Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

[wirus]explorer exe i inne problemz Virus Trojan

Rozpoczęty przez dawidEX , 24 07 2008 12:18

Temat jest zamknięty

1 odpowiedź w tym temacie

#1 dawidEX

Nowy

4 postów

Napisano 24 07 2008 - 12:18

Witam sprawa jest taka coś się stało z explorer.exe jak uruchamiam kompa i wogule się nie włacza explorer ctrl+alt+del uruchomiam go pomiga(czyli pojawia sie i znika) kilka razy i wylaczy sie czasem się włączy ale jak tylko wejde w moj komputer i jakiś folder wylacza sie exploler. I JESZCE nie ktore strony sie nei wczytuja albo wczytuja bardzo pomalu a nie ktore wchodza odrazu np google.pl . I jak juz uda sie na chwile wlaczyc explorera to uzycie procesora zarz 100% i uzycie pamieci tez troche skacze i komp chodzi jak by nie mogl. i od godziny nie moge grac w gre soldat przez neta anie nei pobierze servow ani nie wbije na gre netowa.

Logi
Hjiack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:26, on 2008-06-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FB79473F-DE4D-47C1-B691-908E8C36D73D} - C:\WINDOWS\system32\xxyaBSIA.dll - to jest jakis trojan ale nie moge tego usunac nawet fixami ani z cmd i del C:\.... ale wq mnei mam na kompie kilka trojanow albo virosow
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5759BFA3-B0DB-402B-BD2D-0DA98806E365}: NameServer = 80.244.140.241 80.244.128.1
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 2058 bytes

SmitFraudFix v2.329

Scan done at 11:22:02,28, 2008-06-23
Run from C:\Program Files\mozilla.org\SeaMonkey\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Documents and Settings\dawid\Moje dokumenty\Moje obrazy\gmer.exe
C:\Program Files\mozilla.org\SeaMonkey\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dawid


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dawid\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\dawid\Ulubione


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 80.244.140.241
DNS Server Search Order: 80.244.128.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5759BFA3-B0DB-402B-BD2D-0DA98806E365}: NameServer=80.244.140.241 80.244.128.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5759BFA3-B0DB-402B-BD2D-0DA98806E365}: NameServer=80.244.140.241 80.244.128.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

ComboFix

ComboFix 08-07-20.3 - dawid 2008-07-24 11:33:34.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.188 [GMT 2:00]
Running from: E:\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AISBayxx.ini
C:\WINDOWS\system32\AISBayxx.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\xxyaBSIA.dll

