Zrobiłem tak jak kazałeś z tym ,że używając HostsXpert nie miałem tej opcji do wyboru,zamiast tego delete'nołem wszystkie linie prócz localhost.
Log z Combofix:
ComboFix 08-08-29.02 - Administrator 2008-09-01 12:10:55.9 - NTFSx86 NETWORK
Running from: D:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Program Files\Messenger\msgmr.dll
D:\WINDOWS\AppPatch\AcSpecf.sdb
D:\WINDOWS\AppPatch\AcXtrnel.sdb
D:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
D:\WINDOWS\Fonts\Framdee.ttf
D:\WINDOWS\linkinfo.dll
D:\WINDOWS\sysocmgr.dll
D:\WINDOWS\system32\adsntzt.dll
D:\WINDOWS\system32\adsntzt.nls
D:\WINDOWS\system32\avicapwm.dll
D:\WINDOWS\system32\avicapwm.nls
D:\WINDOWS\system32\bootvidgj.dll
D:\WINDOWS\system32\bootvidgj.nls
D:\WINDOWS\system32\certmgrkd.dll
D:\WINDOWS\system32\certmgrkd.nls
D:\WINDOWS\system32\cliconfgzx.dll
D:\WINDOWS\system32\cliconfgzx.nls
D:\WINDOWS\system32\discard.ini
D:\WINDOWS\system32\dispexcb.dll
D:\WINDOWS\system32\dispexcb.nls
D:\WINDOWS\system32\dpvvoxmh.dll
D:\WINDOWS\system32\dpvvoxmh.nls
D:\WINDOWS\system32\drivers\HBKernel.sys
D:\WINDOWS\system32\drivers\nvmini.sys
D:\WINDOWS\system32\eskisl.dll
D:\WINDOWS\system32\explore.exe
D:\WINDOWS\system32\havser.ini
D:\WINDOWS\system32\HBmhly.dll
D:\WINDOWS\system32\imgutilhx2.dll
D:\WINDOWS\system32\imgutilhx2.nls
D:\WINDOWS\system32\kandaof.dll
D:\WINDOWS\system32\lensch.dll
D:\WINDOWS\system32\mshta.dll
D:\WINDOWS\system32\mstimewd.dll
D:\WINDOWS\system32\mstimewd.nls
D:\WINDOWS\system32\Nessery.sys
D:\WINDOWS\system32\ntvdm32.exe
D:\WINDOWS\system32\qxfel.dll
D:\WINDOWS\system32\qxfelk.exe
D:\WINDOWS\system32\rasdlgcq.dll
D:\WINDOWS\system32\rasdlgcq.nls
D:\WINDOWS\system32\scrruncqsj.dll
D:\WINDOWS\system32\scrruncqsj.nls
D:\WINDOWS\system32\sichost.exe
D:\WINDOWS\system32\slbiopfs2.dll
D:\WINDOWS\system32\slbiopfs2.nls
D:\WINDOWS\system32\sovlost.exe
D:\WINDOWS\system32\sufost.ini
D:\WINDOWS\system32\thermaltinc.dll
D:\WINDOWS\system32\tscfgwmijxsj.dll
D:\WINDOWS\system32\tscfgwmijxsj.nls
D:\WINDOWS\system32\Update.dat
D:\WINDOWS\system32\url1.exe
D:\WINDOWS\system32\wllame.dll
D:\WINDOWS\system32\zgtwfx.dll
D:\WINDOWS\temp\wmsetup.dll
D:\WINDOWS\Update.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HBKERNEL
-------\Legacy_KERNEL32
-------\Legacy_MFC42
-------\Legacy_NESSERY
-------\Legacy_NVMINI
-------\Service_HBKernel
-------\Service_kernel32
-------\Service_mfc42
-------\Service_Nessery
-------\Service_nvmini
-------\Service_RESSDT
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.
