:44   1,159,680   ------w   C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:42:12   1,159,680   ------w   C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-23 07:20:44   233,472   ------w   C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:42:12   233,472   ------w   C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 07:20:44   826,368   ------w   C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:42:14   826,368   ------w   C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-20 05:38:08   148,992   ----a-w   C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:42:20   148,992   ----a-w   C:\WINDOWS\system32\dnsapi.dll
- 2004-08-03 19:14:16   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
+ 2008-06-20 10:44:38   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
+ 2008-04-29 09:19:50   12,960   ----a-w   C:\WINDOWS\system32\drivers\Awrtpd.sys
+ 2008-04-29 09:19:54   15,648   ----a-w   C:\WINDOWS\system32\drivers\Awrtrd.sys
+ 2008-04-29 09:20:00   15,648   ----a-w   C:\WINDOWS\system32\drivers\NSDriver.sys
- 2007-02-23 03:29:54   36,624   ------w   C:\WINDOWS\system32\drivers\PxHelp20.sys
+ 2007-03-07 23:51:00   43,528   ------w   C:\WINDOWS\system32\drivers\PxHelp20.sys
- 2007-10-30 16:20:56   360,064   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:14   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30   225,664   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
- 2008-04-23 07:20:42   347,136   ------w   C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:42:04   347,136   ------w   C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 07:20:42   214,528   ------w   C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:42:06   214,528   ------w   C:\WINDOWS\system32\dxtrans.dll
- 2008-04-23 07:20:42   133,120   ------w   C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:42:06   133,120   ------w   C:\WINDOWS\system32\extmgr.dll
- 2008-04-23 07:20:42   63,488   ----a-w   C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:42:06   63,488   ----a-w   C:\WINDOWS\system32\icardie.dll
- 2008-04-22 07:43:26   70,656   ------w   C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:23:08   70,656   ------w   C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 07:20:42   153,088   ------w   C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:42:06   153,088   ------w   C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 07:20:42   230,400   ------w   C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:42:06   230,400   ------w   C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:52   161,792   ------w   C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54   161,792   ------w   C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 07:20:42   383,488   ----a-w   C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:42:06   383,488   ----a-w   C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-23 07:20:42   384,512   ------w   C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:42:06   384,512   ------w   C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-23 07:20:42   6,066,176   ----a-w   C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:42:08   6,066,176   ----a-w   C:\WINDOWS\system32\ieframe.dll
- 2008-04-23 07:20:44   44,544   ------w   C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:42:08   44,544   ------w   C:\WINDOWS\system32\iernonce.dll
- 2008-04-23 07:20:44   267,776   ----a-w   C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:42:08   267,776   ----a-w   C:\WINDOWS\system32\iertutil.dll
- 2008-04-22 07:39:58   13,824   ----a-w   C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26   13,824   ----a-w   C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:18:06   683,520   ----a-w   C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:51:52   683,520   ----a-w   C:\WINDOWS\system32\inetcomm.dll
- 2008-03-24 23:28:40   135,168   ----a-w   C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:02   135,168   ----a-w   C:\WINDOWS\system32\java.exe
- 2008-03-24 23:28:44   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
- 2008-03-25 00:37:02   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
- 2008-04-23 07:20:44   27,648   ------w   C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:42:08   27,648   ------w   C:\WINDOWS\system32\jsproxy.dll
+ 2008-05-16 09:58:04   12,632   ----a-w   C:\WINDOWS\system32\lsdelete.exe
- 2008-05-29 23:35:12   17,486,968   ----a-w   C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 18:11:02   15,888,504   ----a-w   C:\WINDOWS\system32\MRT.exe
- 2008-04-23 07:20:44   459,264   ----a-w   C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:42:10   459,264   ----a-w   C:\WINDOWS\system32\msfeeds.dll
- 2008-04-23 07:20:44   52,224   ----a-w   C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:42:10   52,224   ----a-w   C:\WINDOWS\system32\msfeedsbs.dll
- 2008-04-23 23:20:44   3,591,680   ----a-w   C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 08:42:12   3,592,192   ----a-w   C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 07:20:44   478,208   ------w   C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:42:12   477,696   ------w   C:\WINDOWS\system32\mshtmled.dll
- 2008-04-23 07:20:44   193,024   ----a-w   C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:42:12   193,024   ----a-w   C:\WINDOWS\system32\msrating.dll
- 2008-04-23 07:20:44   671,232   ------w   C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:42:12   671,232   ------w   C:\WINDOWS\system32\mstime.dll
- 2008-04-23 07:20:44   102,912   ------w   C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:42:12   102,912   ------w   C:\WINDOWS\system32\occache.dll
