prosze o sprawdzenie loga!

[eMaNeTeWu]

Otóż złapałem troche wirusów przez krakersa sciagnietego z sieci. Komp zamulony, 100% uzycie procka. Skanowalem system ad-aware, spybotem mks skanerem online i cos tam usunelo ale komp dalej muli. Aha i najbardziej wkurzające jest to, że gdy przeglądam stronki, pracuje w photoshopie itp to znika kursor myszki i okienko jest tak jakby nieaktywne - alt+tab i moge dalej pisac, a po chwili myszka sie pojawi. Raz szybciej sie pokaze, raz trzeba dluzej czekac. Nawet gdy gram to gre wywala to paska myszki nie ma, czekam az sie pojawi i dopiero kontynuuje gre z paska. Logi :

ComboFix 08-01-14.3 - eMaNeTeWu 2008-01-14 11:07:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1573 [GMT 1:00]
Running from: C:\Bin\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\231.exe
C:\WINDOWS\7f8e6fce00.dll
C:\WINDOWS\acdsee321.dll
C:\WINDOWS\fn00321.log
C:\WINDOWS\iekhhd.dll
C:\WINDOWS\my_70338.exe
C:\WINDOWS\system\dvl
C:\WINDOWS\system\lvl
C:\WINDOWS\system32\65a6bc6100.dll
C:\WINDOWS\system32\BDGuard.DAT
C:\WINDOWS\system32\BDGuardS.DAT
C:\WINDOWS\system32\catclogd.dll
C:\WINDOWS\system32\cflInfo.nt
C:\WINDOWS\system32\dnabeser.dat
C:\WINDOWS\system32\drivers\bdguard.sys
C:\WINDOWS\system32\drivers\eract.sys
C:\WINDOWS\system32\drivers\shzkhf56.sys
C:\WINDOWS\system32\iebhoset.ini
C:\WINDOWS\system32\ieset.ini
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\shzkhf56.dll
C:\WINDOWS\system32\shzkhf56.dllmmc.pkm
C:\WINDOWS\system32\wbem\4600
C:\WINDOWS\system32\wbem\4600\svchost.exe
C:\WINDOWS\system32\wbem\thwqzcvnb.dll
C:\WINDOWS\tempaq
C:\WINDOWS\yeSetup.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BDGUARD
-------\LEGACY_ERACT
-------\LEGACY_SHZKHF56
-------\BdGuard
-------\eract
-------\shzkhf56


