Trojan win32:trojan-gen {other}

[Box]

Witam.
Włączając grę otrzymałem informacje systemu windows, że nie mam uprawnień administratora do otwarcia pliku exe tej gry. Pamiętam, miałem podobny problem w przeszłości z innym plikiem, ale zbagatelizowałem sprawę. Po przeskanowaniu pliku exe tej gry okazuje się, że jest w niej trojan. Mianowicie avast wyrzuca taką informację:

Nazwa pasożyta: Win32:Trojan-gen {Other}
Typ pasożyta: Wirus/robak

Jedyne co pomaga, to wyłączenie avasta, wtedy gra o dziwo działa... Dodam też, że wczoraj gra działała. Przedwczoraj także. A dzisiaj już nie chciała. Mało tego. Gdy zacząłem grać na wyłączonym avascie, transfer spadł mi do 0,3kb/s, strony ładują się masakrycznie wolno, a w samej grze mam takie lagi, że szok.

Zarzucam loga z HJT i Combo, pragnę to wyplenić...

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:36, on 2008-10-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A8984A1-758A-4DCF-B1AA-BB19917A86AD}: NameServer = 194.204.159.1 217.98.63.164
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7769 bytes


Kod: Zaznacz wszystko

ComboFix 08-10-04.07 - a 2008-10-18 15:44:04.6 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.156 [GMT 2:00]
Uruchomiony z: C:\Downloads\ComboFix.exe

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-09-18 do 2008-10-18  )))))))))))))))))))))))))))))))
.

2008-10-17 13:37 . 2008-10-17 13:37   <DIR>   d--------   C:\Program Files\FileZilla FTP Client
2008-10-17 13:37 . 2008-10-17 13:38   <DIR>   d--------   C:\Documents and Settings\a\Dane aplikacji\FileZilla
2008-10-17 13:31 . 2008-10-17 13:31   <DIR>   d--------   C:\Program Files\Arkadiusz Jachnik
2008-10-16 21:19 . 2008-10-16 21:20   1,393   --a------   C:\WINDOWS\imsins.BAK
2008-10-15 12:15 . 2008-10-16 21:20   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-10-13 19:36 . 2008-08-05 21:28   485   --a------   C:\WINDOWS\my.ini.old
2008-10-13 09:05 . 2008-10-16 22:24   <DIR>   d--------   C:\Program Files\Hotspot_Shield
2008-10-13 09:05 . 2008-10-16 22:24   <DIR>   d--------   C:\Program Files\Conduit
2008-10-13 09:04 . 2008-10-16 22:26   <DIR>   d--------   C:\Program Files\Hotspot Shield
2008-10-09 23:04 . 2008-10-09 23:07   <DIR>   d--------   C:\MMF2
2008-10-08 09:51 . 2008-10-08 09:51   <DIR>   d--------   C:\ummf
2008-10-05 23:01 . 2008-10-05 23:01   <DIR>   d--------   C:\Program Files\Common Files\INCA Shared
2008-10-05 17:20 . 2008-10-11 13:45   <DIR>   d--------   C:\Program Files\Odkurzacz