2008-09-01 09:40 . 2008-09-01 09:40 1,004,320 --a------ D:\WINDOWS\system32\dwikuquh.dll
2008-09-01 09:40 . 2008-09-01 09:40 288 --a------ D:\WINDOWS\system32\dwikuquh.nls
2008-09-01 08:23 . 2008-09-01 08:23 73,728 -rahs---- D:\WINDOWS\LOIK0SCH.exe
2008-09-01 08:23 . 2008-09-01 08:23 73,728 -r-hs---- D:\WINDOWS\GR1K5LHVCI.exe
2008-09-01 08:23 . 2008-09-01 08:23 28,672 --a------ D:\WINDOWS\DQDRTB.exe
2008-09-01 08:14 . 2008-09-01 08:14 61,440 -r-hs---- D:\WINDOWS\U58CLZC97.exe
2008-09-01 08:14 . 2008-09-01 08:14 61,440 -rahs---- D:\WINDOWS\778VT.exe
2008-09-01 08:14 . 2008-09-01 08:14 28,672 --a------ D:\WINDOWS\QFR75FN7.exe
2008-09-01 07:00 . 2008-09-01 07:00 61,440 --a------ D:\WINDOWS\27PA8F5HP8SL.exe
2008-09-01 06:59 . 2008-09-01 06:59 61,440 --a------ D:\WINDOWS\O5GZD.exe
2008-09-01 06:58 . 2008-09-01 06:58 61,440 -rahs---- D:\WINDOWS\LENOJ.exe
2008-09-01 06:58 . 2008-09-01 06:58 61,440 -r-hs---- D:\WINDOWS\156FYY2OO.exe
2008-09-01 06:58 . 2008-09-01 06:58 28,672 --a------ D:\WINDOWS\7L710W67U.exe
2008-08-31 18:08 . 2008-08-31 18:07 73,728 -rahs---- D:\WINDOWS\NS7MT.exe
2008-08-31 18:08 . 2008-08-31 18:08 73,728 --a------ D:\WINDOWS\L48YQRKYT.exe
2008-08-31 18:08 . 2008-08-31 18:08 28,672 --a------ D:\WINDOWS\3SSMRIPWV24.exe
2008-08-31 18:07 . 2008-08-31 18:07 73,728 -r-hs---- D:\WINDOWS\3A105M16OW.exe
2008-08-31 17:26 . 2008-08-31 17:25 73,728 -rahs---- D:\WINDOWS\K8QWY1FBH.exe
2008-08-31 17:26 . 2008-08-31 17:26 28,672 --a------ D:\WINDOWS\MJ9ZB.exe
2008-08-31 17:25 . 2008-08-31 17:25 73,728 -r-hs---- D:\WINDOWS\SSVQHMV3Q.exe
2008-08-31 15:26 . 2008-08-31 15:25 73,728 -rahs---- D:\WINDOWS\YMGIOK.exe
2008-08-31 15:26 . 2008-08-31 15:26 28,672 --a------ D:\WINDOWS\E3Y8BLT.exe
2008-08-31 15:25 . 2008-08-31 15:25 73,728 -r-hs---- D:\WINDOWS\7QSR2K0YXD.exe
2008-08-31 15:09 . 2008-08-31 15:08 73,728 -rahs---- D:\WINDOWS\4UOMDGR88H.exe
2008-08-31 15:09 . 2008-08-31 15:09 28,672 --a------ D:\WINDOWS\EVTCPQ2AIQQ2.exe
2008-08-31 15:08 . 2008-08-31 15:08 73,728 -r-hs---- D:\WINDOWS\A1EWHE1YQ1L5.exe
2008-08-31 14:58 . 2008-09-01 09:41 793,376 --a------ D:\WINDOWS\system32\xolehlpjh.dll
2008-08-31 14:58 . 2008-08-31 14:58 28,672 --a------ D:\WINDOWS\system32\cxpop.dll
2008-08-31 14:58 . 2008-08-31 14:58 288 --a------ D:\WINDOWS\system32\xolehlpjh.nls
2008-08-31 14:58 . 2008-08-31 14:58 288 --a------ D:\WINDOWS\system32\bitdldgo.nls
2008-08-31 14:57 . 2008-09-01 08:10 714,528 --a------ D:\WINDOWS\system32\inetresdxc.dll
2008-08-31 14:57 . 2008-08-31 14:57 288 --a------ D:\WINDOWS\system32\inetresdxc.nls
2008-08-31 14:56 . 2008-08-31 14:56 10,752 --a------ D:\WINDOWS\~Temp5359.tmp
2008-08-31 14:51 . 2008-08-31 14:51 61,440 -rahs---- D:\WINDOWS\DL1CRX.exe
2008-08-31 14:51 . 2008-08-31 14:51 28,672 --a------ D:\WINDOWS\8P8LQ3NB.exe
2008-08-31 14:31 . 2008-08-31 14:31 73,728 -r-hs---- D:\WINDOWS\UNCCA8.exe