.
(((((((((((((((((((((((((   Files Created from 2008-06-24 to 2008-07-24  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 09:33	---------	d-----w	C:\Program Files\cFosSpeed
2008-07-03 16:04	732,376	----a-w	C:\WINDOWS\system32\drivers\cfosspeed.sys
2008-06-22 08:17	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-21 21:56	---------	d-----w	C:\Documents and Settings\dawid\Dane aplikacji\dvdcss
2008-06-21 12:57	---------	d-----w	C:\Documents and Settings\dawid\Dane aplikacji\DivX
2008-06-21 04:16	---------	d-----w	C:\Documents and Settings\dawid\Dane aplikacji\teamspeak2
2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-06-20 10:44	138,368	----a-w	C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 17:19	---------	d-----w	C:\Documents and Settings\dawid\Dane aplikacji\Nvu
2008-06-19 08:59	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\avg8
2008-06-18 22:24	---------	d-----w	C:\Program Files\Winamp
2008-06-18 22:12	---------	d-----w	C:\Program Files\DFX
2008-06-18 16:45	---------	d-----w	C:\Program Files\cFosBC
2008-06-18 15:26	---------	d-----w	C:\Program Files\Sophos
2008-06-18 13:37	---------	d-----w	C:\Program Files\Gadu-Gadu
2008-06-17 13:30	---------	d-----w	C:\Program Files\Pomocnik PHPdata
2008-06-17 13:29	---------	d-----w	C:\Program Files\Pomocnik PHP
2008-06-17 13:27	---------	d-----w	C:\Program Files\PHP WebPage Editor
2008-06-17 13:25	---------	d-----w	C:\Program Files\Common Files\SourceTec
2008-06-17 13:08	---------	d-----w	C:\Documents and Settings\dawid\Dane aplikacji\UseNeXT
2008-06-17 13:00	---------	d-----w	C:\Program Files\Power AutoPlay Menu Creator
2008-06-16 10:43	---------	d-----w	C:\Program Files\Trend Micro
2008-06-16 10:41	---------	d-----w	C:\Program Files\a-squared HiJackFree
2008-06-16 09:08	---------	d-----w	C:\Program Files\Cracklock
2008-06-16 08:37	---------	d-----w	C:\Program Files\RogueRemover FREE
2008-06-15 16:50	360,320	----a-w	C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-06-14 18:01	273,024	------w	C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 10:14	---------	d-----w	C:\Documents and Settings\dawid\Dane aplikacji\uTorrent
2008-06-13 22:31	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-06-13 22:30	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2008-06-08 12:21	---------	d-----w	C:\Program Files\WinPcap
2008-06-06 16:50	995	----a-w	C:\391.zip
2008-06-06 16:46	4,599	----a-w	C:\182.zip
2008-06-06 14:47	---------	d-----w	C:\Documents and Settings\dawid\Dane aplikacji\SQLite Administrator
2008-06-06 13:16	---------	d-----w	C:\Documents and Settings\dawid\Dane aplikacji\mIRC
2008-06-06 12:55	---------	d-----w	C:\Program Files\mIRC
2008-06-06 12:54	1,743,485	----a-w	C:\mirc632.exe
2008-06-06 12:46	2,614	----a-w	C:\124.zip
2008-06-05 13:35	563,036	----a-w	C:\esa.zip
2008-06-02 16:14	---------	d-----w	C:\Program Files\MAIET
2008-06-02 15:48	---------	d-----w	C:\Program Files\Common Files\DFX
2008-06-02 15:48	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\DFX
2008-05-30 11:12	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-30 11:12	---------	d-----w	C:\Program Files\SpeedTouch
2008-05-29 14:29	---------	d-----w	C:\Program Files\FaxTools
2008-05-29 14:29	---------	d-----w	C:\Program Files\ABBYY FineReader 6.0
2008-05-29 14:29	---------	d-----w	C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-05-29 14:28	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-05-27 19:26	---------	d-----w	C:\Program Files\AutoConnect
2008-05-27 05:04	---------	d-----w	C:\Program Files\Lexmark X1100 Series
2008-05-26 17:51	---------	d-----w	C:\Program Files\Lineage II
2008-05-26 08:53	---------	d-----w	C:\Program Files\MSXML 4.0
2007-12-23 08:36	92,064	----a-w	C:\Documents and Settings\dawid\mqdmmdm.sys
2007-12-23 08:36	9,232	----a-w	C:\Documents and Settings\dawid\mqdmmdfl.sys
2007-12-23 08:36	79,328	----a-w	C:\Documents and Settings\dawid\mqdmserd.sys
2007-12-23 08:36	66,656	----a-w	C:\Documents and Settings\dawid\mqdmbus.sys
2007-12-23 08:36	6,208	----a-w	C:\Documents and Settings\dawid\mqdmcmnt.sys
2007-12-23 08:36	5,936	----a-w	C:\Documents and Settings\dawid\mqdmwhnt.sys
2007-12-23 08:36	4,048	----a-w	C:\Documents and Settings\dawid\mqdmcr.sys
2007-12-23 08:36	25,600	----a-w	C:\Documents and Settings\dawid\usbsermptxp.sys
2007-12-23 08:36	22,768	----a-w	C:\Documents and Settings\dawid\usbsermpt.sys
2007-12-06 16:45	56	--sh--r	C:\WINDOWS\system32\6028A5D56E.sys
2007-12-06 16:51	2,516	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2007-10-30 18:53  360832  64798ecfa43d78c7178375fcdd16d8c8	C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44  360960  744e57c99232201ae98c49168b918f48	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51  361600  9aefa14bd6b182d61e3119fa5f436d3d	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59  361600  ad978a1b783b5719720cff204b666c8e	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14  359040  9f4b36614a0fc234525ba224957de55c	C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-06-03 11:26  360064  482ab7f9cd41702e8f856c11cfefb02d	C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-15 18:50  360320  3adce4790f591bf160a94f6f08039577	C:\WINDOWS\system32\drivers\TCPIP.SYS
.
(((((((((((((((((((((((((((((   snapshot@2008-05-25_11.53.25.92   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-24 04:49:20	49,152	----a-w	C:\WINDOWS\$hf_mig$\KB904942\SP2QFE\wdigest.dll