2008-09-30 22:48 . 2008-09-30 22:56   4,464   --a------   C:\Documents and Settings\a\PAJAC.EXE
2008-09-29 00:28 . 2008-09-29 00:28   <DIR>   d--------   C:\Program Files\streamtofile.com
2008-09-29 00:27 . 2008-10-05 21:49   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-09-29 00:17 . 2008-09-29 00:19   <DIR>   d--------   C:\Program Files\TVUPlayer
2008-09-29 00:17 . 2008-09-29 00:17   <DIR>   d--------   C:\Documents and Settings\a\LocalLow
2008-09-28 23:09 . 2008-09-28 23:09   <DIR>   d--------   C:\Program Files\Winamp Toolbar
2008-09-28 23:09 . 2008-09-28 23:09   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-09-28 23:09 . 2008-09-29 00:40   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-09-28 23:08 . 2008-09-29 00:39   <DIR>   d--------   C:\Program Files\Winamp Remote
2008-09-28 23:01 . 2008-09-28 23:12   <DIR>   d--------   C:\Program Files\Winamp
2008-09-28 23:01 . 2008-09-28 23:15   <DIR>   d--------   C:\Documents and Settings\a\Dane aplikacji\Winamp
2008-09-28 22:58 . 2008-09-28 23:34   <DIR>   d--------   C:\Program Files\SHOUTcast
2008-09-26 14:17 . 2008-09-26 14:17   <DIR>   d--------   C:\Program Files\Teamspeak2_RC2
2008-09-26 14:17 . 2008-09-26 14:17   <DIR>   d--------   C:\Documents and Settings\a\Dane aplikacji\teamspeak2
2008-09-26 14:17 . 2008-09-26 14:17   34,064   --a------   C:\WINDOWS\system32\lhacm.acm
2008-09-26 00:04 . 2008-09-26 00:12   270   --a------   C:\WINDOWS\cncscore.ini
2008-09-26 00:00 . 2008-09-26 00:00   <DIR>   d--------   C:\Gry
2008-09-25 21:22 . 2008-09-25 21:22   <DIR>   d--------   C:\Documents and Settings\a\Dane aplikacji\Clickteam
2008-09-25 21:05 . 2008-10-09 23:06   <DIR>   d--------   C:\Program Files\Multimedia Fusion 2
2008-09-25 18:24 . 2008-09-25 18:24   <DIR>   d--------   C:\Documents and Settings\a\Dane aplikacji\Kingston
2008-09-22 23:50 . 2008-09-22 23:51   <DIR>   d--h-----   C:\WINDOWS\msdownld.tmp
2008-09-22 23:46 . 2008-09-22 23:46   <DIR>   d--------   C:\WINDOWS\speech
2008-09-22 23:46 . 1997-07-19 15:00   604,432   --a------   C:\WINDOWS\system32\COMCTL32.OCX
2008-09-22 23:25 . 2008-09-22 23:25   <DIR>   d--------   C:\Program Files\Rainlendar2
2008-09-22 23:25 . 2008-09-22 23:58   <DIR>   d--------   C:\Documents and Settings\a\.rainlendar2
2008-09-22 22:17 . 2008-09-22 22:26   <DIR>   d--------   C:\Program Files\IDoser v4
2008-09-21 23:23 . 2008-09-21 23:23   <DIR>   d--------   C:\Program Files\kswiat