((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 11:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 15:47 . 2008-01-13 16:03 <DIR> d-------- C:\Program Files\SkanerOnline
2008-01-13 11:15 . 2008-01-13 20:37 139 --a------ C:\WINDOWS\system32\wcbnurect.fl
2008-01-12 16:25 . 2008-01-12 16:25 <DIR> dr------- C:\Documents and Settings\NetworkService\Ulubione
2008-01-12 14:00 . 2008-01-13 11:12 1 --a------ C:\WINDOWS\ssopk.ids
2008-01-12 11:33 . 2008-01-12 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-01-12 09:23 . 2007-11-13 15:03 106,496 --a------ C:\WINDOWS\system32\abskey.dll
2008-01-12 09:21 . 2007-03-20 11:26 227 --a------ C:\WINDOWS\sosuo.col
2008-01-12 08:59 . 2008-01-12 08:59 <DIR> d-------- C:\WINDOWS\system32\conime
2008-01-12 08:59 . 2008-01-12 22:15 <DIR> d-------- C:\WINDOWS\ilovegoogle
2008-01-12 08:59 . 2008-01-12 08:59 32,256 --a------ C:\WINDOWS\system32\rxjh_2.exe
2008-01-12 08:59 . 2008-01-14 10:50 1,479 --a------ C:\WINDOWS\system32\feigou.ini
2008-01-12 08:58 . 2008-01-12 08:59 167,522 --a------ C:\WINDOWS\yeSetup.exe
2008-01-12 08:58 . 2008-01-12 11:37 1 --a------ C:\WINDOWS\lasdaybcuwee.tj
2008-01-12 08:29 . 2008-01-12 08:30 <DIR> d-------- C:\Program Files\Skype
2008-01-12 08:29 . 2008-01-12 08:29 584,192 --a------ C:\WINDOWS\system32\oeehquyakghmp.dll
2008-01-12 08:29 . 2008-01-12 08:29 58,496 --a------ C:\WINDOWS\system32\SkypeClient.exe
2008-01-12 08:29 . 2008-01-12 16:28 180 --a------ C:\WINDOWS\system32\resiifers.ini
2008-01-09 17:40 . 2008-01-09 17:40 <DIR> d-------- C:\Program Files\GameSpy
2008-01-09 17:38 . 2008-01-09 17:38 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-09 17:37 . 2008-01-09 17:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-09 17:37 . 2008-01-09 17:37 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-09 17:37 . 2008-01-09 17:37 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-09 17:37 . 2008-01-09 17:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-09 17:37 . 2008-01-09 17:37 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-09 17:37 . 2008-01-09 17:37 22,328 --a------ C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\PnkBstrK.sys
2008-01-09 17:24 . 2008-01-09 17:24 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-09 16:52 . 2008-01-09 16:52 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Ahead
2008-01-09 16:32 . 2008-01-09 16:32 <DIR> d-------- C:\Program Files\7-Zip
2008-01-08 16:39 . 2008-01-08 16:39 <DIR> d-------- C:\Program Files\Starbreeze Studios
2008-01-07 14:57 . 2008-01-07 14:57 <DIR> d-------- C:\Program Files\OpenAL
2008-01-07 14:57 . 2008-01-07 14:57 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-01-07 14:57 . 2008-01-07 14:57 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-01-07 14:53 . 2008-01-07 14:57 <DIR> d-------- C:\Program Files\Aquadelic GT
2008-01-07 14:53 . 2008-01-07 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Aquadelic GT
2008-01-01 12:43 . 2008-01-01 12:43 110,592 --a------ C:\t2h8
2007-12-31 23:01 . 2007-12-31 23:01 106,496 --a------ C:\t22s.1
2007-12-28 20:00 . 2007-12-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2007-12-28 08:38 . 2007-12-28 08:38 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Media Player Classic
2007-12-27 23:14 . 2007-12-27 23:14 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-27 23:14 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-27 23:14 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2007-12-27 23:14 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-27 23:14 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-12-27 23:14 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2007-12-27 23:14 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2007-12-27 23:14 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-12-27 23:14 . 2007-12-07 18:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-27 23:14 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-12-27 23:14 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-12-27 22:50 . 2008-01-14 11:13 100 ---hs---- C:\autorun.inf
2007-12-27 22:35 . 2008-01-12 22:35 3,256 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-27 20:48 . 2007-12-27 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-12-27 20:20 . 2007-12-27 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-27 08:59 . 2007-12-27 08:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 08:44 . 2007-12-27 20:49 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Lavasoft
2007-12-26 21:05 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-12-26 21:05 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-12-26 20:53 . 2007-12-26 20:53 <DIR> d-------- C:\Program Files\Vstplugins
2007-12-26 20:53 . 2007-12-26 20:53 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-12-26 20:29 . 2007-12-26 20:29 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Publish Providers
2007-12-26 20:03 . 2007-12-26 20:03 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Sony
2007-12-26 20:02 . 2007-12-26 20:52 <DIR> d-------- C:\Program Files\Sony
2007-12-26 20:02 . 2007-12-26 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony
2007-12-26 19:42 . 2007-12-26 19:42 <DIR> d-------- C:\Program Files\Sony Setup
2007-12-26 15:51 . 2007-12-26 15:57 <DIR> d-------- C:\Hip-Hop
2007-12-26 15:47 . 2007-12-26 15:50 <DIR> d-------- C:\Program Files\Winamp
2007-12-26 15:47 . 2007-12-26 16:01 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Winamp
2007-12-26 15:15 . 2008-01-13 15:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-26 15:11 . 2007-12-29 14:22 <DIR> d-------- C:\Zdj©cia
2007-12-26 15:08 . 2007-08-06 21:30 16,945 ---hs---- C:\PegeFile.pif
2007-12-24 19:25 . 2007-12-24 19:32 <DIR> d-------- C:\Program Files\Skijumping 2007
2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\Program Files\ReaSoft
2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\ReaSoft
2007-12-21 14:50 . 2007-12-21 14:50 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\.jpi_cache
2007-12-21 14:49 . 2007-12-21 14:49 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\.java
2007-12-21 11:22 . 2007-12-21 11:22 <DIR> d-------- C:\Fraps
2007-12-20 10:34 . 2007-12-27 09:18 <DIR> d-------- C:\Program Files\Panzer Elite Action
2007-12-18 14:53 . 2004-06-16 06:03 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2007-12-18 14:50 . 2007-12-18 14:50 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-18 14:50 . 2007-12-18 14:50 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-18 14:45 . 2007-12-18 14:52 <DIR> d-------- C:\Program Files\Gothic III
2007-12-18 14:42 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-18 14:42 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-18 14:41 . 2007-12-18 14:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-18 14:41 . 2007-12-18 14:42 <DIR> d-------- C:\Program Files\Ahead
2007-12-18 14:41 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-18 14:41 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-18 14:41 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-18 14:41 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-17 12:51 . 2007-12-17 12:51 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-17 12:51 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-12-17 12:51 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2007-12-17 12:51 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-12-17 12:51 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-12-17 12:50 . 2007-12-17 12:50 <DIR> d-------- C:\Program Files\Futuremark
2007-12-16 20:19 . 2007-12-16 20:19 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-16 15:56 . 2008-01-08 20:07 <DIR> d-------- C:\Program Files\Hitman Kontrakty
2007-12-16 13:37 . 2007-12-16 13:37 <DIR> d-------- C:\Program Files\RivaTuner v2.05
2007-12-16 13:21 . 2007-12-16 13:21 <DIR> d-------- C:\nVidia Forceware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 09:53 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-14 09:49 --------- d-----w C:\Program Files\neostrada tp
2008-01-14 07:15 0 ----a-w C:\WINDOWS\Fonts\cuy.dl
2008-01-13 14:43 --------- d-----w C:\Program Files\HLSW
2008-01-07 17:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 13:30 --------- d-----w C:\Program Files\MoorHunt
2007-12-27 19:49 --------- d-----w C:\Program Files\Lavasoft
2007-12-21 09:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-12 20:27 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Gadu-Gadu
2007-12-12 20:25 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-12 18:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2007-12-12 18:02 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-12-12 17:39 --------- d-----w C:\Program Files\Sierra On-Line
2007-12-11 18:04 --------- d-----w C:\Program Files\Common Files\BinarySense
2007-12-11 14:32 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-10 17:11 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Thunderbird
2007-12-09 18:01 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\THQ
2007-12-09 17:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-12-09 17:26 --------- d-----w C:\Program Files\THQ
2007-12-09 17:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-09 17:25 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-12-09 17:07 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\BinarySense
2007-12-09 17:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2007-12-09 17:00 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\DAEMON Tools Pro
2007-12-09 16:45 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\INTERIAPL
2007-12-09 16:38 --------- d-----w C:\Program Files\Thomson
2007-12-09 16:37 --------- d-----w C:\Program Files\Java
2007-12-09 16:24 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-09 11:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA
2007-12-09 10:57 --------- d-----w C:\Program Files\INTERIAPL
2007-12-09 10:56 --------- d-----w C:\Program Files\MarBit
2007-12-09 10:55 --------- d-----w C:\Program Files\PC DUAL SHOCK
2007-12-09 10:55 --------- d-----w C:\Program Files\A4Tech
2007-12-09 10:50 --------- d-----w C:\Program Files\Realtek
2007-12-09 10:36 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-09 10:34 --------- d-----w C:\Program Files\Usługi online
2007-12-08 12:43 175 ----a-w C:\WINDOWS\Fonts\README.txt
.