+ 2005-10-12 23:21:28	16,096	----a-w	C:\WINDOWS\$hf_mig$\KB904942\spmsg.dll
+ 2005-10-12 23:21:30	216,288	----a-w	C:\WINDOWS\$hf_mig$\KB904942\spuninst.exe
+ 2005-10-12 23:21:27	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB904942\update\spcustom.dll
+ 2005-10-12 23:21:33	723,680	----a-w	C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
+ 2005-10-12 23:21:40	386,784	----a-w	C:\WINDOWS\$hf_mig$\KB904942\update\updspapi.dll
+ 2006-07-14 15:52:22	121,856	----a-w	C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll
+ 2005-10-12 23:12:25	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll
+ 2005-10-12 23:12:26	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe
+ 2005-10-12 23:12:25	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll
+ 2005-10-12 23:12:28	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:33	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll
+ 2008-06-14 18:06:01	273,024	----a-w	C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-14 17:36:22	273,024	----a-w	C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-14 17:41:01	273,024	----a-w	C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:21:28	19,320	----a-w	C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:21:28	234,360	----a-w	C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:21:28	26,488	----a-w	C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:21:28	763,256	----a-w	C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:21:29	398,200	----a-w	C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2006-08-16 12:14:48	100,352	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08	138,368	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:41	147,968	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:41	246,784	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42	360,960	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39	225,920	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08	138,496	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:48:53	147,968	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:48:53	246,784	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12	361,600	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27	225,856	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03	138,496	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:44	147,968	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:44	246,784	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02	361,600	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44	225,856	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:40:46	19,320	----a-w	C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:40:46	234,360	----a-w	C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:40:46	26,488	----a-w	C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:40:47	763,256	----a-w	C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:40:48	398,200	----a-w	C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2006-05-25 08:29:04	213,216	-c----w	C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2006-05-25 08:29:04	371,424	-c----w	C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2006-05-24 10:32:48	213,216	-c----w	C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2006-05-24 10:32:48	371,424	-c----w	C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2004-08-07 04:30:28	171,520	-c----w	C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
+ 2005-10-12 23:21:30	216,288	-c----w	C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe
+ 2005-10-12 23:21:40	386,784	-c----w	C:\WINDOWS\$NtUninstallKB904942$\spuninst\updspapi.dll
+ 2004-08-03 22:44:14	49,152	-c----w	C:\WINDOWS\$NtUninstallKB904942$\wdigest.dll
+ 2004-08-03 22:43:56	28,672	-c----w	C:\WINDOWS\$NtUninstallKB914440$\custsat.dll
+ 2005-10-12 23:21:30	216,288	-c----w	C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe
+ 2005-10-12 23:21:41	386,784	-c----w	C:\WINDOWS\$NtUninstallKB914440$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26	213,216	-c----w	C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33	371,424	-c----w	C:\WINDOWS\$NtUninstallKB915865$\spuninst\updspapi.dll
+ 2008-04-14 15:53:43	273,024	-c----w	C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2007-11-30 11:21:28	234,360	-c----w	C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2007-11-30 11:21:29	398,200	-c----w	C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
+ 2004-08-03 21:14:16	138,496	-c----w	C:\WINDOWS\$NtUninstallKB951748$\afd.sys
+ 2008-02-20 05:38:07	148,992	-c----w	C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
+ 2004-08-03 22:44:06	246,784	-c----w	C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
+ 2007-11-30 12:40:46	234,360	-c----w	C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe
+ 2007-11-30 12:40:48	398,200	-c----w	C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll
+ 2008-06-03 09:26:55	360,064	-c----w	C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
+ 2006-08-16 09:37:30	225,664	-c----w	C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys
- 2008-04-14 15:53:43	273,024	------w	C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-14 18:01:34	273,024	------w	C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-07-14 21:41:59	163,328	----a-w	C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-19 21:11:07	5,136,384	----a-w	C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-06-19 21:11:07	172,032	----a-w	C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-07-14 21:41:59	163,328	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-16 08:40:25	5,001,216	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-06-16 08:40:25	172,032	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-06-16 12:32:27	884,736	----a-w	C:\WINDOWS\gmer.dll