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 13:43   ---------   d-----w   C:\Program Files\Neostrada TP
2008-10-18 10:50   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\gtk-2.0
2008-10-13 13:47   ---------   d-----w   C:\Program Files\Metin2_PL
2008-10-13 00:21   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\OpenOffice.ux.pl2
2008-10-12 14:20   ---------   d-----w   C:\Program Files\Opera
2008-10-08 07:20   ---------   d-----w   C:\Program Files\ROA
2008-10-05 15:40   ---------   d-----w   C:\Program Files\SubEdit-Player
2008-10-05 15:40   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\DNA
2008-10-05 15:40   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\BitTorrent
2008-09-29 22:35   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\GanymedeNet
2008-09-22 17:56   172,032   ----a-w   C:\WINDOWS\system32\cncs32.dll
2008-09-22 17:56   133,200   ----a-w   C:\WINDOWS\system32\cncs.dll
2008-09-15 20:17   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\Dev-Cpp
2008-09-15 15:40   1,846,272   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-09-14 09:51   ---------   d-----w   C:\Program Files\Lavalys
2008-09-11 20:28   ---------   d-----w   C:\Program Files\Valve
2008-08-30 22:31   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\Tibia
2008-08-29 13:17   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\comodo
2008-08-28 19:08   87,056   ----a-w   C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-28 19:08   249,592   ----a-w   C:\WINDOWS\system32\cssdll32.dll
2008-08-28 19:08   24,208   ----a-w   C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-28 19:08   143,104   ----a-w   C:\WINDOWS\system32\guard32.dll
2008-08-28 19:08   ---------   d-----w   C:\Program Files\COMODO
2008-08-28 19:08   ---------   d-----w   C:\Program Files\AskSBar
2008-08-28 19:08   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\Comodo
2008-08-28 12:59   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-08-28 10:04   333,056   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:27   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-08-24 19:33   ---------   d-----w   C:\Program Files\PoxNora
2008-08-21 15:11   ---------   d-----w   C:\Program Files\Google
2008-08-18 05:43   ---------   d-----w   C:\Program Files\tibia811
2008-08-18 05:18   ---------   d-----w   C:\Program Files\Tibia8.2
2008-08-18 04:52   ---------   d-----w   C:\Program Files\Tibia
2008-08-14 13:46   2,181,632   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:46   2,059,008   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-25 08:34   81,920   ----a-w   C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34   683,520   ----a-w   C:\WINDOWS\system32\divx.dll
2008-07-23 16:50   3,596,288   ----a-w   C:\WINDOWS\system32\qt-dx331.dll
2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-10-05_17.01.36.10   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 09:12:09   124,928   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:12:09   347,136   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:12:09   214,528   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:12:09   132,608   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:12:09   63,488   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21   70,656   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:12:09   153,088   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:12:09   230,400   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50   161,792   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38   2,455,488   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:12:09   380,928   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:12:09   388,608   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 16:23:42   6,068,224   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:12:10   44,544   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:12:10   267,776   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21   13,824   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16   635,848   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:12:10   27,648   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:12:10   459,264   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:12:10   52,224   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:12:11   3,594,752   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:12:11   477,696   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:12:11   193,024   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:12:11   671,232   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:12:11   102,912   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:12:11   44,544   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:12:11   105,984   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:12:11   1,162,752   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:12:11   233,472   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:12:11   827,904   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 03:28:35   16,096   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 03:28:40   216,288   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 03:28:33   22,752   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 03:28:58   723,680   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 03:29:50   386,784   ----a-w   C:\WINDOWS\$hf_mig$\KB956390-IE7\update\updspapi.dll
- 2007-02-28 16:04:45   2,137,600   ------w   C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:46:46   2,137,600   ------w   C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 16:04:56   2,058,880   ------w   C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:46:58   2,059,008   ------w   C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 16:04:47   2,017,280   ------w   C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:46:44   2,017,280   ------w   C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 16:04:58   2,181,632   ------w   C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:46:56   2,181,632   ------w   C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:42:04   124,928   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:42:04   347,136   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:42:05   214,528   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:42:05   133,120   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:42:05   63,488   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:23:08   70,656   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:42:05   153,088   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:42:05   230,400   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54   161,792   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:42:05   383,488   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:42:06   384,512   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:42:07   6,066,176   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:42:07   44,544   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:42:08   267,776   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26   13,824   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:23:29   625,664   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:42:08   27,648   