((((((((((((((((((((((((((((( snapshot@2007-12-27_22.49.14,95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-09 16:38:42 7,680 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-01-09 16:38:38 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-01-09 16:38:43 33,792 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-01-10 20:57:02 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-01-10 20:57:03 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-01-09 16:38:44 4,608 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-01-09 16:38:44 26,112 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-01-10 20:57:08 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-01-09 16:38:38 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-01-10 20:57:03 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-01-09 16:38:39 6,144 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-01-09 16:38:38 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-01-09 16:38:37 32,768 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-01-09 16:38:38 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-01-09 16:38:44 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-01-10 20:57:06 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-01-09 16:38:44 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-01-10 20:57:05 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-01-10 20:57:07 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-01-10 20:57:02 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-01-10 20:57:08 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-01-09 16:38:46 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-01-10 20:57:05 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-01-10 20:57:04 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-01-10 20:57:04 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-01-10 20:57:06 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-01-10 20:57:08 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-01-10 20:57:05 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-01-10 20:57:04 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-01-10 20:57:05 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-01-10 20:57:07 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-01-10 20:57:02 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-01-10 20:57:03 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-01-10 20:57:03 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-01-11 19:25:31 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-01-10 20:57:04 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-01-10 20:57:06 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
+ 2008-01-11 19:25:31 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-01-12 07:11:07 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_829413d2\CustomMarshalers.dll
+ 2008-01-12 07:11:26 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e7e2df74\mscorlib.dll
+ 2008-01-12 07:11:21 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2df44292\System.Design.dll
+ 2008-01-12 07:11:08 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ea59fd73\System.Drawing.Design.dll
+ 2008-01-12 07:11:23 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8a868409\System.Drawing.dll
+ 2008-01-12 07:11:13 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_cbaf1d51\System.Windows.Forms.dll
+ 2008-01-12 07:11:18 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_49d575f1\System.Xml.dll
+ 2008-01-11 19:25:39 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3f616b0f\System.dll
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-14 10:07:36 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 10:07:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 10:07:36 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 10:07:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 10:07:37 4,317,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 10:07:37 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-14 09:50:08 155,648 ----a-w C:\WINDOWS\ilovegoogle\google.dll
+ 2008-01-09 16:37:04 9,662 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
+ 2008-01-09 16:37:04 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-01-09 16:37:04 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-01-09 16:40:20 57,344 ----a-r C:\WINDOWS\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\ARPPRODUCTICON.exe
+ 2008-01-09 16:40:20 57,344 ----a-r C:\WINDOWS\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\Comrade.exe_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2008-01-09 16:40:20 57,344 ----a-r C:\WINDOWS\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\NewShortcut7_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2008-01-09 16:40:20 57,344 ----a-r C:\WINDOWS\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\NewShortcut8_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2008-01-09 16:40:20 8,854 ----a-r C:\WINDOWS\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\UNINST_Uninstall_Com_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2003-02-21 01:59:44 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-21 02:55:06 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 02:02:16 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-21 04:04:20 155,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 06:24:08 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-21 04:00:36 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-20 18:19:42 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2007-04-13 20:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-20 18:19:22 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2004-07-15 00:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 00:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2007-04-13 20:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 10:11:50 219,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-21 06:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 06:24:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2007-04-13 19:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-15 10:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 10:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-21 06:24:34 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 06:24:36 33,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 03:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 09:21:40 524,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-20 18:16:32 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 13:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-02-21 06:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2004-07-15 13:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 13:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 06:24:40 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2004-07-14 23:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-21 06:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-20 18:22:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 06:24:44 26,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 06:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2004-07-15 13:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 13:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 06:24:54 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 06:25:02 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 06:24:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 06:25:06 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 06:25:02 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2004-07-15 13:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 13:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 06:25:06 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2004-07-14 23:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 23:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2007-04-13 19:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 19:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 19:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 19:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-20 17:43:52 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 18:06:34 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2004-07-14 23:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 23:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2007-04-13 19:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 19:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-20 18:09:24 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2007-04-13 19:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-21 03:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 18:18:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 17:43:36 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2007-01-15 15:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2003-02-20 18:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 06:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2004-07-15 13:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 06:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW476\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW476\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW476\_fusion.dll
+ 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW476\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW476\_mscorlib.dll
+ 2003-02-20 18:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW476\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW476\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW476\_mscorwks.dll
+ 2003-02-21 03:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW476\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW476\_PerfCounter.dll
+ 2003-02-20 18:09:34 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-20 18:09:34 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2004-07-14 23:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 06:26:38 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2004-07-15 13:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 13:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 13:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 13:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2007-04-13 20:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 06:26:48 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2004-07-15 13:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 13:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-14 23:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 13:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 13:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 13:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 13:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 13:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 13:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2007-04-13 20:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 13:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 13:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 13:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 13:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 13:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 12:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-07-15 10:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 07:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 01:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2007-12-28 19:29:30 262,144 ---ha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat
+ 2008-01-12 07:59:05 65,536 ----a-w C:\WINDOWS\system32\conime\conime.dll
- 2007-12-13 06:11:47 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2007-12-04 01:33:16 682,496 ----a-w C:\WINDOWS\system32\divx.dll
- 2006-08-17 12:30:06 723,968 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:29:33 723,968 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2004-08-03 22:44:06 27,648 ----a-w C:\WINDOWS\system32\drivers\qvcog.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2004-08-03 22:44:06 22,912 ----a-w C:\WINDOWS\system32\drivers\xxqt.sys
- 2007-12-22 12:03:20 110,192 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-12 16:27:06 119,744 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-08-17 12:30:06 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:29:33 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2007-12-02 14:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2003-02-20 17:43:36 4,096 ----a-w C:\WINDOWS\system32\mui\0409\mscoreer.dll
- 2005-09-23 06:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2006-12-22 12:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2007-12-27 21:48:49 66,280 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-14 09:52:34 69,970 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-27 21:48:49 81,914 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-01-14 09:52:34 87,070 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2007-12-27 21:48:49 410,126 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-14 09:52:34 418,454 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-27 21:48:49 465,834 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-01-14 09:52:34 475,060 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2007-03-15 11:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll
+ 2007-01-19 08:40:42 89,088 ----a-w C:\WINDOWS\system32\SkanerOnlineUninstall.exe
- 2005-06-28 09:20:24 13,536 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 03:28:35 16,096 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-12-04 00:00:42 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-01-09 20:53:56 3,842,048 ----a-w C:\WINDOWS\system32\tlpsplib10fe.dll
+ 2004-08-03 22:44:06 151,552 ----a-w C:\WINDOWS\system32\u48u7w.dll
+ 2003-02-21 04:16:08 49,152 ----a-w C:\WINDOWS\system32\URTTEMP\regtlib.exe
- 2007-12-13 06:11:34 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2007-07-25 13:24:30 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10531}]
2008-01-14 10:50 155648 --a------ C:\WINDOWS\ILOVEG~1\google.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stefan"="C:\Program Files\INTERIAPL\Stefan\Stefan.exe" [2007-08-29 14:30 685056]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08 136136]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03 1957888]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 08:08 196608]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 15:25 8491008]
"nwiz"="nwiz.exe" [2007-10-05 15:25 1626112 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.05\RivaTuner.exe" [2007-09-27 18:20 2633728]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 15:25 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 10:58 86960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"Vmlist"="regsvr32 /s apphelps.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0EA66AD2-CF26-2E23-532B-B292E22F3266}"= C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll [2008-01-14 11:13 10801]