+ 2008-06-16 12:30:45	811,008	----a-w	C:\WINDOWS\gmer.exe
+ 2004-08-03 22:43:52	61,440	-c----w	C:\WINDOWS\ie7\admparse.dll
+ 2004-08-03 22:43:52	100,864	-c----w	C:\WINDOWS\ie7\advpack.dll
+ 2004-08-03 22:43:56	35,328	-c----w	C:\WINDOWS\ie7\corpol.dll
+ 2006-06-02 19:34:06	33,792	-c----w	C:\WINDOWS\ie7\custsat.dll
+ 2008-04-21 07:03:50	357,888	-c----w	C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-04-21 07:03:50	205,312	-c----w	C:\WINDOWS\ie7\dxtrans.dll
+ 2008-04-21 07:03:50	55,808	-c----w	C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-03 22:44:00	38,912	-c----w	C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-03 22:44:22	34,304	-c----w	C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-03 22:44:00	139,264	-c----w	C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-03 22:44:00	219,648	-c----w	C:\WINDOWS\ie7\ieaksie.dll
+ 2001-10-26 17:28:02	237,568	-c----w	C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-03 22:44:00	323,584	-c----w	C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-04-17 10:52:54	18,432	-c----w	C:\WINDOWS\ie7\iedw.exe
+ 2004-08-03 22:44:00	81,920	-c----w	C:\WINDOWS\ie7\ieencode.dll
+ 2008-04-21 07:03:51	251,392	-c----w	C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-03 22:44:00	48,640	-c----w	C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-03 22:44:00	63,488	-c----w	C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-03 22:44:22	93,184	-c----w	C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-03 22:44:00	35,840	-c----w	C:\WINDOWS\ie7\imgutil.dll
+ 2008-04-21 07:03:51	96,768	-c----w	C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:42:55	450,560	-c----w	C:\WINDOWS\ie7\jscript.dll
+ 2008-04-21 07:03:51	16,384	-c----w	C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-03 22:44:02	22,016	-c----w	C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-03 22:44:24	29,184	-c----w	C:\WINDOWS\ie7\mshta.exe
+ 2008-04-21 07:03:55	3,080,704	-c----w	C:\WINDOWS\ie7\mshtml.dll
+ 2008-04-21 07:03:56	449,024	-c----w	C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-03 22:42:58	57,344	-c----w	C:\WINDOWS\ie7\mshtmler.dll
+ 2001-10-26 17:26:58	146,432	-c----w	C:\WINDOWS\ie7\msls31.dll
+ 2008-04-21 07:03:56	146,432	-c----w	C:\WINDOWS\ie7\msrating.dll
+ 2008-04-21 07:03:56	532,480	-c----w	C:\WINDOWS\ie7\mstime.dll
+ 2004-08-03 22:44:08	97,280	-c----w	C:\WINDOWS\ie7\occache.dll
+ 2008-04-21 07:03:56	39,424	-c----w	C:\WINDOWS\ie7\pngfilt.dll
+ 2007-09-27 14:05:44	33,472	-c----w	C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-09-27 14:03:44	66,048	-c--a-w	C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 15:43:48	216,288	-c----w	C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 15:43:48	386,784	-c----w	C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-03 22:44:14	37,888	-c----w	C:\WINDOWS\ie7\url.dll
+ 2008-04-21 07:03:58	616,960	-c----w	C:\WINDOWS\ie7\urlmon.dll
+ 2007-12-18 14:42:55	417,792	-c----w	C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 13:57:29	851,968	-c----w	C:\WINDOWS\ie7\vgx.dll
+ 2004-08-03 22:44:14	279,552	-c----w	C:\WINDOWS\ie7\webcheck.dll
+ 2008-04-21 07:03:59	662,016	-c----w	C:\WINDOWS\ie7\wininet.dll
+ 2006-06-02 19:34:06	33,792	------w	C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50	557,568	------w	C:\WINDOWS\network diagnostic\xpnetdiag.exe
+ 2008-05-23 16:21:42	81,920	----a-w	C:\WINDOWS\system32\404Fix.exe
- 2004-08-03 22:43:52	61,440	----a-w	C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 16:39:20	71,680	----a-w	C:\WINDOWS\system32\admparse.dll
- 2004-08-03 22:43:52	100,864	----a-w	C:\WINDOWS\system32\advpack.dll
+ 2007-08-13 16:39:00	123,904	----a-w	C:\WINDOWS\system32\advpack.dll
+ 2008-06-02 15:55:02	10,752	----a-w	C:\WINDOWS\system32\BASSMOD.dll
- 2008-02-14 16:27:40	285,912	----a-w	C:\WINDOWS\system32\cfosspeed.dll
+ 2008-07-03 16:04:56	290,008	----a-w	C:\WINDOWS\system32\cfosspeed.dll
+ 2005-11-06 22:36:00	118,784	----a-w	C:\WINDOWS\system32\CLKERN.DLL
+ 2008-06-22 08:35:31	2,037,114	----a-w	C:\WINDOWS\system32\ComboFix.exe
+ 2008-06-20 13:56:24	262,144	---ha-w	C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat
- 2004-08-03 22:43:56	35,328	----a-w	C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 16:42:54	17,408	----a-w	C:\WINDOWS\system32\corpol.dll
- 2004-08-03 22:43:52	61,440	-c--a-w	C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 16:39:20	71,680	-c--a-w	C:\WINDOWS\system32\dllcache\admparse.dll
- 2004-08-03 22:43:52	100,864	-c--a-w	C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-13 16:39:00	123,904	-c--a-w	C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-03 21:14:16	138,496	-c--a-w	C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38	138,368	-c--a-w	C:\WINDOWS\system32\dllcache\afd.sys
- 2008-04-14 15:53:43	273,024	-c----w	C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-14 18:01:34	273,024	-c----w	C:\WINDOWS\system32\dllcache\bthport.sys
- 2004-08-03 22:43:56	35,328	-c--a-w	C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-08-13 16:42:54	17,408	-c--a-w	C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-08-03 22:43:56	28,672	-c--a-w	C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 16:54:10	33,792	-c--a-w	C:\WINDOWS\system32\dllcache\custsat.dll