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:42:09   459,264   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:42:09   52,224   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 08:42:12   3,592,192   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:42:11   477,696   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:42:11   193,024   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:42:11   671,232   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:42:11   102,912   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:42:11   44,544   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 03:28:40   216,288   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 03:29:50   386,784   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:42:11   105,984   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:42:12   1,159,680   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:42:12   233,472   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:42:13   826,368   -c----w   C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-06-23 16:42:04   124,928   ----a-w   C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 08:26:55   124,928   ----a-w   C:\WINDOWS\system32\advpack.dll
- 2008-06-23 16:42:04   124,928   -c--a-w   C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 08:26:55   124,928   -c--a-w   C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38   138,368   -c--a-w   C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43   138,368   -c--a-w   C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 16:42:04   347,136   -c--a-w   C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 08:26:55   347,136   -c--a-w   C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:42:05   214,528   -c--a-w   C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 08:26:55   214,528   -c--a-w   C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:42:05   133,120   -c--a-w   C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 08:26:55   133,120   -c--a-w   C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:42:05   63,488   -c----w   C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 08:26:55   63,488   -c----w   C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 09:23:08   70,656   -c--a-w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:42:17   70,656   -c--a-w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:42:05   153,088   -c--a-w   C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 08:26:55   153,088   -c--a-w   C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:42:05   230,400   -c--a-w   C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 08:26:56   230,400   -c--a-w   C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54   161,792   -c--a-w   C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51   161,792   -c--a-w   C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:42:05   383,488   -c----w   C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 08:26:56   383,488   -c----w   C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:42:06   384,512   -c--a-w   C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 08:26:56   384,512   -c--a-w   C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:42:07   6,066,176   -c----w   C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 17:26:30   6,066,176   -c----w   C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:42:07   44,544   -c--a-w   C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 08:26:58   44,544   -c--a-w   C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:42:08   267,776   -c----w   C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 08:26:58   267,776   -c----w   C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26   13,824   -c----w   C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00   13,824   -c----w   C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 09:23:29   625,664   -c--a-w   C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15   635,848   -c--a-w   C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-06-23 16:42:08   27,648   -c--a-w   C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 08:26:58   27,648   -c--a-w   C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:42:09   459,264   -c----w   C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 08:26:59   459,264   -c----w   C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:42:09   52,224   -c----w   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 08:26:59   52,224   -c----w   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-24 08:42:12   3,592,192   -c--a-w   C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-27 09:27:02   3,593,216   -c--a-w   C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:42:11   477,696   -c--a-w   C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 08:27:00   477,696   -c--a-w   C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:42:11   193,024   -c--a-w   C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 08:27:00   193,024   -c--a-w   C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:42:11   671,232   -c--a-w   C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 08:27:00   671,232   -c--a-w   C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-02-28 16:04:45   2,137,600   -c----w   C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 13:46:46   2,137,600   -c----w   C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 16:04:56   2,058,880   -c----w   C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 13:46:58   2,059,008   -c----w   C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 16:04:47   2,017,280   -c----w   C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 13:46:44   2,017,280   -c----w   C:\WINDOWS\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:04:58   2,181,632   -c----w   C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 13:46:56   2,181,632   -c----w   C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:42:11   102,912   -c--a-w   C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 08:27:00   102,912   -c--a-w   C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:42:11   44,544   -c--a-w   C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 08:27:00   44,544   -c--a-w   C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41   332,928   -c--a-w   C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17   333,056   -c--a-w   C:\WINDOWS\system32\dllcache\srv.sys
- 2008-06-23 16:42:11   105,984   -c--a-w   C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 08:27:01   105,984   -c--a-w   C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:42:12   1,159,680   -c--a-w   C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 08:27:01   1,159,680   -c--a-w   C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:42:12   233,472   -c--a-w   C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 08:27:01   233,472   -c--a-w   C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-20 08:09:45   1,845,504   -c--a-w   C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-09-15 15:40:58   1,846,272   -c--a-w   C:\WINDOWS\system32\dllcache\win32k.sys
- 2008-06-23 16:42:13   826,368   -c--a-w   C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 08:27:02   826,368   -c--a-w   C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 10:44:38   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 09:51:43   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
