Logi do sprawdzenia - glosnochodzacy procesor

[hakerek]

Witam, ostatnimi czasy strasznie glosno chodzi moj procesorek. Wpierw chcialbym sprawdzic czy to wina jakiegos syfu. A zatem daje logi z combofixa i hijacka. Wczesniej zastosowalem sie do tematu o optymalizacji windowsa + przeskanowalem nodem.

ComboFix

Kod: Zaznacz wszystko

ComboFix 09-03-03.01 - tomek 2009-03-04 20:29:53.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.683 [GMT 0:00]
Running from: C:\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\tomek\Application Data\inst.exe
c:\windows\system32\drivers\gaopdxxrlnsswq.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxqobwvbrx.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


(((((((((((((((((((((((((   Files Created from 2009-02-04 to 2009-03-04  )))))))))))))))))))))))))))))))
.

2009-03-04 19:50 . 2008-03-03 18:21   568   --ah-----   c:\windows\nod32fixtemdono.reg
2009-03-04 19:31 . 2009-03-04 19:47   2,933,386   -ra------   C:\ComboFix.exe
2009-03-04 19:29 . 2009-03-04 19:29   812,344   --a------   C:\HJTInstall.exe
2009-03-04 19:16 . 2009-03-04 19:53   <DIR>   d--------   c:\program files\Odkurzacz
2009-03-02 22:07 . 2009-03-02 22:07   0   --a------   c:\windows\nsreg.dat
2009-02-26 21:44 . 2009-02-26 21:44   <DIR>   d--------   c:\documents and settings\All Users\Application Data\ATI
2009-02-26 21:15 . 2009-02-26 21:15   <DIR>   d--------   C:\ATI
2009-02-26 21:15 . 2009-02-03 21:05   593,920   ---------   c:\windows\system32\ati2sgag.exe
2009-02-26 20:40 . 2009-02-26 20:40   10   --a------   c:\windows\WININIT.INI
2009-02-23 11:51 . 2009-02-23 12:40   <DIR>   d--------   c:\documents and settings\tomek\Application Data\Mount&Blade
2009-02-23 11:49 . 2009-02-23 11:59   <DIR>   d--------   c:\program files\Mount&Blade
2009-02-22 17:32 . 2009-02-22 17:33   <DIR>   d--------   c:\program files\Winamp
2009-02-22 17:32 . 2009-02-22 17:35   <DIR>   d--------   c:\documents and settings\tomek\Application Data\Winamp
2009-02-22 12:33 . 2009-03-04 19:33   <DIR>   d--------   c:\windows\Logs
2009-02-17 12:03 . 2006-05-20 16:16   1,184,984   --a------   c:\windows\system32\wvc1dmod.dll
2009-02-17 12:03 . 2006-05-11 19:21   626,688   --a------   c:\windows\system32\vp7vfw.dll
2009-02-17 12:03 . 2002-12-10 02:20   102,439   --a------   c:\windows\system32\sipr3260.dll
2009-02-17 12:03 . 2007-03-18 20:37   65,602   --a------   c:\windows\system32\cook3260.dll
2009-02-16 16:36 . 2009-02-16 16:36   <DIR>   d--------   c:\documents and settings\All Users\Application Data\vsosdk
2009-02-16 11:13 . 2009-02-26 08:57   <DIR>   d--------   c:\documents and settings\tomek\Application Data\Vso
2009-02-16 11:13 . 2006-09-29 11:24   217,127   --a------   c:\windows\system32\drv43260.dll
2009-02-16 11:13 . 2006-09-29 11:25   208,935   --a------   c:\windows\system32\drv33260.dll
2009-02-16 11:13 . 2006-09-29 11:26   176,165   --a------   c:\windows\system32\drv23260.dll
2009-02-16 11:13 . 2009-02-16 11:13   47,360   --a------   c:\windows\system32\drivers\pcouffin.sys
2009-02-16 11:13 . 2009-02-22 19:38   47,360   --a------   c:\documents and settings\tomek\Application Data\pcouffin.sys
2009-02-16 11:12 . 2009-02-22 19:38   <DIR>   d--------   c:\program files\VSO
2009-02-05 12:33 . 2009-03-04 19:17   <DIR>   d--------   c:\program files\ESET
2009-02-05 12:11 . 2009-02-05 12:11   <DIR>   d--------   c:\documents and settings\tomek\Application Data\ESET
2009-02-05 11:25 . 2009-02-05 11:32   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-04 05:57 . 2009-02-04 05:57   11,702,272   --a------   c:\windows\system32\atioglxx.dll
2009-02-04 04:44 . 2009-02-04 04:44   196,608   --a------   c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 . 2009-02-04 04:44   155,648   --a------   c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 . 2009-02-04 04:43   155,648   --a------   c:\windows\system32\ati2evxx.dll
2009-02-04 04:43 . 2009-02-04 04:43   43,520   --a------   c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 . 2009-02-04 04:43   26,112   --a------   c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:41 . 2009-02-04 04:41   602,112   --a------   c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 . 2009-02-04 04:40   53,248   --a------   c:\windows\system32\ATIDDC.DLL