- 2008-02-20 05:38:07	148,992	-c--a-w	C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:42:20	148,992	-c--a-w	C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2008-04-21 07:03:50	357,888	-c--a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 16:35:46	346,624	-c--a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-21 07:03:50	205,312	-c--a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-13 16:35:38	214,528	-c--a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-04-21 07:03:50	55,808	-c--a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 16:54:10	131,584	-c--a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-03 22:44:00	38,912	-c--a-w	C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 16:18:02	60,416	-c--a-w	C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2004-08-03 22:44:22	34,304	-c--a-w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-08-13 16:39:06	54,784	-c--a-w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2004-08-03 22:44:00	139,264	-c--a-w	C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-08-13 16:39:26	152,064	-c--a-w	C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2004-08-03 22:44:00	219,648	-c--a-w	C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-08-13 16:39:54	229,376	-c--a-w	C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2001-10-26 17:28:02	237,568	-c--a-w	C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-08-13 15:56:54	161,792	-c--a-w	C:\WINDOWS\system32\dllcache\ieakui.dll
- 2004-08-03 22:44:00	323,584	-c--a-w	C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39:50	382,976	-c--a-w	C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-17 10:52:54	18,432	-c--a-w	C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 16:44:02	69,120	-c--a-w	C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-03 22:44:00	81,920	-c--a-w	C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 16:45:18	78,336	-c--a-w	C:\WINDOWS\system32\dllcache\ieencode.dll
- 2008-04-21 07:03:51	251,392	-c--a-w	C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 16:54:10	191,488	-c--a-w	C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-03 22:44:00	48,640	-c--a-w	C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-13 16:39:10	43,008	-c--a-w	C:\WINDOWS\system32\dllcache\iernonce.dll
- 2004-08-03 22:44:00	63,488	-c--a-w	C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 16:39:12	55,296	-c--a-w	C:\WINDOWS\system32\dllcache\iesetup.dll
- 2004-08-03 22:44:22	93,184	-c--a-w	C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 16:43:56	622,080	-c--a-w	C:\WINDOWS\system32\dllcache\iexplore.exe
- 2004-08-03 22:44:00	35,840	-c--a-w	C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 16:36:06	36,352	-c--a-w	C:\WINDOWS\system32\dllcache\imgutil.dll
- 2008-04-21 07:03:51	96,768	-c--a-w	C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 16:39:02	92,672	-c--a-w	C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-12-18 14:42:55	450,560	-c--a-w	C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 16:38:04	491,520	-c--a-w	C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-04-21 07:03:51	16,384	-c--a-w	C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 16:54:10	27,136	-c--a-w	C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-03 22:44:02	22,016	-c--a-w	C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 16:44:18	40,960	-c--a-w	C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2004-08-03 22:44:24	29,184	-c--a-w	C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 16:32:30	45,568	-c--a-w	C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-04-21 07:03:55	3,080,704	-c--a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-13 16:54:12	3,578,368	-c--a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-21 07:03:56	449,024	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 16:54:10	475,648	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-03 22:42:58	57,344	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 16:01:12	48,128	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2001-10-26 17:26:58	146,432	-c--a-w	C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 16:54:10	156,160	-c--a-w	C:\WINDOWS\system32\dllcache\msls31.dll
- 2008-04-21 07:03:56	146,432	-c--a-w	C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-13 16:44:26	192,000	-c--a-w	C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-21 07:03:56	532,480	-c--a-w	C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-13 16:54:10	670,720	-c--a-w	C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-03 22:44:06	246,784	-c--a-w	C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:42:21	246,784	-c--a-w	C:\WINDOWS\system32\dllcache\mswsock.dll
- 2004-08-03 22:44:08	97,280	-c--a-w	C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-08-13 16:44:06	101,376	-c--a-w	C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-21 07:03:56	39,424	-c--a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 16:36:12	44,544	-c--a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-08-16 09:37:30	225,664	-c--a-w	C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06	225,920	-c--a-w	C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2004-08-03 22:44:14	37,888	-c--a-w	C:\WINDOWS\system32\dllcache\url.dll