+ 2008-01-23 21:25:32   27,136   ----a-w   C:\WINDOWS\system32\drivers\tapvpn.sys
- 2008-06-23 16:42:04   347,136   ----a-w   C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 08:26:55   347,136   ----a-w   C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:42:05   214,528   ----a-w   C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 08:26:55   214,528   ----a-w   C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:42:05   133,120   ----a-w   C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 08:26:55   133,120   ----a-w   C:\WINDOWS\system32\extmgr.dll
- 2008-09-21 14:46:50   155,568   ----a-w   C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-16 19:21:41   155,568   ----a-w   C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-06-23 16:42:05   63,488   ----a-w   C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 08:26:55   63,488   ----a-w   C:\WINDOWS\system32\icardie.dll
- 2008-06-23 09:23:08   70,656   ----a-w   C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:42:17   70,656   ----a-w   C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:42:05   153,088   ----a-w   C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 08:26:55   153,088   ----a-w   C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:42:05   230,400   ----a-w   C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 08:26:56   230,400   ----a-w   C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54   161,792   ----a-w   C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51   161,792   ----a-w   C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:42:05   383,488   ----a-w   C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 08:26:56   383,488   ----a-w   C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:42:06   384,512   ----a-w   C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 08:26:56   384,512   ----a-w   C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:42:07   6,066,176   ----a-w   C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:26:30   6,066,176   ----a-w   C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:42:07   44,544   ----a-w   C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 08:26:58   44,544   ----a-w   C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:42:08   267,776   ----a-w   C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 08:26:58   267,776   ----a-w   C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 09:20:26   13,824   ----a-w   C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00   13,824   ----a-w   C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:42:08   27,648   ----a-w   C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 08:26:58   27,648   ----a-w   C:\WINDOWS\system32\jsproxy.dll
- 2008-06-23 16:42:09   459,264   ----a-w   C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 08:26:59   459,264   ----a-w   C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:42:09   52,224   ----a-w   C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 08:26:59   52,224   ----a-w   C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-24 08:42:12   3,592,192   ----a-w   C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 09:27:02   3,593,216   ----a-w   C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:42:11   477,696   ----a-w   C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 08:27:00   477,696   ----a-w   C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:42:11   193,024   ----a-w   C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 08:27:00   193,024   ----a-w   C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:42:11   671,232   ----a-w   C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 08:27:00   671,232   ----a-w   C:\WINDOWS\system32\mstime.dll
- 2008-06-23 16:42:11   102,912   ----a-w   C:\WINDOWS\system32\occache.dll
+ 2008-08-26 08:27:00   102,912   ----a-w   C:\WINDOWS\system32\occache.dll
- 2008-06-23 16:42:11   44,544   ----a-w   C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 08:27:00   44,544   ----a-w   C:\WINDOWS\system32\pngfilt.dll
+ 2008-01-23 21:25:32   27,136   ----a-w   C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]002\DriverFiles\tapvpn.sys
- 2007-11-30 12:40:46   19,320   ------w   C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:21:28   19,320   ------w   C:\WINDOWS\system32\spmsg.dll
- 2008-06-23 16:42:11   105,984   ----a-w   C:\WINDOWS\system32\url.dll
+ 2008-08-26 08:27:01   105,984   ----a-w   C:\WINDOWS\system32\url.dll
- 2008-06-23 16:42:12   1,159,680   ----a-w   C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 08:27:01   1,159,680   ----a-w   C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:42:12   233,472   ----a-w   C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 08:27:01   233,472   ----a-w   C:\WINDOWS\system32\webcheck.dll
+ 2008-10-17 06:01:47   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_698.dat
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-28 66912]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-28 21:08   66912   --a------   C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-02 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^a^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.4.0.lnk]
path=C:\Documents and Settings\a\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.4.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.4.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpyWare2Guard]
--a------ 2008-03-13 15:36 2316632 C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-07-04 22:57 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2008-08-28 21:08 1655552 C:\Program Files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
--a------ 2008-08-28 21:08 278264 C:\Program Files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-03 05:46 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-04-01 03:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-09-11 22:38 1271032 C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-08-26 00:27 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-07 12:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-09-12 12:17 340136 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2008-04-07 16:06 16859136 C:\WINDOWS\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"C:\\Program Files\\Metin2_PL\\metin2.bin"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\WebServ\\ftp\\WebServ(ftp).exe"=
"C:\\Program Files\\WebServ\\apache2\\bin\\WebServ(apache).exe"=
"C:\\Program Files\\WebServ\\mysql\\bin\\WebServ(mysqld).exe"=
"C:\\xampp\\apache\\bin\\apache.exe"=
"C:\\xampp\\mysql\\bin\\mysqld.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-28 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-28 24208]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-03-13 730968]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 XDva193;XDva193;C:\WINDOWS\system32\XDva193.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e902980-6234-11dd-8ee7-000e50f0b94d}]
\Shell\Auto\command - F:\wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\a\Dane aplikacji\Mozilla\Firefox\Profiles\d60ek89f.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 15:44:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