2009-02-04 04:13 . 2009-02-04 04:13   121,808   --a------   c:\windows\system32\ativvaxx.cap
2009-02-04 03:58 . 2009-02-04 03:58   49,664   --a------   c:\windows\system32\amdpcom32.dll
2009-02-04 03:54 . 2009-02-04 03:54   471,040   --a------   c:\windows\system32\atikvmag.dll
2009-02-04 03:53 . 2009-02-04 03:53   122,880   --a------   c:\windows\system32\atiadlxx.dll
2009-02-04 03:52 . 2009-02-04 03:52   53,248   --a------   c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 . 2009-02-04 03:52   17,408   --a------   c:\windows\system32\atitvo32.dll
2009-02-04 03:44 . 2009-02-04 03:44   307,200   --a------   c:\windows\system32\atiiiexx.dll
2009-02-04 02:43 . 2009-02-04 02:43   45,056   --a------   c:\windows\system32\aticalrt.dll
2009-02-04 02:42 . 2009-02-04 02:42   45,056   --a------   c:\windows\system32\aticalcl.dll
2009-02-04 02:40 . 2009-02-04 02:40   3,244,032   --a------   c:\windows\system32\aticaldd.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 19:33   ---------   d-----w   c:\program files\QuickTime
2009-03-04 19:33   ---------   d-----w   c:\program files\Konnekt
2009-03-04 19:33   ---------   d-----w   c:\documents and settings\tomek\Application Data\uTorrent
2009-03-02 22:58   ---------   d-----w   c:\program files\Common Files\Adobe
2009-03-02 22:55   ---------   d-----w   c:\program files\DivX
2009-02-26 21:44   ---------   d-----w   c:\documents and settings\tomek\Application Data\ATI
2009-02-26 21:41   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-26 21:41   ---------   d-----w   c:\program files\ATI Technologies
2009-02-23 12:02   ---------   d-----w   c:\program files\SystemRequirementsLab
2009-02-05 13:52   ---------   d-----w   c:\program files\Morrowind
2009-02-05 12:10   ---------   d-----w   c:\documents and settings\All Users\Application Data\ESET
2009-02-04 07:27   3,488,768   ----a-w   c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 05:03   290,816   ----a-w   c:\windows\system32\atiok3x2.dll
2009-02-04 04:56   442,368   ----a-w   c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55   324,096   ----a-w   c:\windows\system32\ati2dvag.dll
2009-02-04 04:30   3,884,768   ----a-w   c:\windows\system32\ati3duag.dll
2009-02-04 04:14   2,645,504   ----a-w   c:\windows\system32\ativvaxx.dll
2009-02-04 03:46   626,688   ----a-w   c:\windows\system32\ati2cqag.dll
2009-01-30 18:43   23,384   ----a-w   c:\documents and settings\tomek\Application Data\GDIPFONTCACHEV1.DAT
2009-01-30 10:33   ---------   d-----w   c:\program files\UltraISO
2009-01-30 10:33   ---------   d-----w   c:\program files\Common Files\EZB Systems
2009-01-28 22:09   2,560   ----a-w   c:\windows\_MSRSTRT.EXE
2009-01-16 21:54   ---------   d-----w   c:\documents and settings\tomek\Application Data\Hamachi
2009-01-16 19:21   ---------   d-----w   c:\program files\Hamachi
2009-01-16 19:20   25,280   ----a-w   c:\windows\system32\drivers\hamachi.sys
2009-01-16 19:15   ---------   d-----w   c:\program files\Ubisoft
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 c:\windows\RTHDCPL.EXE]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 12:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
--a------ 2005-05-24 21:41 503808 c:\program files\Konnekt\konnekt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 17:01 277296 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-08-16 16:01 264704 c:\program files\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2009-02-03 22:21 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-10-13 17:04 707376 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-12 16:45 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-12-01 11:46 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 17:04 2879488 c:\windows\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic III - Zlota Edycja\\Heroes3.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-10 3584]
S3 gel90xne;gel90xne;\??\c:\docume~1\tomek\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\tomek\LOCALS~1\Temp\gel90xne.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de83cad6-955f-11dd-9898-00121780dcf4}]
\Shell\AutoRun\command - J:\index.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\REset3H.job
- c:\windows\system32\REset3.exe [2008-09-22 02:12]