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

R0 xxqt;xxq;C:\WINDOWS\system32\DRIVERS\xxqt.sys [2004-08-03 23:44]
R2 conime;conime;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:44]
R2 qvcog;qvcog;C:\WINDOWS\system32\drivers\qvcog.sys [2004-08-03 23:44]
S3 cpuz128;cpuz128;C:\DOCUME~1\EMANET~1\USTAWI~1\Temp\cpuz_x32.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
conime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\PegeFile.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba842172-b3bb-11dc-8296-000e50f342eb}]
\Shell\Auto\command - G:\PegeFile.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 11:13:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\u48u7w.dll
-> C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll
.
Completion time: 2008-01-14 11:15:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 10:15:05
ComboFix2.txt 2007-12-27 21:49:48
.
2008-01-11 19:25:34 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:23, on 2008-01-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\GameSpy\Comrade\Comrade.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 - Hosts: 127.0.0.2 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: google Class - {CE7C3CF0-4B15-11D1-ABED-709549C10531} - C:\WINDOWS\ILOVEG~1\google.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.05\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Vmlist] regsvr32 /s apphelps.dll
O4 - HKCU\..\Run: [Stefan] C:\Program Files\INTERIAPL\Stefan\Stefan.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5676 bytes

[Dzi@dek]

Zastosuj się do tego tematu
http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html

oraz:

Zastosuj SDFix . Po pobraniu uruchom go - rozpakuje się do C:\SDFix.
Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w trybie awaryjnym uruchom plik

RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zrestartuje.

Później wejdź do folderu C:\SDFix i wrzuć zawartość pliku Report.txt + log z

Combofix-a oraz z Hijackthis

Tak to jest jak brak antywirusa w systemie

Autor postu otrzymał pochwałę

[eMaNeTeWu]

SDFix: Version 1.126

Run by eMaNeTeWu on 2008-01-14 at 12:37

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\autorun.inf - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 12:42:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Nie można odnaleźć określonego pliku.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:ec,00,99,98,bc,8d,fa,27,f5,e0,60,fa,99,d7,a2,fa,1e,76,6b,42,50,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,8a,c2,6a,b7,e9,a3,63,6f,9e,79,01,34,7a,b3,40,0f,ac,..
"hdf12"=hex:02,bc,af,0a,f4,3d,ee,f6,a4,2a,f2,89,c1,a9,0b,5b,33,73,69,78,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:68,c8,b9,f1,c3,4a,d0,e0,d9,1a,54,f7,a6,f2,8e,c2,b8,87,f8,53,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:81,a4,5a,3f,e3,4b,fa,28,b1,e1,8f,ba,dc,af,60,7f,2d,a2,23,02,37,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,aa,b9,5d,b7,73,7e,29,44,fe,dc,a1,7d,db,74,a8,66,8f,..
"hdf12"=hex:c2,de,b4,7d,28,c6,e9,6e,2c,d2,44,10,9e,36,47,24,ce,dd,1e,af,be,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:90,67,16,d6,e4,d5,9c,f5,9c,33,fb,71,b3,62,48,36,29,d1,91,df,81,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:ec,00,99,98,bc,8d,fa,27,f5,e0,60,fa,99,d7,a2,fa,1e,76,6b,42,50,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,8a,c2,6a,b7,e9,a3,63,6f,9e,79,01,34,7a,b3,40,0f,ac,..
"hdf12"=hex:02,bc,af,0a,f4,3d,ee,f6,a4,2a,f2,89,c1,a9,0b,5b,33,73,69,78,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:68,c8,b9,f1,c3,4a,d0,e0,d9,1a,54,f7,a6,f2,8e,c2,b8,87,f8,53,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:81,a4,5a,3f,e3,4b,fa,28,b1,e1,8f,ba,dc,af,60,7f,2d,a2,23,02,37,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,aa,b9,5d,b7,73,7e,29,44,fe,dc,a1,7d,db,74,a8,66,8f,..
"hdf12"=hex:c2,de,b4,7d,28,c6,e9,6e,2c,d2,44,10,9e,36,47,24,ce,dd,1e,af,be,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:90,67,16,d6,e4,d5,9c,f5,9c,33,fb,71,b3,62,48,36,29,d1,91,df,81,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3A021C0E-1DF5-5426-272F-A124D7BEB6F8}]
"iacafdjdlmnbemhpfd"=hex:6b,61,67,64,6a,62,70,64,6d,65,64,69,6f,6b,6d,61,6c,6f,6f,6f,63,..
"hamalbeefekhgpcp"=hex:6b,61,67,64,6a,62,70,64,6d,65,64,69,6f,6b,6d,61,6c,6f,6f,6f,63,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 6 Aug 2007 16,945 ..SH. --- "C:\PegeFile.pif"
Mon 6 Aug 2007 16,945 ..SH. --- "C:\Program Files\Internet Explorer\PLUGINS\NewTemp.bak"
Mon 14 Jan 2008 10,801 A.SH. --- "C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll"

Finished!

