radkoman

Żadnych innych objawów już nie zauważyłem. Dzięki za pomoc! Jesteś wielki!

log:
ComboFix 08-06-05.3 - Administrator 2008-06-06 15:29:04.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.565 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UTEXNJQ5
-------\Service_utexnjq5


((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-05 08:20 . 2008-06-05 08:20 <DIR> d-------- C:\Program Files\CCleaner
2008-06-04 12:46 . 2008-06-04 12:46 7,168 --a------ C:\WINDOWS\system32\drivers\utexnjq5.sys
2008-06-03 12:59 . 2008-06-03 13:01 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-06-03 12:40 . 2008-06-03 12:40 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-03 08:15 . 2008-06-06 15:32 839,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-03 08:15 . 2008-06-06 15:32 10,892 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-03 07:51 . 2008-06-03 07:51 <DIR> d-------- C:\t
2008-05-28 08:11 . 2008-05-30 08:13 53,248 --a------ C:\WINDOWS\psexesvc.#xe
2008-05-27 13:03 . 2008-06-03 07:37 <DIR> d-------- C:\Program Files\Odkurzacz
2008-05-27 12:27 . 2008-05-30 11:09 <DIR> d-------- C:\Program Files\Kerio
2008-05-27 10:39 . 2008-05-27 10:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-26 11:26 . 2008-05-26 11:27 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-26 11:26 . 2008-05-26 11:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-26 11:05 . 2008-05-26 11:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-05-21 09:22 . 2008-05-21 09:33 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-20 15:06 . 2008-06-04 07:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-20 15:06 . 2008-05-20 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-05-20 15:06 . 2008-05-20 15:06 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com
2008-05-20 15:05 . 2008-05-20 15:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 14:42 . 2008-05-20 14:42 <DIR> d-------- C:\HaxFix
2008-05-20 14:42 . 2008-05-20 14:41 449,462 --a------ C:\HaxFix.exe
2008-05-20 14:23 . 2008-05-20 14:27 <DIR> d-------- C:\fixwareout
2008-05-20 13:59 . 2008-05-27 13:18 394 --a------ C:\WINDOWS\gmer.ini
2008-05-20 09:17 . 2008-05-20 09:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Search Settings
2008-05-20 09:17 . 2008-05-20 09:17 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-05-19 15:35 . 2008-05-19 15:35 <DIR> d-------- C:\WINDOWS\system32\pl
2008-05-19 15:35 . 2008-05-19 15:35 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-19 15:35 . 2008-04-14 22:51 32,866 --------- C:\WINDOWS\slrundll.exe
2008-05-19 15:29 . 2008-05-19 15:29 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-19 10:57 . 2008-05-27 13:17 100 --a------ C:\index.ini
2008-05-19 10:53 . 2008-05-19 15:10 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-05-16 14:48 . 2008-05-16 14:56 <DIR> d-------- C:\Program Files\SkanerOnline
2008-05-14 12:26 . 2008-05-14 12:26 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Mikrotik
2008-05-09 15:29 . 2008-05-09 15:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ForgottenRiddles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 12:23 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 1
2008-06-06 11:23 --------- d-----w C:\Program Files\Folder Lock
2008-06-06 08:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-06-05 08:21 --------- d-----w C:\Program Files\FlashGet
2008-06-05 06:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-03 05:51 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-03 05:51 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-03 05:51 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-03 05:51 --------- d-----w C:\Program Files\Symantec
2008-05-28 06:02 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Leadertech
2008-05-27 11:15 --------- d-----w C:\Program Files\XviD
2008-05-27 11:15 --------- d-----w C:\Program Files\SopCast
2008-05-27 11:15 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-05-27 11:15 --------- d-----w C:\Program Files\BitComet
2008-05-27 11:15 --------- d-----w C:\Program Files\AVIcodec
2008-05-27 11:15 --------- d-----w C:\Program Files\Altiris
2008-05-27 11:15 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\LimeWire
2008-05-27 10:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 10:15 --------- d-----w C:\Program Files\Winamp
2008-05-26 10:09 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-05-21 05:54 --------- d-----w C:\Program Files\HPQ
2008-05-21 05:54 --------- d-----w C:\Program Files\eac
2008-05-21 05:54 --------- d-----w C:\Program Files\DivX
2008-05-16 13:06 --------- d-----w C:\Program Files\DAEMON Tools
2008-04-23 11:53 --------- d-----w C:\Program Files\Lizardtech
2008-04-23 11:53 --------- d-----w C:\Program Files\Common Files\LizardTech Shared
2008-04-15 13:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:51 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
2008-04-14 20:51 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2008-04-14 20:51 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 20:51 285,696 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 20:51 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe
2008-04-14 20:51 171,520 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 20:51 149,504 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 20:51 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 20:51 1,035,264 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 20:49 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 20:49 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 20:49 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 20:49 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 20:49 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 20:49 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-06_10.06.37,70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 05:42:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 13:33:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-05-20 12:30:18 72,152 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-06 09:35:00 72,152 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-20 12:30:18 90,202 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-06-06 09:35:00 90,202 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-05-20 12:30:18 444,528 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-06 09:35:00 444,528 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-20 12:30:18 503,698 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-06-06 09:35:00 503,698 ----a-w C:\WINDOWS\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-11-14 11:12 1849032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 22:51 1695232]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 07:38 1506544]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 16:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 16:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 16:23 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 14:26 13924864 C:\WINDOWS\RTHDCPL.EXE]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-10-04 15:23 86016]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 20:01 525824]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-03-07 23:01 53096]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 12:22 517768]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-10-30 00:40 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 10:00]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:40]
R2 setup_7.0.0.180_18.05.2008_22-36;setup_7.0.0.180_18.05.2008_22-36;"C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe" -r []
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-09-07 09:07]
S2 BulkUsb;USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 00:15]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Administrator.job"