2008-08-31 14:31 . 2008-08-31 14:31 73,728 -rahs---- D:\WINDOWS\5NUS2BO.exe
2008-08-31 14:31 . 2008-08-31 14:31 28,672 --a------ D:\WINDOWS\8XYDU.exe
2008-08-31 13:57 . 2008-08-31 13:57 <DIR> d-------- D:\Program Files\Spybot - Search & Destroy
2008-08-31 13:57 . 2008-08-31 14:26 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy
2008-08-31 13:15 . 2008-08-31 13:15 61,440 -r-hs---- D:\WINDOWS\QOI5OX.exe
2008-08-31 13:15 . 2008-08-31 13:15 61,440 -rahs---- D:\WINDOWS\AQY29LQX8.exe
2008-08-31 13:15 . 2008-08-31 13:15 28,672 --a------ D:\WINDOWS\BKD5U3R6BL.exe
2008-08-31 12:33 . 2008-08-31 12:33 73,728 -rahs---- D:\WINDOWS\S8NGB9LI3VUU.exe
2008-08-31 12:33 . 2008-08-31 12:33 28,672 --a------ D:\WINDOWS\3BABBV7PB.exe
2008-08-31 10:49 . 2008-08-31 11:39 37,129 --a------ D:\WINDOWS\system32\wincecomm.exe
2008-08-30 12:57 . 2008-08-31 15:00 <DIR> d-------- D:\!KillBox
2008-08-28 14:35 . 2008-08-28 14:34 14,943 --a------ D:\WINDOWS\system32\vistaXA.exe
2008-08-28 14:35 . 2008-08-28 14:34 14,943 --a------ D:\WINDOWS\system32\config\systemprofile\vistaXA.exe
2008-08-28 09:28 . 2008-08-28 09:28 23,552 ---hs---- D:\WINDOWS\system32\alga.exe
2008-08-26 22:43 . <DIR> D:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-08-26 22:43 . <DIR> D:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ulubione
2008-08-26 22:43 . <DIR> D:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Google
2008-08-23 18:07 . 2008-09-01 10:55 70,993 --a------ D:\WINDOWS\system32\zlzogu.rds
2008-08-23 13:45 . 2008-08-23 13:45 <DIR> d-------- D:\Program Files\3DO
2008-08-19 17:35 . 2008-08-19 17:35 13,054 --a------ D:\WINDOWS\tianlong.exe
2008-08-19 17:33 . 2008-08-19 17:33 923,424 --a------ D:\WINDOWS\system32\abqzzdos.dll
2008-08-19 17:33 . 2004-08-04 14:00 395,776 --a------ D:\WINDOWS\system32\tmpzydf0.exe
2008-08-19 17:33 . 2004-08-04 14:00 395,776 --a------ D:\WINDOWS\system32\tmplljydf1.exe
2008-08-19 17:33 . 2008-08-19 17:33 13,824 --a------ D:\WINDOWS\moyu.exe
2008-08-19 17:33 . 2008-08-19 17:33 288 --a------ D:\WINDOWS\system32\abqzzdos.nls
2008-08-19 17:13 . 2008-08-19 17:13 288 --a------ D:\WINDOWS\system32\rponvneb.nls
2008-08-19 17:12 . 2004-08-04 14:00 395,776 --a------ D:\WINDOWS\system32\tmpzydf1.exe
2008-08-19 15:15 . 2008-08-19 15:15 0 --a------ D:\Documents and Settings\MUZYKA.MUZYKA-CA405851\dhtnodes.dat
2008-08-19 14:56 . 2004-08-04 14:00 395,776 --a------ D:\WINDOWS\system32\tmplljydf3.exe
2008-08-19 14:56 . 2008-08-19 14:56 14,072 --a------ D:\WINDOWS\system32\mstmpxmlfun.xml
2008-08-19 14:56 . 2008-08-19 14:56 288 --a------ D:\WINDOWS\system32\ebeeyipj.nls
2008-08-19 10:28 . 2008-08-19 10:28 288 --a------ D:\WINDOWS\system32\dbtqyucx.nls
2008-08-19 10:27 . 2004-08-04 14:00 395,776 --a------ D:\WINDOWS\system32\tmpzydf2.exe
2008-08-19 08:36 . 2008-08-19 08:36 288 --a------ D:\WINDOWS\system32\apvofwfj.nls
2008-08-18 22:04 . 2008-08-18 22:04 288 --a------ D:\WINDOWS\system32\heavtjkn.nls