- 2008-04-12 08:07:08   63,470   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-09-04 08:07:48   63,586   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-04-12 08:07:08   81,364   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-09-04 08:07:48   81,480   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2008-04-12 08:07:08   405,888   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-09-04 08:07:48   406,196   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2008-04-12 08:07:08   463,404   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-09-04 08:07:48   463,738   ----a-w   C:\WINDOWS\system32\perfh015.dat
- 2008-04-23 07:20:44   44,544   ------w   C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:42:12   44,544   ------w   C:\WINDOWS\system32\pngfilt.dll
- 2007-02-23 03:29:54   527,096   ------w   C:\WINDOWS\system32\px.dll
+ 2007-03-07 23:51:00   547,576   ------w   C:\WINDOWS\system32\px.dll
- 2007-02-23 03:29:54   129,784   ------w   C:\WINDOWS\system32\pxafs.dll
+ 2007-03-07 23:51:00   129,784   ------w   C:\WINDOWS\system32\pxafs.dll
- 2007-02-23 03:29:54   64,760   ------w   C:\WINDOWS\system32\pxcpya64.exe
+ 2007-03-07 23:51:00   64,760   ------w   C:\WINDOWS\system32\pxcpya64.exe
- 2007-02-23 03:29:54   502,520   ------w   C:\WINDOWS\system32\pxdrv.dll
+ 2007-03-07 23:51:00   510,712   ------w   C:\WINDOWS\system32\pxdrv.dll
- 2007-02-23 03:29:54   72,440   ------w   C:\WINDOWS\system32\pxhpinst.exe
+ 2007-03-07 23:51:00   72,440   ------w   C:\WINDOWS\system32\pxhpinst.exe
- 2007-02-23 03:29:54   64,760   ------w   C:\WINDOWS\system32\pxinsa64.exe
+ 2007-03-07 23:51:00   64,760   ------w   C:\WINDOWS\system32\pxinsa64.exe
- 2007-02-23 03:29:54   183,032   ------w   C:\WINDOWS\system32\pxmas.dll
+ 2007-03-07 23:51:00   187,128   ------w   C:\WINDOWS\system32\pxmas.dll
- 2007-02-23 03:29:54   1,329,912   ------w   C:\WINDOWS\system32\pxsfs.dll
+ 2007-03-07 23:51:00   1,628,920   ------w   C:\WINDOWS\system32\pxsfs.dll
- 2007-02-23 03:29:54   379,640   ------w   C:\WINDOWS\system32\pxwave.dll
+ 2007-03-07 23:51:00   379,640   ------w   C:\WINDOWS\system32\pxwave.dll
- 2008-03-13 08:33:08   7,684   ----a-w   C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-07-16 16:55:26   74,816   ----a-w   C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2000-09-12 10:58:26   160,256   ----a-w   C:\WINDOWS\system32\ShrLk21.dll
+ 2008-07-18 20:10:20   36,552   ----a-w   C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40   45,768   ----a-w   C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2007-11-30 11:21:28   19,320   ------w   C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:40:46   19,320   ------w   C:\WINDOWS\system32\spmsg.dll
- 2007-11-13 10:31:12   60,416   ------w   C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18   62,976   ------w   C:\WINDOWS\system32\tzchange.exe
- 2008-04-23 07:20:44   105,984   ----a-w   C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:42:12   105,984   ----a-w   C:\WINDOWS\system32\url.dll
- 2008-04-23 07:20:44   1,159,680   ----a-w   C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:42:12   1,159,680   ----a-w   C:\WINDOWS\system32\urlmon.dll
- 2008-04-23 07:20:44   233,472   ----a-w   C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:42:12   233,472   ----a-w   C:\WINDOWS\system32\webcheck.dll
- 2008-04-23 07:20:44   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 16:42:14   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 5537792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-12 185896]
"MKSRegmon"="C:\Program Files\mks_vir_2007\bin\mksregmon.exe" [2007-05-24 303104]
"mks_mail"="C:\Program Files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 520192]
"mkstray"="C:\Program Files\mks_vir_2007\bin\mkstray.exe" [2007-08-13 663552]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"nwiz"="nwiz.exe" [2005-02-24 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe [2006-05-12 581693]
Monitor podˆĄczenia telefonu.lnk - C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe [2007-09-15 754176]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-08-20 950272]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"aux1"= ctwdm32.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"vidc.DIVF"= DivX412.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.yv12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\Gadu-Gadu\\ggphone\\ggphone.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"H:\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\grty\\Extreme Racers.exe"=
"C:\\Program Files\\RelevantKnowledge\\rlvknlg.exe"=
"C:\\Program Files\\Anti-Trojan-55\\Anti-Trojan.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys [2007-05-24 6144]
R1 mksfwallf;mksfwallf;C:\WINDOWS\system32\mksfwallf.sys [2007-05-24 13312]
R1 mksfwallt;mksfwallt;C:\WINDOWS\system32\mksfwallt.sys [2007-05-24 15360]
R2 MksFwall;MksFwall;C:\Program Files\mks_vir_2007\bin\MksFwall.exe [2007-05-24 270336]
R2 MksPC;MksPC;C:\Program Files\mks_vir_2007\bin\MksPC.exe [2007-05-24 253952]
R2 MksUpdate;MksUpdate;C:\Program Files\mks_vir_2007\bin\mksupdate.exe [2007-05-24 570880]
R3 mksidsf;mksidsf;C:\WINDOWS\system32\mksidsf.sys [2007-05-24 11776]
R3 MksMonEn;MksMonEn;C:\Program Files\mks_vir_2007\bin\MksMonEn.sys [2007-08-13 385024]
R3 MksMonEv;MksMonEv;C:\Program Files\mks_vir_2007\bin\MksMonEv.sys [2007-05-24 89600]
R3 MksMonFd;MksMonFd;C:\Program Files\mks_vir_2007\bin\MksMonFd.sys [2007-05-24 26624]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cc3e3a0-9705-11da-8a54-806d6172696f}]
\Shell\AutoRun\command - E:\CDStart.Exe
\Shell\Install\Command - E:\Stub.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
HKLM-Run-lphclj1j0e3fr - C:\WINDOWS\system32\lphclj1j0e3fr.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-Nowe Gadu-Gadu - C:\Program Files\Nowe Gadu-Gadu\gg.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\XXX\Dane aplikacji\Mozilla\Firefox\Profiles\pc8ymfub.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 23:16:25
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\mks_vir_2007\bin\mkslsp.dll
.
Completion time: 2008-09-04 23:20:24
ComboFix-quarantined-files.txt  2008-09-04 21:20:16
ComboFix3.txt  2008-04-14 13:28:12
ComboFix2.txt  2008-07-01 14:49:38