ComboFix 08-01-14.3 - eMaNeTeWu 2008-01-14 12:47:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1563 [GMT 1:00]
Running from: C:\Bin\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\iebhoset.ini
C:\WINDOWS\system32\ieset.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 12:36 . 2008-01-14 12:36 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-14 11:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 15:47 . 2008-01-13 16:03 <DIR> d-------- C:\Program Files\SkanerOnline
2008-01-13 11:15 . 2008-01-13 20:37 139 --a------ C:\WINDOWS\system32\wcbnurect.fl
2008-01-12 16:25 . 2008-01-12 16:25 <DIR> dr------- C:\Documents and Settings\NetworkService\Ulubione
2008-01-12 14:00 . 2008-01-13 11:12 1 --a------ C:\WINDOWS\ssopk.ids
2008-01-12 11:33 . 2008-01-12 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-01-12 09:23 . 2007-11-13 15:03 106,496 --a------ C:\WINDOWS\system32\abskey.dll
2008-01-12 09:21 . 2007-03-20 11:26 227 --a------ C:\WINDOWS\sosuo.col
2008-01-12 08:59 . 2008-01-12 08:59 <DIR> d-------- C:\WINDOWS\system32\conime
2008-01-12 08:59 . 2008-01-12 22:15 <DIR> d-------- C:\WINDOWS\ilovegoogle
2008-01-12 08:59 . 2008-01-12 08:59 32,256 --a------ C:\WINDOWS\system32\rxjh_2.exe
2008-01-12 08:59 . 2008-01-14 12:45 1,479 --a------ C:\WINDOWS\system32\feigou.ini
2008-01-12 08:58 . 2008-01-12 08:59 167,522 --a------ C:\WINDOWS\yeSetup.exe
2008-01-12 08:58 . 2008-01-12 11:37 1 --a------ C:\WINDOWS\lasdaybcuwee.tj
2008-01-12 08:29 . 2008-01-12 08:30 <DIR> d-------- C:\Program Files\Skype
2008-01-12 08:29 . 2008-01-12 08:29 584,192 --a------ C:\WINDOWS\system32\oeehquyakghmp.dll
2008-01-12 08:29 . 2008-01-12 08:29 58,496 --a------ C:\WINDOWS\system32\SkypeClient.exe
2008-01-12 08:29 . 2008-01-12 16:28 180 --a------ C:\WINDOWS\system32\resiifers.ini
2008-01-09 17:40 . 2008-01-09 17:40 <DIR> d-------- C:\Program Files\GameSpy
2008-01-09 17:38 . 2008-01-09 17:38 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-09 17:37 . 2008-01-09 17:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-09 17:37 . 2008-01-09 17:37 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-09 17:37 . 2008-01-09 17:37 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-09 17:37 . 2008-01-09 17:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-09 17:37 . 2008-01-09 17:37 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-09 17:37 . 2008-01-09 17:37 22,328 --a------ C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\PnkBstrK.sys
2008-01-09 17:24 . 2008-01-09 17:24 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-09 16:52 . 2008-01-09 16:52 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Ahead
2008-01-09 16:32 . 2008-01-09 16:32 <DIR> d-------- C:\Program Files\7-Zip
2008-01-08 16:39 . 2008-01-08 16:39 <DIR> d-------- C:\Program Files\Starbreeze Studios
2008-01-07 14:57 . 2008-01-07 14:57 <DIR> d-------- C:\Program Files\OpenAL
2008-01-07 14:57 . 2008-01-07 14:57 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-01-07 14:57 . 2008-01-07 14:57 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-01-07 14:53 . 2008-01-07 14:57 <DIR> d-------- C:\Program Files\Aquadelic GT
2008-01-07 14:53 . 2008-01-07 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Aquadelic GT
2008-01-01 12:43 . 2008-01-01 12:43 110,592 --a------ C:\t2h8
2007-12-31 23:01 . 2007-12-31 23:01 106,496 --a------ C:\t22s.1
2007-12-28 20:00 . 2007-12-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2007-12-28 08:38 . 2007-12-28 08:38 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Media Player Classic
2007-12-27 23:14 . 2007-12-27 23:14 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-27 23:14 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-27 23:14 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2007-12-27 23:14 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-27 23:14 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-12-27 23:14 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2007-12-27 23:14 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2007-12-27 23:14 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-12-27 23:14 . 2007-12-07 18:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-27 23:14 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-12-27 23:14 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-12-27 22:35 . 2008-01-12 22:35 3,256 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-27 20:48 . 2007-12-27 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-12-27 20:20 . 2007-12-27 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-27 08:59 . 2007-12-27 08:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 08:44 . 2007-12-27 20:49 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Lavasoft
2007-12-26 21:05 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-12-26 21:05 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-12-26 20:53 . 2007-12-26 20:53 <DIR> d-------- C:\Program Files\Vstplugins
2007-12-26 20:53 . 2007-12-26 20:53 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-12-26 20:29 . 2007-12-26 20:29 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Publish Providers
2007-12-26 20:03 . 2007-12-26 20:03 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Sony
2007-12-26 20:02 . 2007-12-26 20:52 <DIR> d-------- C:\Program Files\Sony
2007-12-26 20:02 . 2007-12-26 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony
2007-12-26 19:42 . 2007-12-26 19:42 <DIR> d-------- C:\Program Files\Sony Setup
2007-12-26 15:51 . 2007-12-26 15:57 <DIR> d-------- C:\Hip-Hop
2007-12-26 15:47 . 2007-12-26 15:50 <DIR> d-------- C:\Program Files\Winamp
2007-12-26 15:47 . 2007-12-26 16:01 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Winamp
2007-12-26 15:15 . 2008-01-13 15:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-26 15:11 . 2007-12-29 14:22 <DIR> d-------- C:\Zdjęcia
2007-12-26 15:08 . 2007-08-06 21:30 16,945 ---hs---- C:\PegeFile.pif
2007-12-24 19:25 . 2007-12-24 19:32 <DIR> d-------- C:\Program Files\Skijumping 2007
2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\Program Files\ReaSoft
2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\ReaSoft
2007-12-21 14:50 . 2007-12-21 14:50 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\.jpi_cache
2007-12-21 14:49 . 2007-12-21 14:49 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\.java
2007-12-21 11:22 . 2007-12-21 11:22 <DIR> d-------- C:\Fraps
2007-12-20 10:34 . 2007-12-27 09:18 <DIR> d-------- C:\Program Files\Panzer Elite Action
2007-12-18 14:53 . 2004-06-16 06:03 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2007-12-18 14:50 . 2007-12-18 14:50 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-18 14:50 . 2007-12-18 14:50 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-18 14:45 . 2007-12-18 14:52 <DIR> d-------- C:\Program Files\Gothic III
2007-12-18 14:42 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-18 14:42 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-18 14:41 . 2007-12-18 14:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-18 14:41 . 2007-12-18 14:42 <DIR> d-------- C:\Program Files\Ahead
2007-12-18 14:41 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-18 14:41 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-18 14:41 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-18 14:41 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-17 12:51 . 2007-12-17 12:51 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-17 12:51 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-12-17 12:51 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2007-12-17 12:51 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-12-17 12:51 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-12-17 12:50 . 2007-12-17 12:50 <DIR> d-------- C:\Program Files\Futuremark
2007-12-16 20:19 . 2007-12-16 20:19 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-16 15:56 . 2008-01-08 20:07 <DIR> d-------- C:\Program Files\Hitman Kontrakty
2007-12-16 13:37 . 2007-12-16 13:37 <DIR> d-------- C:\Program Files\RivaTuner v2.05
2007-12-16 13:21 . 2007-12-16 13:21 <DIR> d-------- C:\nVidia Forceware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 11:45 --------- d-----w C:\Program Files\neostrada tp
2008-01-14 10:43 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-14 07:15 0 ----a-w C:\WINDOWS\Fonts\cuy.dl
2008-01-13 14:43 --------- d-----w C:\Program Files\HLSW
2008-01-07 17:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 13:30 --------- d-----w C:\Program Files\MoorHunt
2007-12-27 19:49 --------- d-----w C:\Program Files\Lavasoft
2007-12-21 09:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-13 06:13 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2007-12-13 06:13 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2007-12-13 06:12 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2007-12-13 06:12 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2007-12-13 06:12 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2007-12-13 06:12 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2007-12-13 06:12 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2007-12-13 06:12 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2007-12-12 20:27 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Gadu-Gadu
2007-12-12 20:25 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-12 18:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2007-12-12 18:02 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-12-12 17:39 --------- d-----w C:\Program Files\Sierra On-Line
2007-12-11 18:04 --------- d-----w C:\Program Files\Common Files\BinarySense
2007-12-11 14:32 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-10 17:11 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Thunderbird
2007-12-09 18:01 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\THQ
2007-12-09 17:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-12-09 17:26 --------- d-----w C:\Program Files\THQ
2007-12-09 17:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-09 17:25 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-12-09 17:07 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\BinarySense
2007-12-09 17:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2007-12-09 17:00 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\DAEMON Tools Pro
2007-12-09 16:45 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\INTERIAPL
2007-12-09 16:38 --------- d-----w C:\Program Files\Thomson
2007-12-09 16:37 --------- d-----w C:\Program Files\Java
2007-12-09 16:24 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-09 11:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA
2007-12-09 10:57 --------- d-----w C:\Program Files\INTERIAPL
2007-12-09 10:56 --------- d-----w C:\Program Files\MarBit
2007-12-09 10:55 --------- d-----w C:\Program Files\PC DUAL SHOCK
2007-12-09 10:55 --------- d-----w C:\Program Files\A4Tech
2007-12-09 10:50 --------- d-----w C:\Program Files\Realtek
2007-12-09 10:36 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-09 10:34 --------- d-----w C:\Program Files\Usługi online
2007-12-08 12:43 175 ----a-w C:\WINDOWS\Fonts\README.txt
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-14_11.14.52.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-12 08:21:54 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-14 11:36:37 4,317,184 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-14 11:36:37 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-12 08:21:54 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-14 11:36:29 4,317,184 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-14 11:36:29 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-01-14 09:50:08 155,648 ----a-w C:\WINDOWS\ilovegoogle\google.dll
+ 2008-01-14 10:17:05 155,648 ----a-w C:\WINDOWS\ilovegoogle\google.dll
- 2008-01-14 09:52:34 69,970 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-14 11:45:24 69,970 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-14 09:52:34 87,070 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-01-14 11:45:24 87,070 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-01-14 09:52:34 418,454 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-14 11:45:24 418,454 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-14 09:52:34 475,060 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-01-14 11:45:24 475,060 ----a-w C:\WINDOWS\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10531}]
2008-01-14 11:17 155648 --a------ C:\WINDOWS\ILOVEG~1\google.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stefan"="C:\Program Files\INTERIAPL\Stefan\Stefan.exe" [2007-08-29 14:30 685056]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08 136136]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03 1957888]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 08:08 196608]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 15:25 8491008]
"nwiz"="nwiz.exe" [2007-10-05 15:25 1626112 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.05\RivaTuner.exe" [2007-09-27 18:20 2633728]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 15:25 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 10:58 86960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"Vmlist"="regsvr32 /s apphelps.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0EA66AD2-CF26-2E23-532B-B292E22F3266}"= C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll [2008-01-14 12:41 10801]