+ 2007-08-13 16:44:30	105,984	-c--a-w	C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-21 07:03:58	616,960	-c--a-w	C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 16:54:10	1,162,240	-c--a-w	C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-18 14:42:55	417,792	-c--a-w	C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 16:54:10	413,696	-c--a-w	C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 13:57:29	851,968	-c--a-w	C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-13 16:54:10	765,952	-c--a-w	C:\WINDOWS\system32\dllcache\VGX.dll
- 2004-08-03 22:44:14	49,152	-c--a-w	C:\WINDOWS\system32\dllcache\wdigest.dll
+ 2006-03-24 04:39:55	49,152	-c--a-w	C:\WINDOWS\system32\dllcache\wdigest.dll
- 2004-08-03 22:44:14	279,552	-c--a-w	C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-08-13 16:54:10	231,424	-c--a-w	C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-21 07:03:59	662,016	-c--a-w	C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-13 16:54:10	818,688	-c--a-w	C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-20 05:38:07	148,992	----a-w	C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:42:20	148,992	----a-w	C:\WINDOWS\system32\dnsapi.dll
+ 2004-08-20 00:55:30	20,992	------w	C:\WINDOWS\system32\Dopalacz do winampa\dfx-new=Install_Winamp\bmdspdfxv7allmodulesupdated\bm-dfx7.exe
+ 2008-03-20 09:53:12	263,384	----a-r	C:\WINDOWS\system32\drivers\cfosbc.sys
+ 2008-06-16 12:32:27	85,969	----a-w	C:\WINDOWS\system32\drivers\gmer.sys
+ 2004-07-31 16:50:36	51,200	----a-w	C:\WINDOWS\system32\dumphive.exe
- 2008-04-21 07:03:50	357,888	----a-w	C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 16:35:46	346,624	----a-w	C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-21 07:03:50	205,312	----a-w	C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-13 16:35:38	214,528	----a-w	C:\WINDOWS\system32\dxtrans.dll
- 2008-04-21 07:03:50	55,808	----a-w	C:\WINDOWS\system32\extmgr.dll
+ 2007-08-13 16:54:10	131,584	----a-w	C:\WINDOWS\system32\extmgr.dll
+ 2007-08-13 16:36:26	61,952	------w	C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 06:05:44	26,112	------w	C:\WINDOWS\system32\idndl.dll
- 2004-08-03 22:44:22	34,304	----a-w	C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-13 16:39:06	54,784	----a-w	C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-03 22:44:00	139,264	----a-w	C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-13 16:39:26	152,064	----a-w	C:\WINDOWS\system32\ieakeng.dll
- 2004-08-03 22:44:00	219,648	----a-w	C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-13 16:39:54	229,376	----a-w	C:\WINDOWS\system32\ieaksie.dll
- 2001-10-26 17:28:02	237,568	----a-w	C:\WINDOWS\system32\ieakui.dll
+ 2007-08-13 15:56:54	161,792	----a-w	C:\WINDOWS\system32\ieakui.dll
+ 2007-02-12 14:10:12	2,451,312	------w	C:\WINDOWS\system32\ieapfltr.dat
+ 2007-07-11 10:27:48	383,488	------w	C:\WINDOWS\system32\ieapfltr.dll
+ 2008-07-02 11:33:45	82,432	----a-w	C:\WINDOWS\system32\IEDFix.C.exe
+ 2008-05-18 19:40:35	82,944	----a-w	C:\WINDOWS\system32\IEDFix.exe
- 2004-08-03 22:44:00	323,584	----a-w	C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-13 16:39:50	382,976	----a-w	C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-03 22:44:00	81,920	----a-w	C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 16:45:18	78,336	----a-w	C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 16:54:10	6,049,280	------w	C:\WINDOWS\system32\ieframe.dll
- 2008-04-21 07:03:51	251,392	----a-w	C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 16:54:10	191,488	----a-w	C:\WINDOWS\system32\iepeers.dll
- 2004-08-03 22:44:00	48,640	----a-w	C:\WINDOWS\system32\iernonce.dll
+ 2007-08-13 16:39:10	43,008	----a-w	C:\WINDOWS\system32\iernonce.dll
+ 2007-08-13 16:34:04	266,752	------w	C:\WINDOWS\system32\iertutil.dll
- 2004-08-03 22:44:00	63,488	----a-w	C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 16:39:12	55,296	----a-w	C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 16:39:10	13,312	----a-w	C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 16:54:10	180,736	------w	C:\WINDOWS\system32\ieui.dll
- 2004-08-03 22:44:00	35,840	----a-w	C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 16:36:06	36,352	----a-w	C:\WINDOWS\system32\imgutil.dll
- 2008-04-21 07:03:51	96,768	----a-w	C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 16:39:02	92,672	----a-w	C:\WINDOWS\system32\inseng.dll
- 2007-12-18 14:42:55	450,560	----a-w	C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 16:38:04	491,520	----a-w	C:\WINDOWS\system32\jscript.dll
- 2008-04-21 07:03:51	16,384	----a-w	C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-13 16:54:10	27,136	----a-w	C:\WINDOWS\system32\jsproxy.dll
- 2004-08-03 22:44:02	22,016	----a-w	C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 16:44:18	40,960	----a-w	C:\WINDOWS\system32\licmgr10.dll
- 2008-05-29 23:35:11	17,486,968	----a-w	C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46	17,972,344	----a-w	C:\WINDOWS\system32\MRT.exe
+ 2007-08-13 16:54:10	458,752	------w	C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-13 16:54:10	50,688	------w	C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 16:36:40	12,288	------w	C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-03 22:44:24	29,184	----a-w	C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 16:32:30	45,568	----a-w	C:\WINDOWS\system32\mshta.exe
- 2008-04-21 07:03:55	3,080,704	----a-w	C:\WINDOWS\system32\mshtml.dll