2009-03-04 c:\windows\Tasks\REset3S.job
- c:\windows\System32\reg.exe [2008-04-14 00:12]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 20:32:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-04 20:33:44
ComboFix-quarantined-files.txt  2009-03-04 20:33:41

Pre-Run: 209,246,834,688 bytes free
Post-Run: 209,235,152,896 bytes free

191   --- E O F ---   2009-01-13 22:09:46

HJ

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:50, on 2009-03-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Usluga iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 4131 bytes

Dzieki za pomoc

[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\windows\Tasks\REset3H.job
c:\windows\Tasks\REset3S.job
c:\docume~1\tomek\LOCALS~1\Temp\gel90xne.sys

Driver::
gel90xne

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[hakerek]

Zrobione. Nowy log:

Kod: Zaznacz wszystko

ComboFix 09-03-03.01 - Administrator 2009-03-05 21:58:03.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.852 [GMT 0:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\docume~1\tomek\LOCALS~1\Temp\gel90xne.sys
c:\windows\Tasks\REset3H.job
c:\windows\Tasks\REset3S.job
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\REset3H.job
c:\windows\Tasks\REset3S.job

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GEL90XNE
-------\Service_gel90xne


(((((((((((((((((((((((((   Files Created from 2009-02-05 to 2009-03-05  )))))))))))))))))))))))))))))))
.