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

R0 xxqt;xxq;C:\WINDOWS\system32\DRIVERS\xxqt.sys [2004-08-03 23:44]
R2 conime;conime;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:44]
R2 qvcog;qvcog;C:\WINDOWS\system32\drivers\qvcog.sys [2004-08-03 23:44]
S3 cpuz128;cpuz128;C:\DOCUME~1\EMANET~1\USTAWI~1\Temp\cpuz_x32.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
conime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\PegeFile.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba842172-b3bb-11dc-8296-000e50f342eb}]
\Shell\Auto\command - G:\PegeFile.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 12:48:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 12:48:37
ComboFix-quarantined-files.txt 2008-01-14 11:48:22
ComboFix2.txt 2008-01-14 10:15:22
ComboFix3.txt 2007-12-27 21:49:48
.
2008-01-11 19:25:34 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:11, on 2008-01-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\GameSpy\Comrade\Comrade.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: google Class - {CE7C3CF0-4B15-11D1-ABED-709549C10531} - C:\WINDOWS\ILOVEG~1\google.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.05\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Vmlist] regsvr32 /s apphelps.dll
O4 - HKCU\..\Run: [Stefan] C:\Program Files\INTERIAPL\Stefan\Stefan.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F753D6E6-B4A9-4D89-A7BA-4A851A47CCF6}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5551 bytes

Tak to jest jak brak antywirusa w systemie Exclamation

Co polecasz?

[wojtas]

antywirus : avast lub nod32 lub kaspersky

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\resiifers.ini
C:\WINDOWS\system32\SkypeClient.exe
C:\WINDOWS\system32\oeehquyakghmp.dll
C:\WINDOWS\ssopk.ids
C:\WINDOWS\yeSetup.exe
C:\WINDOWS\lasdaybcuwee.tj
C:\PegeFile.pif
C:\WINDOWS\system32\feigou.ini
C:\WINDOWS\system32\rxjh_2.exe
C:\WINDOWS\system32\abskey.dll
C:\WINDOWS\system32\wcbnurect.fl
C:\WINDOWS\sosuo.col
C:\t2h8
C:\t22s.1
C:\WINDOWS\Fonts\cuy.dl
C:\WINDOWS\system32\DRIVERS\xxqt.sys
C:\WINDOWS\system32\drivers\qvcog.sys
C:\DOCUME~1\EMANET~1\USTAWI~1\Temp\cpuz_x32.sys

Folder::
C:\WINDOWS\ilovegoogle
C:\WINDOWS\system32\conime

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba842172-b3bb-11dc-8296-000e50f342eb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

Driver::
xxqt
conime
qvcog
cpuz128

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania

skasuj:

O2 - BHO: google Class - {CE7C3CF0-4B15-11D1-ABED-709549C10531} - C:\WINDOWS\ILOVEG~1\google.dll
O4 - HKLM\..\Run: [Vmlist] regsvr32 /s apphelps.dll

Potem nowy log z hijacka oraz combofixa

Autor postu otrzymał pochwałę

[eMaNeTeWu]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:57, on 2008-01-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\GameSpy\Comrade\Comrade.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.05\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Stefan] C:\Program Files\INTERIAPL\Stefan\Stefan.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F753D6E6-B4A9-4D89-A7BA-4A851A47CCF6}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5580 bytes