2008-08-18 19:06 . 2008-08-18 19:06 11,776 --a------ D:\WINDOWS\system32\follwelk.exe
2008-08-18 19:04 . 2008-08-18 19:04 288 --a------ D:\WINDOWS\system32\tbfdimbq.nls
2008-08-18 17:13 . 2008-08-18 17:13 288 --a------ D:\WINDOWS\system32\klozsfcy.nls
2008-08-18 09:22 . 2008-08-19 17:19 34,816 --a------ D:\WINDOWS\setup_102722.exe
2008-08-18 09:09 . 2008-08-18 09:09 288 --a------ D:\WINDOWS\system32\lghmavuu.nls
2008-08-18 09:07 . 2004-08-04 14:00 395,776 --a------ D:\WINDOWS\system32\tmpzydf3.exe
2008-08-18 09:00 . 2008-08-18 09:00 288 --a------ D:\WINDOWS\system32\jmgkxhqh.nls
2008-08-17 20:12 . 2008-08-17 20:12 288 --a------ D:\WINDOWS\system32\qfrnguvx.nls
2008-08-17 17:19 . 2008-08-17 17:18 36,352 --a------ D:\WINDOWS\system32\sovnost.exe
2008-08-17 17:19 . 2008-08-17 17:19 2,432 --a------ D:\WINDOWS\system32\Fessery.sys
2008-08-17 17:18 . 2008-08-17 17:18 20,480 --a------ D:\WINDOWS\system32\soulost.exe
2008-08-17 17:12 . 2008-08-17 17:12 288 --a------ D:\WINDOWS\system32\pnalmwps.nls
2008-08-17 14:19 . 2008-08-19 17:19 696,980 --a------ D:\WINDOWS\system32\twainyy.dll
2008-08-17 14:19 . 2008-08-19 17:18 28,672 --a------ D:\WINDOWS\system32\ringtte.dll
2008-08-17 14:13 . 2008-08-17 14:13 288 --a------ D:\WINDOWS\system32\ervurvsl.nls
2008-08-17 13:54 . 2008-08-17 13:54 148 --a------ D:\WINDOWS\system32\twainyy.nls
2008-08-17 13:38 . 2008-08-17 13:38 288 --a------ D:\WINDOWS\system32\znedvadj.nls
2008-08-16 19:59 . 2008-08-16 19:59 288 --a------ D:\WINDOWS\system32\hzyjyvbx.nls
2008-08-16 15:08 . 2008-08-16 15:08 <DIR> d-------- D:\Program Files\Funshion Online
2008-08-16 15:08 . 2008-08-16 15:09 <DIR> d-------- D:\Documents and Settings\MUZYKA.MUZYKA-CA405851\funshion
2008-08-16 15:08 . 2004-08-04 14:00 359,040 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.do
2008-08-16 15:08 . 2008-08-19 17:50 28 --a------ D:\WINDOWS\funshionplugin2.INI
2008-08-16 14:57 . 2008-08-16 14:57 288 --a------ D:\WINDOWS\system32\utozuonl.nls
2008-08-16 11:34 . 2008-08-16 11:34 288 --a------ D:\WINDOWS\system32\hlkbtqiw.nls
2008-08-16 08:39 . 2008-08-16 20:05 740,500 --a------ D:\WINDOWS\system32\kbdgrms(2).dll
2008-08-16 08:39 . 2008-08-16 20:05 577,452 --a------ D:\WINDOWS\system32\bootvidgj(2).dll
2008-08-16 08:38 . 2008-08-16 20:04 696,236 --a------ D:\WINDOWS\system32\slbiopfs2(2).dll
2008-08-16 08:37 . 2008-08-16 20:04 921,516 --a------ D:\WINDOWS\system32\comuidsg(2).dll
2008-08-16 08:37 . 2008-08-16 20:02 651,180 --a------ D:\WINDOWS\system32\tscfgwmijxsj(2).dll
2008-08-16 08:36 . 2008-08-16 20:01 955,820 --a------ D:\WINDOWS\system32\catsrvwl(2).dll
2008-08-16 08:36 . 2008-08-16 20:02 737,708 --a------ D:\WINDOWS\system32\dispexcb(2).dll
2008-08-16 08:36 . 2008-08-19 17:15 28,672 --a------ D:\WINDOWS\system32\follwel.dll
2008-08-16 08:35 . 2008-08-16 20:00 1,055,380 --a------ D:\WINDOWS\system32\dpvvoxmh(2).dll