2009-03-05 21:53 . 2009-03-05 21:54   <DIR>   d--------   c:\documents and settings\Administrator
2009-03-05 17:49 . 2009-03-05 21:54   <DIR>   d--------   c:\program files\ATI Technologies
2009-03-05 12:39 . 2008-09-08 21:34   425,984   ---------   c:\windows\system32\ATIDEMGX.dll
2009-03-05 12:39 . 2008-09-08 20:28   53,248   --a------   c:\windows\system32\drivers\ati2erec.dll
2009-03-05 12:39 . 2008-09-08 20:35   48,640   --a------   c:\windows\system32\amdpcom32.dll
2009-03-05 12:39 . 2008-09-08 20:29   37,376   ---------   c:\windows\system32\atiadlxx.dll
2009-03-05 12:39 . 2008-07-15 14:28   14,144   -ra------   c:\windows\atiogl.xml
2009-03-05 12:30 . 2009-03-05 21:56   <DIR>   d--------   c:\program files\Driver Cleaner
2009-03-05 11:55 . 2009-03-05 11:55   <DIR>   d--------   c:\program files\Common Files\ATI Technologies
2009-03-04 19:50 . 2008-03-03 18:21   568   --ah-----   c:\windows\nod32fixtemdono.reg
2009-03-04 19:31 . 2009-03-04 19:47   2,933,386   -ra------   C:\ComboFix.exe
2009-03-04 19:29 . 2009-03-04 19:29   812,344   --a------   C:\HJTInstall.exe
2009-03-04 19:16 . 2009-03-04 19:53   <DIR>   d--------   c:\program files\Odkurzacz
2009-03-02 22:07 . 2009-03-02 22:07   0   --a------   c:\windows\nsreg.dat
2009-02-26 20:40 . 2009-03-05 21:49   10   --a------   c:\windows\WININIT.INI
2009-02-23 11:51 . 2009-02-23 12:40   <DIR>   d--------   c:\documents and settings\tomek\Application Data\Mount&Blade
2009-02-23 11:49 . 2009-02-23 11:59   <DIR>   d--------   c:\program files\Mount&Blade
2009-02-22 17:32 . 2009-02-22 17:33   <DIR>   d--------   c:\program files\Winamp
2009-02-22 17:32 . 2009-02-22 17:35   <DIR>   d--------   c:\documents and settings\tomek\Application Data\Winamp
2009-02-22 12:33 . 2009-03-04 19:33   <DIR>   d--------   c:\windows\Logs
2009-02-17 12:03 . 2006-05-20 16:16   1,184,984   --a------   c:\windows\system32\wvc1dmod.dll
2009-02-17 12:03 . 2006-05-11 19:21   626,688   --a------   c:\windows\system32\vp7vfw.dll
2009-02-17 12:03 . 2002-12-10 02:20   102,439   --a------   c:\windows\system32\sipr3260.dll
2009-02-17 12:03 . 2007-03-18 20:37   65,602   --a------   c:\windows\system32\cook3260.dll
2009-02-16 16:36 . 2009-02-16 16:36   <DIR>   d--------   c:\documents and settings\All Users\Application Data\vsosdk
2009-02-16 11:13 . 2009-03-05 11:11   <DIR>   d--------   c:\documents and settings\tomek\Application Data\Vso
2009-02-16 11:13 . 2006-09-29 11:24   217,127   --a------   c:\windows\system32\drv43260.dll
2009-02-16 11:13 . 2006-09-29 11:25   208,935   --a------   c:\windows\system32\drv33260.dll
2009-02-16 11:13 . 2006-09-29 11:26   176,165   --a------   c:\windows\system32\drv23260.dll
2009-02-16 11:13 . 2009-02-16 11:13   47,360   --a------   c:\windows\system32\drivers\pcouffin.sys
2009-02-16 11:13 . 2009-02-22 19:38   47,360   --a------   c:\documents and settings\tomek\Application Data\pcouffin.sys
2009-02-16 11:12 . 2009-02-22 19:38   <DIR>   d--------   c:\program files\VSO
2009-02-05 12:33 . 2009-03-04 19:17   <DIR>   d--------   c:\program files\ESET
2009-02-05 12:11 . 2009-02-05 12:11   <DIR>   d--------   c:\documents and settings\tomek\Application Data\ESET
2009-02-05 11:25 . 2009-02-05 11:32   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 21:54   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-04 19:33   ---------   d-----w   c:\program files\QuickTime
2009-03-04 19:33   ---------   d-----w   c:\program files\Konnekt
2009-03-04 19:33   ---------   d-----w   c:\documents and settings\tomek\Application Data\uTorrent
2009-03-02 22:58   ---------   d-----w   c:\program files\Common Files\Adobe
2009-03-02 22:55   ---------   d-----w   c:\program files\DivX
2009-02-26 21:44   ---------   d-----w   c:\documents and settings\tomek\Application Data\ATI
2009-02-23 12:02   ---------   d-----w   c:\program files\SystemRequirementsLab
2009-02-05 13:52   ---------   d-----w   c:\program files\Morrowind
2009-02-05 12:10   ---------   d-----w   c:\documents and settings\All Users\Application Data\ESET
2009-01-30 18:43   23,384   ----a-w   c:\documents and settings\tomek\Application Data\GDIPFONTCACHEV1.DAT
2009-01-30 10:33   ---------   d-----w   c:\program files\UltraISO
2009-01-30 10:33   ---------   d-----w   c:\program files\Common Files\EZB Systems
2009-01-28 22:09   2,560   ----a-w   c:\windows\_MSRSTRT.EXE
2009-01-16 21:54   ---------   d-----w   c:\documents and settings\tomek\Application Data\Hamachi
2009-01-16 19:21   ---------   d-----w   c:\program files\Hamachi
2009-01-16 19:20   25,280   ----a-w   c:\windows\system32\drivers\hamachi.sys
2009-01-16 19:15   ---------   d-----w   c:\program files\Ubisoft
.