ComboFix 08-01-14.3 - eMaNeTeWu 2008-01-14 17:30:25.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1542 [GMT 1:00]
Running from: C:\Bin\ComboFix.exe
Command switches used :: C:\Bin\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\DOCUME~1\EMANET~1\USTAWI~1\Temp\cpuz_x32.sys
C:\PegeFile.pif
C:\t22s.1
C:\t2h8
C:\WINDOWS\Fonts\cuy.dl
C:\WINDOWS\lasdaybcuwee.tj
C:\WINDOWS\sosuo.col
C:\WINDOWS\ssopk.ids
C:\WINDOWS\system32\abskey.dll
C:\WINDOWS\system32\drivers\qvcog.sys
C:\WINDOWS\system32\DRIVERS\xxqt.sys
C:\WINDOWS\system32\feigou.ini
C:\WINDOWS\system32\oeehquyakghmp.dll
C:\WINDOWS\system32\resiifers.ini
C:\WINDOWS\system32\rxjh_2.exe
C:\WINDOWS\system32\SkypeClient.exe
C:\WINDOWS\system32\wcbnurect.fl
C:\WINDOWS\yeSetup.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PegeFile.pif
C:\t22s.1
C:\t2h8
C:\WINDOWS\Fonts\cuy.dl
C:\WINDOWS\ilovegoogle
C:\WINDOWS\ilovegoogle\google.dll
C:\WINDOWS\lasdaybcuwee.tj
C:\WINDOWS\sosuo.col
C:\WINDOWS\ssopk.ids
C:\WINDOWS\system32\abskey.dll
C:\WINDOWS\system32\conime
C:\WINDOWS\system32\conime\conime.dll
C:\WINDOWS\system32\drivers\qvcog.sys
C:\WINDOWS\system32\DRIVERS\xxqt.sys
C:\WINDOWS\system32\feigou.ini
C:\WINDOWS\system32\iebhoset.ini
C:\WINDOWS\system32\ieset.ini
C:\WINDOWS\system32\oeehquyakghmp.dll
C:\WINDOWS\system32\resiifers.ini
C:\WINDOWS\system32\rxjh_2.exe
C:\WINDOWS\system32\SkypeClient.exe
C:\WINDOWS\system32\wcbnurect.fl
C:\WINDOWS\yeSetup.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CONIME
-------\LEGACY_CPUZ128
-------\LEGACY_QVCOG
-------\LEGACY_XXQT
-------\conime
-------\cpuz128
-------\qvcog
-------\xxqt


((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 12:52 . 2008-01-14 17:34 100 ---hs---- C:\autorun.inf
2008-01-14 12:36 . 2008-01-14 12:36 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-14 11:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 15:47 . 2008-01-13 16:03 <DIR> d-------- C:\Program Files\SkanerOnline
2008-01-12 16:25 . 2008-01-12 16:25 <DIR> dr------- C:\Documents and Settings\NetworkService\Ulubione
2008-01-12 11:33 . 2008-01-12 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-01-12 08:29 . 2008-01-12 08:30 <DIR> d-------- C:\Program Files\Skype
2008-01-09 17:40 . 2008-01-09 17:40 <DIR> d-------- C:\Program Files\GameSpy
2008-01-09 17:38 . 2008-01-09 17:38 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-09 17:37 . 2008-01-09 17:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-09 17:37 . 2008-01-09 17:37 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-09 17:37 . 2008-01-09 17:37 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-09 17:37 . 2008-01-09 17:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-09 17:37 . 2008-01-09 17:37 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-09 17:37 . 2008-01-09 17:37 22,328 --a------ C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\PnkBstrK.sys
2008-01-09 17:24 . 2008-01-09 17:24 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-09 16:52 . 2008-01-09 16:52 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Ahead
2008-01-09 16:32 . 2008-01-09 16:32 <DIR> d-------- C:\Program Files\7-Zip
2008-01-08 16:39 . 2008-01-08 16:39 <DIR> d-------- C:\Program Files\Starbreeze Studios
2008-01-07 14:57 . 2008-01-07 14:57 <DIR> d-------- C:\Program Files\OpenAL
2008-01-07 14:57 . 2008-01-07 14:57 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-01-07 14:57 . 2008-01-07 14:57 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-01-07 14:53 . 2008-01-07 14:57 <DIR> d-------- C:\Program Files\Aquadelic GT
2008-01-07 14:53 . 2008-01-07 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Aquadelic GT
2007-12-28 20:00 . 2007-12-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2007-12-28 08:38 . 2007-12-28 08:38 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Media Player Classic
2007-12-27 23:14 . 2007-12-27 23:14 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-27 23:14 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-27 23:14 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2007-12-27 23:14 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-27 23:14 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-12-27 23:14 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2007-12-27 23:14 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2007-12-27 23:14 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-12-27 23:14 . 2007-12-07 18:28 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-27 23:14 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-12-27 23:14 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-12-27 22:35 . 2008-01-12 22:35 3,256 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-27 20:48 . 2007-12-27 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-12-27 20:20 . 2007-12-27 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-27 08:59 . 2007-12-27 08:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 08:44 . 2007-12-27 20:49 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Lavasoft
2007-12-26 21:05 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-12-26 21:05 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-12-26 20:53 . 2007-12-26 20:53 <DIR> d-------- C:\Program Files\Vstplugins
2007-12-26 20:53 . 2007-12-26 20:53 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-12-26 20:29 . 2007-12-26 20:29 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Publish Providers
2007-12-26 20:03 . 2007-12-26 20:03 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Sony
2007-12-26 20:02 . 2007-12-26 20:52 <DIR> d-------- C:\Program Files\Sony
2007-12-26 20:02 . 2007-12-26 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony
2007-12-26 19:42 . 2007-12-26 19:42 <DIR> d-------- C:\Program Files\Sony Setup
2007-12-26 15:51 . 2007-12-26 15:57 <DIR> d-------- C:\Hip-Hop
2007-12-26 15:47 . 2007-12-26 15:50 <DIR> d-------- C:\Program Files\Winamp
2007-12-26 15:47 . 2007-12-26 16:01 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Winamp
2007-12-26 15:15 . 2008-01-13 15:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-26 15:11 . 2007-12-29 14:22 <DIR> d-------- C:\Zdj©cia
2007-12-24 19:25 . 2007-12-24 19:32 <DIR> d-------- C:\Program Files\Skijumping 2007
2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\Program Files\ReaSoft
2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\ReaSoft
2007-12-21 14:50 . 2007-12-21 14:50 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\.jpi_cache
2007-12-21 14:49 . 2007-12-21 14:49 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\.java
2007-12-21 11:22 . 2007-12-21 11:22 <DIR> d-------- C:\Fraps
2007-12-20 10:34 . 2007-12-27 09:18 <DIR> d-------- C:\Program Files\Panzer Elite Action
2007-12-18 14:53 . 2004-06-16 06:03 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2007-12-18 14:50 . 2007-12-18 14:50 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-18 14:50 . 2007-12-18 14:50 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-18 14:45 . 2007-12-18 14:52 <DIR> d-------- C:\Program Files\Gothic III
2007-12-18 14:42 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-18 14:42 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-18 14:41 . 2007-12-18 14:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-18 14:41 . 2007-12-18 14:42 <DIR> d-------- C:\Program Files\Ahead
2007-12-18 14:41 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-18 14:41 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-18 14:41 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-18 14:41 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-17 12:51 . 2007-12-17 12:51 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-17 12:51 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-12-17 12:51 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2007-12-17 12:51 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-12-17 12:51 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-12-17 12:50 . 2007-12-17 12:50 <DIR> d-------- C:\Program Files\Futuremark
2007-12-16 20:19 . 2007-12-16 20:19 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-16 15:56 . 2008-01-08 20:07 <DIR> d-------- C:\Program Files\Hitman Kontrakty
2007-12-16 13:37 . 2007-12-16 13:37 <DIR> d-------- C:\Program Files\RivaTuner v2.05
2007-12-16 13:21 . 2007-12-16 13:21 <DIR> d-------- C:\nVidia Forceware
2007-12-16 12:24 . 2007-12-16 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-12-16 12:12 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-16 12:12 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-16 12:12 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-15 14:04 . 2007-12-15 14:04 <DIR> d---s---- C:\Documents and Settings\eMaNeTeWu\UserData
2007-12-15 14:03 . 2008-01-06 15:35 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Image Zone Express
2007-12-15 13:49 . 2007-12-15 14:02 <DIR> d-------- C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\HP
2007-12-15 13:49 . 2007-12-15 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2007-12-15 13:48 . 2007-12-15 13:49 <DIR> d-------- C:\Program Files\Common Files\HP
2007-12-15 13:46 . 2007-12-15 13:47 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-15 13:46 . 2007-12-15 13:46 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-12-15 13:43 . 2006-01-03 18:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-12-15 13:43 . 2006-04-12 11:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-12-15 13:43 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2007-12-15 13:43 . 2006-04-12 11:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 16:34 --------- d-----w C:\Program Files\neostrada tp
2008-01-14 10:43 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-13 14:43 --------- d-----w C:\Program Files\HLSW
2008-01-07 17:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 13:30 --------- d-----w C:\Program Files\MoorHunt
2007-12-27 19:49 --------- d-----w C:\Program Files\Lavasoft
2007-12-21 09:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-12 20:27 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Gadu-Gadu
2007-12-12 20:25 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-12 18:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2007-12-12 18:02 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-12-12 17:39 --------- d-----w C:\Program Files\Sierra On-Line
2007-12-11 18:04 --------- d-----w C:\Program Files\Common Files\BinarySense
2007-12-11 14:32 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-10 17:11 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\Thunderbird
2007-12-09 18:01 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\THQ
2007-12-09 17:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-12-09 17:26 --------- d-----w C:\Program Files\THQ
2007-12-09 17:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-09 17:25 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-12-09 17:07 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\BinarySense
2007-12-09 17:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2007-12-09 17:00 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\DAEMON Tools Pro
2007-12-09 16:45 --------- d-----w C:\Documents and Settings\eMaNeTeWu\Dane aplikacji\INTERIAPL
2007-12-09 16:38 --------- d-----w C:\Program Files\Thomson
2007-12-09 16:37 --------- d-----w C:\Program Files\Java
2007-12-09 16:24 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-09 11:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA
2007-12-09 10:57 --------- d-----w C:\Program Files\INTERIAPL
2007-12-09 10:56 --------- d-----w C:\Program Files\MarBit
2007-12-09 10:55 --------- d-----w C:\Program Files\PC DUAL SHOCK
2007-12-09 10:55 --------- d-----w C:\Program Files\A4Tech
2007-12-09 10:50 --------- d-----w C:\Program Files\Realtek
2007-12-09 10:36 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-09 10:34 --------- d-----w C:\Program Files\Usługi online
2007-12-08 12:43 175 ----a-w C:\WINDOWS\Fonts\README.txt
.