2008-08-16 08:35 . 2008-08-16 20:01 841,504 --a------ D:\WINDOWS\system32\adsntzt(2).dll
2008-08-16 08:35 . 2008-08-16 20:01 664,492 --a------ D:\WINDOWS\system32\lweurqhx(2).dll
2008-08-16 08:35 . 2008-08-16 20:01 570,284 --a------ D:\WINDOWS\system32\msobjstl(2).dll
2008-08-16 08:34 . 2008-08-19 17:34 22,520 --a------ D:\WINDOWS\system32\xsbvgzd.exe
2008-08-16 08:34 . 2008-08-16 08:34 288 --a------ D:\WINDOWS\system32\xwccdqrm.nls
2008-08-16 08:34 . 2008-08-19 17:42 280 ---hs---- D:\WINDOWS\system32\xsbvgzd.cfg
2008-08-15 22:01 . 2008-08-19 17:42 44,544 --a------ D:\WINDOWS\system\dljj32a.dll
2008-08-15 21:14 . 2008-08-16 09:41 114 --a------ D:\WINDOWS\7THLEVEL.INI
2008-08-11 11:43 . 2008-08-11 11:44 <DIR> d-------- D:\Do Ostatniego Pocisku
2008-08-10 13:06 . 2008-08-10 13:08 <DIR> d-------- D:\First Game in Ogre
2008-08-08 16:26 . 2008-08-08 16:26 39,032 --a------ D:\WINDOWS\system32\ilu.dll
2008-08-08 16:26 . 2008-08-08 16:26 26,792 --a------ D:\WINDOWS\system32\ilut.dll
2008-08-07 19:54 . 2008-08-07 19:54 107,888 --a------ D:\WINDOWS\system32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 10:18 233,472 ----a-w D:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2008-09-01 10:18 233,472 ----a-w D:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2008-09-01 10:18 233,472 ----a-w D:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2008-09-01 10:18 233,472 ----a-w D:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2008-08-31 12:30 4,224 ----a-w D:\WINDOWS\system32\drivers\beep.sys
2008-08-16 15:04 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-08-08 15:47 --------- d-----w D:\Program Files\Sony
2008-08-08 15:46 --------- d-----w D:\Program Files\Sunny Ball
2008-08-08 15:45 --------- d-----w D:\Program Files\AGEIA Technologies
2008-08-08 08:50 --------- d-----w D:\Program Files\GameHouse
2008-07-28 14:00 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help
2008-07-28 13:51 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET 2003
2008-07-28 08:58 --------- d-----w D:\Program Files\Common Files\Merge Modules
2008-07-28 08:56 --------- d-----w D:\Program Files\Microsoft.NET
2008-07-26 14:58 --------- d-----w D:\Program Files\3D Exploration
2008-07-26 12:51 --------- d-----w D:\Program Files\directx
2008-07-25 22:05 --------- d-----w D:\Program Files\Edgard Multimedia
2008-07-25 20:59 --------- d-----w D:\Program Files\Edgard
2008-07-20 21:06 --------- d-----w D:\Program Files\Auralog
2008-07-17 11:37 --------- d-----w D:\Program Files\Audible
2008-07-09 18:49 --------- d-----w D:\Program Files\Canon
2008-07-09 18:47 --------- d-----w D:\Program Files\Common Files\ScanSoft Shared
2008-07-09 18:47 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-07-09 18:47 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ScanSoft
2008-07-09 18:47 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\InstallShield