(((((((((((((((((((((((((((((   SnapShot@2009-03-04_20.32.41.82   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-26 21:42:00   143,360   ----a-w   c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\[u]0[/u].84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
+ 2009-03-05 17:53:15   143,360   ----a-w   c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\[u]0[/u].84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
+ 2009-03-05 17:53:23   16,384   ------w   c:\windows\assembly\temp\[u]0[/u]7H358WYFB\AEM.Plugin.GD.Shared.DLL
+ 2009-03-05 17:53:13   1,028,096   ------w   c:\windows\assembly\temp\2MFPSHY1PZ\CLI.Component.Dashboard.DLL
+ 2009-03-05 17:53:23   16,384   ------w   c:\windows\assembly\temp\4BXEAZGJ8O\AEM.Plugin.DPPE.Shared.DLL
+ 2009-03-05 17:53:22   57,344   ------w   c:\windows\assembly\temp\4I4K7VB72I\CLI.Foundation.DLL
+ 2009-03-05 17:53:14   397,312   ------w   c:\windows\assembly\temp\569XC1HD2P\CLI.Component.Wizard.DLL
+ 2009-03-05 17:53:14   65,536   ------w   c:\windows\assembly\temp\6CC8WDG5LH\CLI.Component.Runtime.DLL
+ 2009-03-05 17:53:22   16,384   ------w   c:\windows\assembly\temp\6L7836GWK1\CLI.Component.Runtime.Shared.DLL
+ 2009-03-05 17:53:14   61,440   ------w   c:\windows\assembly\temp\6ZS24Z8HJT\LOG.Foundation.Implementation.DLL
+ 2009-03-05 17:53:15   13,312   ------w   c:\windows\assembly\temp\8IBEHYUJ02\Interop.WBOCXLib.DLL
+ 2009-03-05 17:53:22   16,384   ------w   c:\windows\assembly\temp\8IILVRUJ02\DEM.OS.DLL
+ 2009-03-05 17:53:14   24,576   ------w   c:\windows\assembly\temp\8ZS9I7UXTA\CLI.Component.Wizard.Shared.Private.DLL
+ 2009-03-05 17:53:21   16,384   ------w   c:\windows\assembly\temp\9XJ09X6F3J\AEM.Server.Shared.DLL
+ 2009-03-05 17:53:13   28,672   ------w   c:\windows\assembly\temp\A5GC1HWL24\CCC.Implementation.DLL
+ 2009-03-05 17:53:21   24,576   ------w   c:\windows\assembly\temp\A7Z9ICMPEV\ACE.Graphics.DisplaysManager.Shared.DLL
+ 2009-03-05 17:53:22   45,056   ------w   c:\windows\assembly\temp\AQMP7EV5TM\DEM.Graphics.I0601.DLL
+ 2009-03-05 17:53:22   28,672   ------w   c:\windows\assembly\temp\BHKNCMPEOR\CLI.Foundation.XManifest.DLL
+ 2009-03-05 17:53:15   45,056   ------w   c:\windows\assembly\temp\CEVRGX0TA6\AEM.Plugin.Source.Kit.Server.DLL
+ 2009-03-05 17:53:14   53,248   ------w   c:\windows\assembly\temp\CGQMB7LAKN\CLI.Component.SkinFactory.DLL
+ 2009-03-05 17:53:22   20,480   ------w   c:\windows\assembly\temp\CLARNCTPEV\DEM.OS.I0602.DLL
+ 2009-03-05 17:53:13   69,632   ------w   c:\windows\assembly\temp\CN4I7N2Q68\ATIDEMOS.DLL
+ 2009-03-05 17:53:15   14,848   ------w   c:\windows\assembly\temp\CPLAKNCTWL\AxInterop.WBOCXLib.DLL
+ 2009-03-05 17:53:13   40,960   ------w   c:\windows\assembly\temp\CPLVYNX00G\CLI.Component.Client.Shared.Private.DLL
+ 2009-03-05 17:53:22   20,480   ------w   c:\windows\assembly\temp\EFBLODUQFW\CLI.Component.Client.Shared.DLL
+ 2009-03-05 17:53:13   32,768   ------w   c:\windows\assembly\temp\EFILAKNCMP\ATICCCom.DLL
+ 2009-03-05 17:53:14   475,136   ------w   c:\windows\assembly\temp\ERFWS91AWE\CLI.Component.Systemtray.DLL
+ 2009-03-05 17:53:14   32,768   ------w   c:\windows\assembly\temp\ERNX70GVDN\LOG.Foundation.Private.DLL
+ 2009-03-05 17:53:22   32,768   ------w   c:\windows\assembly\temp\F3GCTWL247\LOG.Foundation.DLL
+ 2009-03-05 17:53:24   20,480   ------w   c:\windows\assembly\temp\G9FXMHKGX0\AEM.Plugin.Hotkeys.Shared.DLL
+ 2009-03-05 17:53:22   16,384   ------w   c:\windows\assembly\temp\HX079CJLAK\MOM.Foundation.DLL
+ 2009-03-05 17:53:14   20,480   ------w   c:\windows\assembly\temp\IS9GJF4503\CLI.Component.Dashboard.Shared.Private.DLL
+ 2009-03-05 17:53:22   53,248   ------w   c:\windows\assembly\temp\KRUXM3AZGC\CLI.Caste.Graphics.Shared.DLL
+ 2009-03-05 17:53:14   40,960   ------w   c:\windows\assembly\temp\M7S9BCMPEO\CLI.Foundation.Private.DLL