PROCES: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Czas ukończenia: 2008-10-18 15:48:32
ComboFix-quarantined-files.txt  2008-10-18 13:48:26
ComboFix2.txt  2008-10-05 16:07:27
ComboFix3.txt  2008-10-05 15:02:29

Przed: 14 107 303 936 bajtów wolnych
Po: 15,150,825,472 bajtów wolnych

444   --- E O F ---   2008-10-16 19:20:56


[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka (sciagnij tego combofixa z tego linku bo masz starsza wersje)

[Box]

Raport z SDFixa:

Kod: Zaznacz wszystko

[b]SDFix: Version 1.205 [/b]
Run by a on 2008-10-18 at 17:35

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 17:40:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000085
"TracesSuccessful"=dword:00000064

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"="C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe:*:Enabled:AQQ"
"C:\\Program Files\\Metin2_PL\\metin2.bin"="C:\\Program Files\\Metin2_PL\\metin2.bin:*:Enabled:metin2"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\WebServ\\ftp\\WebServ(ftp).exe"="C:\\Program Files\\WebServ\\ftp\\WebServ(ftp).exe:*:Enabled:WebServ(ftp)"
"C:\\Program Files\\WebServ\\apache2\\bin\\WebServ(apache).exe"="C:\\Program Files\\WebServ\\apache2\\bin\\WebServ(apache).exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\WebServ\\mysql\\bin\\WebServ(mysqld).exe"="C:\\Program Files\\WebServ\\mysql\\bin\\WebServ(mysqld).exe:*:Enabled:WebServ(mysqld)"
"C:\\xampp\\apache\\bin\\apache.exe"="C:\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\xampp\\mysql\\bin\\mysqld.exe"="C:\\xampp\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Fri 27 Feb 2004       233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Fri 13 Jun 2008     3,231,744 A..H. --- "C:\Documents and Settings\a\Dane aplikacji\Kingston\SecureTravelerB.exe"
Wed 11 Jun 2008     1,839,104 A..H. --- "C:\Documents and Settings\a\Dane aplikacji\Kingston\SecureTravelerA.exe"
Fri 13 Jun 2008     3,231,744 A..H. --- "C:\Documents and Settings\a\Dane aplikacji\Kingston\tmp\SecureTravelerB.exe"
Wed 11 Jun 2008     1,839,104 A..H. --- "C:\Documents and Settings\a\Dane aplikacji\Kingston\tmp\SecureTravelerA.exe"

[b]Finished![/b]



Z HJT:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:54, on 2008-10-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\xampp\apache\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Odkurzacz\odk_mcd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A8984A1-758A-4DCF-B1AA-BB19917A86AD}: NameServer = 194.204.159.1 217.98.63.164
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7758 bytes


Z Combo:

Kod: Zaznacz wszystko

ComboFix 08-10-17.01 - a 2008-10-18 18:05:42.7 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.220 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\a\Moje dokumenty\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-09-18 do 2008-10-18  )))))))))))))))))))))))))))))))
.