((((((((((((((((((((((((((((( snapshot_2008-01-14_11.14.52.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-14 10:07:36 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 16:30:21 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-14 10:07:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 16:30:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-14 10:07:36 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 16:30:21 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-14 10:07:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 16:30:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-14 10:07:37 4,317,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 16:30:22 4,325,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-14 10:07:37 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 16:30:22 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-12 08:21:54 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-14 11:36:37 4,317,184 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-14 11:36:37 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-12 08:21:54 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-14 11:36:29 4,317,184 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-14 11:36:29 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-01-14 09:52:34 69,970 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-14 16:15:36 69,970 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-14 09:52:34 87,070 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-01-14 16:15:36 87,070 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-01-14 09:52:34 418,454 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-14 16:15:36 418,454 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-14 09:52:34 475,060 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-01-14 16:15:36 475,060 ----a-w C:\WINDOWS\system32\perfh015.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10531}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stefan"="C:\Program Files\INTERIAPL\Stefan\Stefan.exe" [2007-08-29 14:30 685056]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08 136136]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03 1957888]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 08:08 196608]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 15:25 8491008]
"nwiz"="nwiz.exe" [2007-10-05 15:25 1626112 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.05\RivaTuner.exe" [2007-09-27 18:20 2633728]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 15:25 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 10:58 86960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"Vmlist"="regsvr32 /s apphelps.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0EA66AD2-CF26-2E23-532B-B292E22F3266}"= C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll [2008-01-14 17:33 10801]

[HKLM\~\startupfolder\C:^Documents and Settings^eMaNeTeWu^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\eMaNeTeWu\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
conime

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 17:34:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll
.
Completion time: 2008-01-14 17:36:07 - machine was rebooted [eMaNeTeWu]
ComboFix-quarantined-files.txt 2008-01-14 16:35:59
ComboFix2.txt 2008-01-14 11:48:38
ComboFix3.txt 2008-01-14 10:15:22
ComboFix4.txt 2007-12-27 21:49:48
.
2008-01-11 19:25:34 --- E O F ---

Już widze że jest lepiej, myszka nie znika, komp się nie muli. Panowie - jestescie wielcy

[wojtas]

nie masz czasem Pendriva podlaczonego ? bo niedawno powstal ten plik:

C:\autorun.inf

jesli masz to sformatuj go bo infekcja bedzie wracac i skasuj ten plik o ktorym wspomniałem wyżej. mozesz uzyc killboxa lub recznie

[eMaNeTeWu]

nie mam pendrive podłaczonego ani mp3 nic nie podłączalem ...

[wojtas]

to wykonaj co kazlem i wroc z logami

[eMaNeTeWu]

Nie wiem czy jest sens bo sprawdzalem i nie ma tego pliczku więc logi się raczej nie zmieniły od ostatnich wklejanych... :]

[wojtas]

bo plik jest ukryty

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

C:\autorun.inf

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)