2008-07-09 18:46 --------- d-----w D:\Program Files\ScanSoft
2008-07-09 18:42 --------- d-----w D:\Program Files\CanonBJ
2008-07-09 18:37 3,072 --sha-w D:\Program Files\Thumbs.db
2008-07-09 18:37 --------- d-----w D:\Program Files\Winamp Remote
2008-07-09 18:28 --------- d--h--w D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\CanonBJ
2008-07-02 15:39 --------- d-----w D:\Program Files\MP3 Player Utilities 4.09
2008-03-31 17:06 357 ----a-w D:\Documents and Settings\MUZYKA.MUZYKA-CA405851\.cb_layout.bin
2008-03-18 17:06 3,289 ----a-w D:\Documents and Settings\MUZYKA\ie_updates3r.exe
2008-03-18 16:54 357 ----a-w D:\Documents and Settings\MUZYKA\.cb_layout.bin
2004-08-04 12:00 6,144 --sha-w D:\WINDOWS\system32\ghjsw.dll
2004-08-17 18:00 75,264 --sh--w D:\WINDOWS\system32\NetNtEx.dll
2004-08-04 12:00 41,240 --sha-w D:\WINDOWS\system32\xsbvgzd(2).dll
2004-08-04 12:00 41,240 --sh--w D:\WINDOWS\system32\xsbvgzd.dll
2004-08-04 12:00 6,144 --sha-w D:\WINDOWS\system32\zxdtye.dll
.
------- Sigcheck -------
2004-08-04 14:00 108544 fb1d7f253003a07c0bf5fd79c9959bd1 D:\WINDOWS\system32\SERVICES.EXE
2004-08-04 14:00 108544 3da8d964d2cc12ef8e8c342471a37917 D:\WINDOWS\system32\dllcache\services.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-30_13.16.17.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00:00 15,576 ----a-w D:\WINDOWS\system32\aolkua.dll
- 2008-08-28 12:35:47 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 1982-08-31 08:09:08 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-28 12:35:47 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 1982-08-31 08:09:08 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-08-28 12:35:53 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 1982-08-31 08:09:08 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-30 10:44:28 4,224 -c--a-w D:\WINDOWS\system32\dllcache\beep.sys
+ 2008-08-31 12:30:29 4,224 -c--a-w D:\WINDOWS\system32\dllcache\beep.sys
- 2008-08-29 07:14:32 16,896 ----a-w D:\WINDOWS\system32\msisipv6.dll
+ 2008-08-31 09:58:35 16,896 ----a-w D:\WINDOWS\system32\msisipv6.dll
+ 2004-08-04 12:00:00 108,544 ----a-w D:\WINDOWS\system32\wins\mbgpgxnz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Gadu-Gadu"="C:\Gadu-Gadu\gg.exe" [2008-09-01 08:48 745472]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="D:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" [2006-12-23 17:43 10752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"AudioDeck"="D:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 19:28 540672]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"4czlpzi5fz"="%systemroot%\system32\4czlpzi5fz.dll" [BU]
"A[beeep]"="%systemroot%\system32\Di83x1.dll" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-23 01:16 171448]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}"= "D:\WINDOWS\system32\inetresdxc.dll" [2008-09-01 08:10 714528]