+ 2007-08-13 16:54:12	3,578,368	----a-w	C:\WINDOWS\system32\mshtml.dll
- 2008-04-21 07:03:56	449,024	----a-w	C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-13 16:54:10	475,648	----a-w	C:\WINDOWS\system32\mshtmled.dll
- 2004-08-03 22:42:58	57,344	----a-w	C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 16:01:12	48,128	----a-w	C:\WINDOWS\system32\mshtmler.dll
- 2001-10-26 17:26:58	146,432	----a-w	C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 16:54:10	156,160	----a-w	C:\WINDOWS\system32\msls31.dll
- 2008-04-21 07:03:56	146,432	----a-w	C:\WINDOWS\system32\msrating.dll
+ 2007-08-13 16:44:26	192,000	----a-w	C:\WINDOWS\system32\msrating.dll
- 2008-04-21 07:03:56	532,480	----a-w	C:\WINDOWS\system32\mstime.dll
+ 2007-08-13 16:54:10	670,720	----a-w	C:\WINDOWS\system32\mstime.dll
- 2004-08-03 22:44:06	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:42:21	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll
+ 2006-06-28 15:59:26	24,576	------w	C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 06:05:44	23,552	------w	C:\WINDOWS\system32\normaliz.dll
- 2004-08-03 22:44:08	97,280	----a-w	C:\WINDOWS\system32\occache.dll
+ 2007-08-13 16:44:06	101,376	----a-w	C:\WINDOWS\system32\occache.dll
- 2008-05-30 11:23:06	67,560	----a-w	C:\WINDOWS\system32\perfc009.dat
+ 2008-06-18 16:11:40	67,560	----a-w	C:\WINDOWS\system32\perfc009.dat
- 2008-05-30 11:23:06	83,988	----a-w	C:\WINDOWS\system32\perfc015.dat
+ 2008-06-18 16:11:40	83,988	----a-w	C:\WINDOWS\system32\perfc015.dat
- 2008-05-30 11:23:06	432,856	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 2008-06-18 16:11:40	432,856	----a-w	C:\WINDOWS\system32\perfh009.dat
- 2008-05-30 11:23:06	490,808	----a-w	C:\WINDOWS\system32\perfh015.dat
+ 2008-06-18 16:11:40	490,808	----a-w	C:\WINDOWS\system32\perfh015.dat
- 2008-04-21 07:03:56	39,424	----a-w	C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 16:36:12	44,544	----a-w	C:\WINDOWS\system32\pngfilt.dll
+ 2003-06-05 19:13:00	53,248	----a-w	C:\WINDOWS\system32\Process.exe
+ 2006-04-27 15:49:30	288,417	----a-w	C:\WINDOWS\system32\SrchSTS.exe
- 2003-12-08 10:53:58	5,606	----a-w	C:\WINDOWS\system32\stci.dll
+ 2003-12-08 09:53:58	5,606	----a-w	C:\WINDOWS\system32\stci.dll
- 2004-08-03 22:44:14	37,888	----a-w	C:\WINDOWS\system32\url.dll
+ 2007-08-13 16:44:30	105,984	----a-w	C:\WINDOWS\system32\url.dll
- 2008-04-21 07:03:58	616,960	----a-w	C:\WINDOWS\system32\urlmon.dll
+ 2007-08-13 16:54:10	1,162,240	----a-w	C:\WINDOWS\system32\urlmon.dll
+ 2008-05-29 07:35:36	86,528	----a-w	C:\WINDOWS\system32\VACFix.exe
- 2007-12-18 14:42:55	417,792	----a-w	C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 16:54:10	413,696	----a-w	C:\WINDOWS\system32\vbscript.dll
+ 2007-09-05 22:22:23	289,144	----a-w	C:\WINDOWS\system32\VCCLSID.exe
- 2004-08-03 22:44:14	49,152	----a-w	C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:39:55	49,152	----a-w	C:\WINDOWS\system32\wdigest.dll
- 2004-08-03 22:44:14	279,552	----a-w	C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 16:54:10	231,424	----a-w	C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 16:45:16	206,336	------w	C:\WINDOWS\system32\WinFXDocObj.exe
- 2008-04-21 07:03:59	662,016	----a-w	C:\WINDOWS\system32\wininet.dll
+ 2007-08-13 16:54:10	818,688	----a-w	C:\WINDOWS\system32\wininet.dll
+ 2007-10-03 22:36:46	25,600	----a-w	C:\WINDOWS\system32\WS2Fix.exe
+ 2006-07-14 15:51:51	121,856	------w	C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-06-16 10:22 867544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 16:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2007-04-17 15:28 7247408 C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 13:22 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 13:22 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
--a------ 2008-05-02 02:37 726776 c:\Program Files\PowerStrip\PStrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]
--a------ 2008-07-14 23:42 715726 C:\SDFix\RunThis.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-03-23 12:06 888832 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-06 19:09 1271032 D:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STManager]
--------- 2003-10-16 13:25 118784 C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 05:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 00:22 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\Program Files\\eMule\\plugin_eMule.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lfs2.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"=
"C:\\Program Files\\WinPcap\\rpcapd.exe"=
"C:\\Program Files\\cFosSpeed\\cfosspeed.exe"=
"C:\\Program Files\\cFosSpeed\\spd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6692:UDP"= 6692:UDP:emule UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:44]
R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 03:37]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1D.tmp []
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 10:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 10:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 10:42]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 11:38:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1D.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-24 11:40:28 - machine was rebooted [dawid]
ComboFix-quarantined-files.txt  2008-07-24 09:40:22
ComboFix2.txt  2008-05-25 09:53:51