2008-10-17 13:37 . 2008-10-17 13:37   <DIR>   d--------   C:\Program Files\FileZilla FTP Client
2008-10-17 13:37 . 2008-10-17 13:38   <DIR>   d--------   C:\Documents and Settings\a\Dane aplikacji\FileZilla
2008-10-17 13:31 . 2008-10-17 13:31   <DIR>   d--------   C:\Program Files\Arkadiusz Jachnik
2008-10-15 12:15 . 2008-10-16 21:20   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-10-13 09:05 . 2008-10-16 22:24   <DIR>   d--------   C:\Program Files\Hotspot_Shield
2008-10-13 09:05 . 2008-10-16 22:24   <DIR>   d--------   C:\Program Files\Conduit
2008-10-13 09:04 . 2008-10-16 22:26   <DIR>   d--------   C:\Program Files\Hotspot Shield
2008-10-09 23:04 . 2008-10-09 23:07   <DIR>   d--------   C:\MMF2
2008-10-08 09:51 . 2008-10-08 09:51   <DIR>   d--------   C:\ummf
2008-10-05 23:01 . 2008-10-05 23:01   <DIR>   d--------   C:\Program Files\Common Files\INCA Shared
2008-10-05 17:20 . 2008-10-11 13:45   <DIR>   d--------   C:\Program Files\Odkurzacz
2008-09-30 22:48 . 2008-09-30 22:56   4,464   --a------   C:\Documents and Settings\a\PAJAC.EXE
2008-09-29 00:28 . 2008-09-29 00:28   <DIR>   d--------   C:\Program Files\streamtofile.com
2008-09-29 00:27 . 2008-10-05 21:49   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-09-29 00:17 . 2008-09-29 00:19   <DIR>   d--------   C:\Program Files\TVUPlayer
2008-09-29 00:17 . 2008-09-29 00:17   <DIR>   d--------   C:\Documents and Settings\a\LocalLow
2008-09-28 23:09 . 2008-09-28 23:09   <DIR>   d--------   C:\Program Files\Winamp Toolbar
2008-09-28 23:09 . 2008-09-28 23:09   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-09-28 23:09 . 2008-09-29 00:40   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-09-28 23:08 . 2008-09-29 00:39   <DIR>   d--------   C:\Program Files\Winamp Remote
2008-09-28 23:01 . 2008-09-28 23:12   <DIR>   d--------   C:\Program Files\Winamp
2008-09-28 23:01 . 2008-09-28 23:15   <DIR>   d--------   C:\Documents and Settings\a\Dane aplikacji\Winamp
2008-09-28 22:58 . 2008-09-28 23:34   <DIR>   d--------   C:\Program Files\SHOUTcast
2008-09-26 14:17 . 2008-09-26 14:17   <DIR>   d--------   C:\Program Files\Teamspeak2_RC2
2008-09-26 14:17 . 2008-09-26 14:17   <DIR>   d--------   C:\Documents and Settings\a\Dane aplikacji\teamspeak2
2008-09-26 14:17 . 2008-09-26 14:17   34,064   --a------   C:\WINDOWS\system32\lhacm.acm
2008-09-26 00:04 . 2008-09-26 00:12   270   --a------   C:\WINDOWS\cncscore.ini
2008-09-26 00:00 . 2008-09-26 00:00   <DIR>   d--------   C:\Gry
2008-09-25 21:22 . 2008-09-25 21:22   <DIR>   d--------   C:\Documents and Settings\a\Dane aplikacji\Clickteam
2008-09-25 21:05 . 2008-10-09 23:06   <DIR>   d--------   C:\Program Files\Multimedia Fusion 2
2008-09-25 18:24 . 2008-09-25 18:24   <DIR>   d--------   C:\Documents and Settings\a\Dane aplikacji\Kingston
2008-09-22 23:50 . 2008-09-22 23:51   <DIR>   d--h-----   C:\WINDOWS\msdownld.tmp
2008-09-22 23:46 . 2008-09-22 23:46   <DIR>   d--------   C:\WINDOWS\speech
2008-09-22 23:46 . 1997-07-19 15:00   604,432   --a------   C:\WINDOWS\system32\COMCTL32.OCX
2008-09-22 23:25 . 2008-09-22 23:25   <DIR>   d--------   C:\Program Files\Rainlendar2
2008-09-22 23:25 . 2008-09-22 23:58   <DIR>   d--------   C:\Documents and Settings\a\.rainlendar2
2008-09-22 22:17 . 2008-09-22 22:26   <DIR>   d--------   C:\Program Files\IDoser v4
2008-09-21 23:23 . 2008-09-21 23:23   <DIR>   d--------   C:\Program Files\kswiat