"{F0930A2F-D971-4828-8209-B7DFD266ED44}"= "D:\WINDOWS\system32\xolehlpjh.dll" [2008-09-01 09:41 793376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"inetresdxc.dll"= {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - D:\WINDOWS\system32\inetresdxc.dll [2008-09-01 08:10 714528]
"xolehlpjh.dll"= {F0930A2F-D971-4828-8209-B7DFD266ED44} - D:\WINDOWS\system32\xolehlpjh.dll [2008-09-01 09:41 793376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Gadu-Gadu\\gg.exe"=
"E:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Tzar\\Tzar.exe"=
"C:\\HydraIRC\\HydraIRC.exe"=
R0 lzdx0zp;lzdx0z;D:\WINDOWS\system32\DRIVERS\lzdx0zp.sys [2004-08-04 14:00]
R0 mejph;mejph;D:\WINDOWS\system32\drivers\mejph.sys [2004-08-04 14:00]
S2 alga;ci;D:\WINDOWS\system32\alga.exe [2008-08-28 09:28]
S2 BBDemon;Backbone Service;D:\Program Files\Dassault Systemes\B08\intel_a\code\bin\CATSysDemon.exe [2001-12-11 22:29]
S2 MsWin32Reggdit;DurrentControlSetione;C:\WINDOWS\system32\serev.exe []
S2 njlocn;njlocn;D:\WINDOWS\system32\SvCHOsT.eXE [2004-08-04 14:00]
S2 QQUpdate;QQ¸üĐ·ţÎń<img src='http://www.forum.tweaks.pl/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />:\WINDOWS\system32\QQUpdate.exe []
S2 service_svcname;service_display;D:\WINDOWS\system32\servciesa.exe []
S2 TopdeskDriver;Desktop Drivers;D:\WINDOWS\system32\explsore.exe []
S3 6E2S9MO7DHG4;MHYF73P6;D:\WINDOWS\7AEWSYF.txt [2008-08-31 14:53]
S3 fincfmmh;{C8C5F96A-1521-4854-97D0-F391F129AF68};E:\ophcrack\pwdump\imokav.exe []
S3 PZKW5D;BOV2LO;D:\WINDOWS\CF6T9CX7I0.txt [2008-08-31 13:15]
S3 TLG1VNGPV4;HCTEXI9II;D:\WINDOWS\VGJ3MGOFN.txt [2008-09-01 07:15]
S3 UK4KOW63Z;N16OEB72JLJ;D:\WINDOWS\79UO0JE47.txt [2008-08-31 18:20]
S4 360°˛Č«ÎŔĘżÉýĽ¶łĚĐň;360°˛Č«ÎŔĘżÉýĽ¶łĚĐň<img src='http://www.forum.tweaks.pl/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />:\WINDOWS\360.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
njlocn REG_MULTI_SZ njlocn
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{F0C9FBC2-6FA2-479d-B65D-F9D65C613ECC} - D:\WINDOWS\system32\rasdlgcq.dll
SSODL-rasdlgcq.dll-{F0C9FBC2-6FA2-479d-B65D-F9D65C613ECC} - D:\WINDOWS\system32\rasdlgcq.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\rvfq2k5n.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 12:19:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: D:\WINDOWS\explorer.exe
-> C:\TortoiseSVN\iconv\_tbl_simple.so
-> C:\TortoiseSVN\iconv\windows-1250.so
-> C:\TortoiseSVN\iconv\utf-8.so
.
------------------------ Other Running Processes ------------------------
.
C:\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2008-09-01 12:27:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 10:27:08
ComboFix2.txt 2008-08-30 11:16:53
ComboFix3.txt 2008-04-16 16:55:32
Pre-Run: 5,471,432,704 bajtów wolnych
Post-Run: 5,498,941,440 bajt˘w wolnych
387
Temat jest zamknięty