Pre-Run: 26,684,727,296 bajtów wolnych
Post-Run: 26,691,420,160 bajt˘w wolnych

548	--- E O F ---	2008-06-19 18:52:57

SDFix

[b]SDFix: Version 1.205 [/b]
Run by dawid on 2008-07-24 at 12:03

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


								 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 12:10:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\eMule\\plugin_eMule.exe"="D:\\Program Files\\eMule\\plugin_eMule.exe:*:Enabled:eMule plugin host for BitComet"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"="C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe:*:Enabled:FreeCall"
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lfs2.exe"="C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lfs2.exe:*:Enabled:lfs2"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\WinPcap\\rpcapd.exe"="C:\\Program Files\\WinPcap\\rpcapd.exe:*:Enabled:rpcapd"
"C:\\Program Files\\cFosSpeed\\cfosspeed.exe"="C:\\Program Files\\cFosSpeed\\cfosspeed.exe:*:Enabled:cfosspeed"
"C:\\Program Files\\cFosSpeed\\spd.exe"="C:\\Program Files\\cFosSpeed\\spd.exe:*:Enabled:spd"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Mon  7 Jul 2008	 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon  7 Jul 2008	 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon  7 Jul 2008	 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu  6 Dec 2007			56 ..SHR --- "C:\WINDOWS\system32\6028A5D56E.sys"
Thu  6 Dec 2007		 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 17 Jun 2008		 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

[b]Finished![/b]

jeszce przeskanuje spybotem

0

Do góry

#2 ordynat

Zaawansowany użytkownik

804 postów

Napisano 24 07 2008 - 18:18

Widzę, że ComboFix już samoczynnie usunął tę infekcję.
Usuń jeszcze tylko tę szkodliwą usługę:
>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd>> zastosuj tę komendę (+"ENTER"):

SC DELETE XDva120

ordynat

0

Do góry

Wróć do Bezpieczeństwo (wirusy i trojany)

Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

[wirus]explorer exe i inne problemz Virus Trojan

#1 dawidEX

#2 ordynat

Użytkownicy przeglądający ten temat: 0

Zaloguj się