Pre-Run: 3,676,520,448 bajtów wolnych
Post-Run: 3,663,167,488 bajtów wolnych

494   --- E O F ---   2008-08-13 08:20:23


Log. HijackThis.

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:28, on 2008-09-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
C:\Program Files\mks_vir_2007\bin\MksFwall.exe
C:\Program Files\mks_vir_2007\bin\MksPC.exe
C:\Program Files\mks_vir_2007\bin\mksupdate.exe
C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\mks_vir_2007\bin\mksregmon.exe
C:\Program Files\mks_vir_2007\bin\mks_mail.exe
C:\Program Files\mks_vir_2007\bin\mkstray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Spyware Doctor\update.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mks_vir_2007\bin\mks_scan.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Moje dokumenty\Moje Dokumenty\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe
O4 - HKLM\..\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe
O4 - HKLM\..\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Monitor podłączenia telefonu.lnk = ?
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - I:\Nowy folder\Ares\chatServer.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe
O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe
O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe
O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)

--
End of file - 11784 bytes


[djarta]

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\a.exe(1).VIR

Folder::
C:\FOUND.142
C:\FOUND.141
C:\FOUND.139
C:\FOUND.138
C:\FOUND.137
C:\FOUND.136
C:\FOUND.135
C:\FOUND.134
C:\FOUND.133
C:\FOUND.132
C:\FOUND.131
C:\FOUND.130
C:\FOUND.129
C:\FOUND.128
C:\FOUND.127
C:\FOUND.126
C:\FOUND.125

Driver::
SetupNTGLM7X


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

Potem:

Pobierz program SDFix

* Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:\SDFix)
* Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
* Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
* Wciśnij Y nastąpi proces usuwania.
* Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
* Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
* Pokaż Report.txt znajdujący się w folderze SDFix.


=========================
K.