Dzięki. Trochę przeraziłem się czytając końcówkę n/t disk errorów. Oto log:

ComboFix 08-06-05.3 - Administrator 2008-06-06 10:02:46.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.210 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-05 08:20 . 2008-06-05 08:20 <DIR> d-------- C:\Program Files\CCleaner
2008-06-04 12:46 . 2008-06-04 12:46 7,168 --a------ C:\WINDOWS\system32\drivers\utexnjq5.sys
2008-06-03 12:59 . 2008-06-03 13:01 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-06-03 12:40 . 2008-06-03 12:40 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-03 08:15 . 2008-06-05 15:26 630,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-03 08:15 . 2008-06-05 15:26 7,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-03 07:51 . 2008-06-03 07:51 <DIR> d-------- C:\t
2008-05-28 08:11 . 2008-05-30 08:13 53,248 --a------ C:\WINDOWS\psexesvc.#xe
2008-05-27 13:03 . 2008-06-03 07:37 <DIR> d-------- C:\Program Files\Odkurzacz
2008-05-27 12:27 . 2008-05-30 11:09 <DIR> d-------- C:\Program Files\Kerio
2008-05-27 10:39 . 2008-05-27 10:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-26 11:26 . 2008-05-26 11:27 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-26 11:26 . 2008-05-26 11:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-26 11:05 . 2008-05-26 11:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-05-21 09:22 . 2008-05-21 09:33 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-20 15:06 . 2008-06-04 07:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-20 15:06 . 2008-05-20 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-05-20 15:06 . 2008-05-20 15:06 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com
2008-05-20 15:05 . 2008-05-20 15:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 14:42 . 2008-05-20 14:42 <DIR> d-------- C:\HaxFix
2008-05-20 14:42 . 2008-05-20 14:41 449,462 --a------ C:\HaxFix.exe
2008-05-20 14:23 . 2008-05-20 14:27 <DIR> d-------- C:\fixwareout
2008-05-20 13:59 . 2008-05-27 13:18 394 --a------ C:\WINDOWS\gmer.ini
2008-05-20 09:17 . 2008-05-20 09:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Search Settings
2008-05-20 09:17 . 2008-05-20 09:17 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-05-19 15:35 . 2008-05-19 15:35 <DIR> d-------- C:\WINDOWS\system32\pl
2008-05-19 15:35 . 2008-05-19 15:35 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-19 15:35 . 2008-04-14 22:51 32,866 --------- C:\WINDOWS\slrundll.exe
2008-05-19 15:29 . 2008-05-19 15:29 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-19 10:57 . 2008-05-27 13:17 100 --a------ C:\index.ini
2008-05-19 10:53 . 2008-05-19 15:10 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-05-16 14:48 . 2008-05-16 14:56 <DIR> d-------- C:\Program Files\SkanerOnline
2008-05-14 12:26 . 2008-05-14 12:26 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Mikrotik
2008-05-09 15:29 . 2008-05-09 15:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ForgottenRiddles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 05:43 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 1
2008-06-05 08:21 --------- d-----w C:\Program Files\FlashGet
2008-06-05 06:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-05 06:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-06-04 09:08 --------- d-----w C:\Program Files\Folder Lock
2008-06-03 05:51 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-03 05:51 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-03 05:51 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-03 05:51 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-03 05:51 --------- d-----w C:\Program Files\Symantec
2008-05-28 06:02 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Leadertech
2008-05-27 11:15 --------- d-----w C:\Program Files\XviD
2008-05-27 11:15 --------- d-----w C:\Program Files\SopCast
2008-05-27 11:15 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-05-27 11:15 --------- d-----w C:\Program Files\BitComet
2008-05-27 11:15 --------- d-----w C:\Program Files\AVIcodec
2008-05-27 11:15 --------- d-----w C:\Program Files\Altiris
2008-05-27 11:15 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\LimeWire
2008-05-27 10:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 10:15 --------- d-----w C:\Program Files\Winamp
2008-05-26 10:09 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-05-21 05:54 --------- d-----w C:\Program Files\HPQ
2008-05-21 05:54 --------- d-----w C:\Program Files\eac
2008-05-21 05:54 --------- d-----w C:\Program Files\DivX
2008-05-16 13:06 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-16 06:35 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-23 11:53 --------- d-----w C:\Program Files\Lizardtech
2008-04-23 11:53 --------- d-----w C:\Program Files\Common Files\LizardTech Shared
2008-04-15 13:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-11-14 11:12 1849032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 22:51 1695232]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 07:38 1506544]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 16:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 16:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 16:23 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 14:26 13924864 C:\WINDOWS\RTHDCPL.EXE]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-10-04 15:23 86016]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 20:01 525824]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-03-07 23:01 53096]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 12:22 517768]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-10-30 00:40 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-11-02 10:00]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:40]
R2 setup_7.0.0.180_18.05.2008_22-36;setup_7.0.0.180_18.05.2008_22-36;"C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe" -r []
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-09-07 09:07]
S2 BulkUsb;USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 00:15]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]
S3 utexnjq5;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\utexnjq5.sys [2008-06-04 12:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{256af7e6-e8ee-11dc-8230-001635aea896}]
\Shell\Auto\command - svrhost.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svrhost.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Administrator.job"
- C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exef/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 10:05:50
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