+ 2009-03-05 17:53:14   20,480   ------w   c:\windows\assembly\temp\O5X7GARNCT\LOG.Foundation.Implementation.Private.DLL
+ 2009-03-05 17:53:24   20,480   ------w   c:\windows\assembly\temp\O98ABLODNJ\AEM.Actions.CCAA.Shared.DLL
+ 2009-03-05 17:53:24   16,384   ------w   c:\windows\assembly\temp\S54D7NPEOR\AEM.Plugin.WinMessages.Shared.DLL
+ 2009-03-05 17:53:22   28,672   ------w   c:\windows\assembly\temp\TTHKGX00NV\NEWAEM.Foundation.DLL
+ 2009-03-05 17:53:22   16,384   ------w   c:\windows\assembly\temp\WC1MPEORGX\DEM.Graphics.DLL
+ 2009-03-05 17:53:15   11,264   ------w   c:\windows\assembly\temp\WDGCF4A6UG\LOCALIZATION.Foundation.Implementation.DLL
+ 2009-03-05 17:53:48   266,240   ------w   c:\windows\assembly\temp\WRUXM3H672\CLI.Caste.Graphics.Runtime.DLL
+ 2009-03-05 17:53:15   16,384   ------w   c:\windows\assembly\temp\WWL2GRUC1H\LOCALIZATION.Foundation.Private.DLL
+ 2009-03-05 17:53:15   106,496   ------w   c:\windows\assembly\temp\X91HB7G5LO\MOM.Implementation.DLL
+ 2009-03-05 17:53:14   45,056   ------w   c:\windows\assembly\temp\YF4PSHY1WB\CLI.Component.Runtime.Shared.Private.DLL
+ 2009-03-05 17:53:13   45,056   ------w   c:\windows\assembly\temp\YFBLODNQFP\AEM.Server.DLL
+ 2009-03-05 17:53:22   20,480   ------w   c:\windows\assembly\temp\YR8MBLH6M1\CLI.Component.Wizard.Shared.DLL
+ 2009-03-05 17:53:22   20,480   ------w   c:\windows\assembly\temp\YRUXMWZOY1\CLI.Component.Dashboard.Shared.DLL
+ 2009-03-05 17:53:22   16,384   ------w   c:\windows\assembly\temp\YTP6D2IXM3\DEM.Foundation.DLL
+ 2005-10-20 20:02:28   163,328   ----a-w   c:\windows\erdnt\subs\ERDNT.EXE
+ 2009-03-05 17:53:10   9,158   ----a-r   c:\windows\Installer\{82301DDC-A884-AD16-0FE2-1B7A31FE2880}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
- 2009-02-04 04:43:29   155,648   ----a-w   c:\windows\system32\ati2evxx.dll
+ 2008-09-08 21:22:12   143,360   ------w   c:\windows\system32\ati2evxx.dll
- 2009-02-04 03:46:18   626,688   -c--a-w   c:\windows\system32\dllcache\ati2cqag.dll
+ 2008-09-08 20:22:46   561,152   -c--a-w   c:\windows\system32\dllcache\ati2cqag.dll
- 2009-02-04 04:55:01   324,096   -c--a-w   c:\windows\system32\dllcache\ati2dvag.dll
+ 2008-09-08 21:33:16   314,880   -c--a-w   c:\windows\system32\dllcache\ati2dvag.dll
+ 2004-08-03 22:29:28   327,040   -c--a-w   c:\windows\system32\dllcache\ati2mtaa.sys
- 2009-02-04 07:27:21   3,488,768   -c--a-w   c:\windows\system32\dllcache\ati2mtag.sys
+ 2008-09-08 22:10:48   3,300,864   -c--a-w   c:\windows\system32\dllcache\ati2mtag.sys
- 2009-02-04 04:30:55   3,884,768   -c--a-w   c:\windows\system32\dllcache\ati3duag.dll
+ 2008-09-08 21:09:36   3,928,096   -c--a-w   c:\windows\system32\dllcache\ati3duag.dll
+ 2004-08-03 22:29:28   57,856   -c--a-w   c:\windows\system32\dllcache\atinbtxx.sys
+ 2004-08-03 22:29:30   13,824   -c--a-w   c:\windows\system32\dllcache\atinmdxx.sys
+ 2004-08-03 22:29:30   14,336   -c--a-w   c:\windows\system32\dllcache\atinpdxx.sys
+ 2004-08-03 22:29:30   52,224   -c--a-w   c:\windows\system32\dllcache\atinraxx.sys
+ 2004-08-03 22:29:32   104,960   -c--a-w   c:\windows\system32\dllcache\atinrvxx.sys
+ 2004-08-03 22:29:32   28,672   -c--a-w   c:\windows\system32\dllcache\atinsnxx.sys
+ 2004-08-03 22:29:32   13,824   -c--a-w   c:\windows\system32\dllcache\atinttxx.sys
+ 2004-08-03 22:29:32   73,216   -c--a-w   c:\windows\system32\dllcache\atintuxx.sys
+ 2004-08-03 22:29:32   31,744   -c--a-w   c:\windows\system32\dllcache\atinxbxx.sys
+ 2004-08-03 22:29:32   63,488   -c--a-w   c:\windows\system32\dllcache\atinxsxx.sys
- 2009-02-04 04:14:05   2,645,504   -c--a-w   c:\windows\system32\dllcache\ativvaxx.dll
+ 2008-09-08 20:51:38   2,378,624   -c--a-w   c:\windows\system32\dllcache\ativvaxx.dll
+ 2008-06-17 19:02:19   8,461,312   -c----w   c:\windows\system32\dllcache\shell32.dll