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 16:04   ---------   d-----w   C:\Program Files\Neostrada TP
2008-10-18 10:50   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\gtk-2.0
2008-10-13 13:47   ---------   d-----w   C:\Program Files\Metin2_PL
2008-10-13 00:21   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\OpenOffice.ux.pl2
2008-10-12 14:20   ---------   d-----w   C:\Program Files\Opera
2008-10-08 07:20   ---------   d-----w   C:\Program Files\ROA
2008-10-05 15:40   ---------   d-----w   C:\Program Files\SubEdit-Player
2008-10-05 15:40   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\DNA
2008-10-05 15:40   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\BitTorrent
2008-09-29 22:35   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\GanymedeNet
2008-09-22 17:56   172,032   ----a-w   C:\WINDOWS\system32\cncs32.dll
2008-09-22 17:56   133,200   ----a-w   C:\WINDOWS\system32\cncs.dll
2008-09-15 20:17   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\Dev-Cpp
2008-09-15 15:40   1,846,272   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-09-14 09:51   ---------   d-----w   C:\Program Files\Lavalys
2008-09-11 20:28   ---------   d-----w   C:\Program Files\Valve
2008-08-30 22:31   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\Tibia
2008-08-29 13:17   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\comodo
2008-08-28 19:08   87,056   ----a-w   C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-28 19:08   249,592   ----a-w   C:\WINDOWS\system32\cssdll32.dll
2008-08-28 19:08   24,208   ----a-w   C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-28 19:08   143,104   ----a-w   C:\WINDOWS\system32\guard32.dll
2008-08-28 19:08   ---------   d-----w   C:\Program Files\COMODO
2008-08-28 19:08   ---------   d-----w   C:\Program Files\AskSBar
2008-08-28 19:08   ---------   d-----w   C:\Documents and Settings\a\Dane aplikacji\Comodo
2008-08-28 12:59   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-08-28 10:04   333,056   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:27   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-08-24 19:33   ---------   d-----w   C:\Program Files\PoxNora
2008-08-21 15:11   ---------   d-----w   C:\Program Files\Google
2008-08-18 05:43   ---------   d-----w   C:\Program Files\tibia811
2008-08-18 05:18   ---------   d-----w   C:\Program Files\Tibia8.2
2008-08-18 04:52   ---------   d-----w   C:\Program Files\Tibia
2008-08-14 13:46   2,181,632   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:46   2,059,008   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-25 08:34   81,920   ----a-w   C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34   683,520   ----a-w   C:\WINDOWS\system32\divx.dll
2008-07-23 16:50   3,596,288   ----a-w   C:\WINDOWS\system32\qt-dx331.dll
2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
.

(((((((((((((((((((((((((((((   snapshot_2008-10-18_15.48.04.43   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\ERDNT\subs\ERDNT.EXE
- 2008-07-15 19:09:13   372,736   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-18 15:31:41   5,767,168   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-07-15 19:09:13   8,192   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-10-18 15:31:41   446,464   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-10-18 16:09:37   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_680.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-28 66912]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-28 21:08   66912   --a------   C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-02 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^a^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.4.0.lnk]
path=C:\Documents and Settings\a\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.4.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.4.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpyWare2Guard]
--a------ 2008-03-13 15:36 2316632 C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-07-04 22:57 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2008-08-28 21:08 1655552 C:\Program Files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
--a------ 2008-08-28 21:08 278264 C:\Program Files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-03 05:46 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-04-01 03:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-09-11 22:38 1271032 C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-08-26 00:27 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-07 12:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-09-12 12:17 340136 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2008-04-07 16:06 16859136 C:\WINDOWS\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"C:\\Program Files\\Metin2_PL\\metin2.bin"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\WebServ\\ftp\\WebServ(ftp).exe"=
"C:\\Program Files\\WebServ\\apache2\\bin\\WebServ(apache).exe"=
"C:\\Program Files\\WebServ\\mysql\\bin\\WebServ(mysqld).exe"=
"C:\\xampp\\apache\\bin\\apache.exe"=
"C:\\xampp\\mysql\\bin\\mysqld.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-28 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-28 24208]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-03-13 730968]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 XDva193;XDva193;C:\WINDOWS\system32\XDva193.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e902980-6234-11dd-8ee7-000e50f0b94d}]
\Shell\Auto\command - F:\wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\a\Dane aplikacji\Mozilla\Firefox\Profiles\d60ek89f.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 18:10:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-18 18:14:08 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-10-18 16:14:03
ComboFix2.txt  2008-10-18 13:48:33
ComboFix3.txt  2008-10-05 16:07:27
ComboFix4.txt  2008-10-05 15:02:29

Przed: 15 215 448 064 bajtów wolnych
Po: 15,158,206,464 bajtów wolnych

244   --- E O F ---   2008-10-16 19:20:56


Proszę o pomoc =<