disk error: C:\WINDOWS\system32\drivers\
disk error: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\
disk error: C:\WINDOWS\system32\
disk error: C:\WINDOWS\TEMP\
disk error: C:\WINDOWS\
disk error: C:\WINDOWS\system32\wbem\
disk error: C:\Program Files\Common Files\
disk error: C:\Documents and Settings\Administrator\Dane aplikacji\
disk error: C:\
disk error: C:\Program Files\
disk error: C:\WINDOWS\Downloaded Program Files\
disk error: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\
disk error: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
disk error: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\
disk error: C:\WINDOWS\Fonts\

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2008-06-06 10:07:03
ComboFix-quarantined-files.txt 2008-06-06 08:06:56
ComboFix2.txt 2008-06-03 11:31:02

Pre-Run: 104,918,114,304 bajtów wolnych
Post-Run: 104,903,675,904 bajtów wolnych

248 --- E O F --- 2008-05-16 10:33:55

Zrobiłem wszystko, oprócz ostatniego zalecenia. Niestety, z podanej lokalizacji nie można ściągnąć combofixa.

najlepsze jest to, że tych plików nie ma w folderze system32 (pokazuje również pliki ukryte)...

Po wyszukaniu okazało się, że:

rejo.exe (nie wiem, czy to "ten" plik) siedzi w C:\Program Files\Common Files\Microsoft Shared\MSInfo

natomiast SYSTEM..EXE-154CB5FF.pf (również nie wiem, czy o to chodzi) na C:\WINDOWS\Prefetch

jestem na 99% przekonany, że Backdoor.Win32.Hupigon.axor i jemu podobne rozprzestrzeniły się u mnie poprzez pamięć przenośną - przy skanowaniu Kaspersky Virus Removal Tool zawsze pokazuje, że flaszka jest zainfekowana i nawet zabieg przy pomocy Flash_Disinfector nic nie pomaga...

EDIT>
Po ponownym przeskanowaniu KVRT flaszka jest już jednak czysta. Niestety, skasowany został plik svrhost.exe i chyba dla tego nie mogę otworzyć sticka dwuklikiem, a jedynie przez eksplorację. Czy przy okazji można by coś na to zaradzić?