- 2009-01-10 01:35:28   20,853,704   ----a-w   c:\windows\system32\MRT.exe
+ 2009-02-12 04:56:17   21,244,872   ----a-w   c:\windows\system32\MRT.exe
- 2008-04-14 00:12:05   8,461,312   ----a-w   c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19   8,461,312   ----a-w   c:\windows\system32\shell32.dll
- 2007-11-30 12:39:22   17,272   ------w   c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24   17,272   ------w   c:\windows\system32\spmsg.dll
+ 2000-07-14 22:00:00   101,888   ----a-w   c:\windows\system32\VB6STKIT.DLL
+ 2005-09-22 23:49:12   95,744   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2005-09-23 01:16:02   1,093,632   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2005-09-23 01:16:06   1,079,808   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-23 01:16:08   69,632   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2005-09-23 01:16:10   57,344   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-23 00:58:06   40,960   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2005-09-23 00:58:06   45,056   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2005-09-23 00:58:06   65,536   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2005-09-23 00:58:06   57,344   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2005-09-23 00:58:06   61,440   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2005-09-23 00:58:06   61,440   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2005-09-23 00:58:06   61,440   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2005-09-23 00:58:06   49,152   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2005-09-23 00:58:06   49,152   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2005-09-23 01:35:10   65,536   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 c:\windows\RTHDCPL.EXE]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 12:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
--a------ 2005-05-24 21:41 503808 c:\program files\Konnekt\konnekt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 17:01 277296 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-08-16 16:01 264704 c:\program files\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-10-13 17:04 707376 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-12 16:45 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-12-01 11:46 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 17:04 2879488 c:\windows\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic III - Zlota Edycja\\Heroes3.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-10 3584]

--- Other Services/Drivers In Memory ---

*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMPNetworkSvc
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WUSB54Gv4SVC
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\detector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de83cad6-955f-11dd-9898-00121780dcf4}]
\Shell\AutoRun\command - J:\index.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 22:02:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
c:\combofix\hidec.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 2009-03-05 22:07:14 - machine was rebooted [tomek]
ComboFix-quarantined-files.txt  2009-03-05 22:05:56
ComboFix2.txt  2009-03-04 20:33:45

Pre-Run: 208,321,757,184 bytes free
Post-Run: 208,226,459,648 bytes free

287   --- E O F ---   2009-03-04 23:56:10

DOdatkowo mam prosby cza za pomoca ktorys z tych programow moglbym usunac wszystko co ma zwiazek ze sterownikami lub plikami ATI lub kart Radeona (w panelu sterowania wszystko usuniete a mam jakis problem ze sterownikami)itp. Z gory dzieki

[wojtas]

looknij:

http://www.softwarepatch.pl/plik/2590/56/6/karty-graficzne/ATI-Catalyst-Uninstaller.html

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.