Problem z reklamiarzami i trojanami nie moge usunac

banan213 · 16 Listopad 2007 00:13

Avast wykrywa mi zagrożone pliki

C:\DOCUME~1\banan213\USTAWI~1\Temp\ac8zt2\main_uninstaller.exe

C:\DOCUME~1\banan213\USTAWI~1\Temp\ac8zt2\msmdev.dll

C:\DOCUME~1\banan213\USTAWI~1\Temp\ac8zt2\msmhost.dll

C:\DOCUME~1\banan213\USTAWI~1\Temp\ac8zt2\nsduo.dll

C:\DOCUME~1\banan213\USTAWI~1\Temp\ac8zt2\rmv.exe

oto log

Logfile of HijackThis v1.99.1 Scan saved at 00:48:05, on 2007-11-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Messenger\MSMSGS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Opera\Opera.exe C:\Opera dowlands\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: HTGTUP System - {6C7A1C43-D86E-49D4-A66E-8EF0DCFCBB71} - C:\WINDOWS\oprevmqp.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: The bonsws - {7BF35567-E7C5-4646-8F65-41898BEF0637} - C:\WINDOWS\bonsws.dll O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\MSMSGS.EXE” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 7861773736 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: ddkret - {3BCC343C-D11D-4BA4-80E1-6792EBAD6393} - C:\WINDOWS\ddkret.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Tak ma to wyglądać

Asterisk

Gutek · 16 Listopad 2007 06:30

do kasacji wpisy przez HJT

Daj log z ComboFix

TEMP oczyść - http://www.atribune.org/ccount/click.php?id=1

banan213 · 16 Listopad 2007 11:28

Oto log z ComboFix

Gutek · 16 Listopad 2007 17:11

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

banan213 · 18 Listopad 2007 09:36

Bardzo dziękuję za pomoc, po wirusach nie ma już śladu a oto log ComboFix

ComboFix 07-11-08.1 - banan213 2007-11-16 12:19:20.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.420 [GMT 1:00]

Running from: C:\Opera dowlands\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\dat.txt

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\rs.txt

.

((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))

.

2007-11-16 12:18 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-15 23:54

2007-11-14 23:09

2007-11-14 23:09 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-11-14 23:09 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-11-14 23:09 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-11-14 23:09 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-11-14 23:09 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-11-14 02:58 299,008 --a------ C:\WINDOWS\ddkret.dll

2007-11-14 02:58 188,416 --a------ C:\WINDOWS\bonsws.dll

2007-11-14 02:58 112,128 --a------ C:\WINDOWS\sawkip.exe

2007-10-30 16:49

2007-10-30 16:16

2007-10-30 16:13 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-13 23:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2007-10-30 15:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-10-30 15:48 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-10-30 15:21 --------- d-----w C:\Program Files\Yahoo!

2007-10-22 21:43 --------- d-----w C:\Program Files\Opera

2007-10-13 17:25 --------- d-----w C:\Documents and Settings\banan213\Dane aplikacji\SopCast

2007-10-13 17:09 --------- d-----w C:\Program Files\SopCast

2007-10-11 18:08 --------- d-----w C:\Program Files\BearShare Applications

2007-10-09 16:27 --------- d-----w C:\Program Files\Java

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-09-03 15:06 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.dll

2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Cmaudio”=“cmicnfg.cpl” []

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-03 20:05]

“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-05-03 23:33]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06]

“AGRSMMSG”=“AGRSMMSG.exe” [2004-06-29 08:06 C:\WINDOWS\AGRSMMSG.exe]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11]

“OM_Monitor”=“C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe” [2005-11-29 18:19]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 23:47]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50]

“SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-11-02 17:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39]

“MSMSGS”=“C:\Program Files\Messenger\MSMSGS.exe” [2004-10-13 17:24]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 08:44]

“OM_Monitor”=“C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe” [2005-11-29 18:19]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” []

“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” [2007-07-02 11:27]

“eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” []

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

“ddkret”= {E2D2BF17-F385-49AE-92BC-09D4F3690C48} - C:\WINDOWS\ddkret.dll [2007-11-13 18:18 299008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-16 12:21:31

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-16 12:22:26

.

— E O F —

Gutek · 18 Listopad 2007 20:26

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po tym nowy log z combo

banan213 · 19 Listopad 2007 18:37

oto log z ComboFix

ComboFix 07-11-08.3 - banan213 2007-11-19 19:32:06.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.432 [GMT 1:00]

Running from: C:\Opera dowlands\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))

.

2007-11-18 21:18

2007-11-18 20:34

2007-11-18 18:58 6,820 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-11-18 18:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2007-11-18 18:42

2007-11-18 18:41

2007-11-18 18:31

2007-11-18 12:30

2007-11-18 12:29

2007-11-18 12:28 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-11-18 11:37 0 --a------ C:\WINDOWS\ativpsrm.bin

2007-11-17 23:06

2007-11-16 12:18 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-15 23:54

2007-11-14 23:09

2007-11-14 23:09 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-11-14 23:09 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-11-14 23:09 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-11-14 23:09 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-11-14 23:09 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-10-30 16:49

2007-10-30 16:16

2007-10-30 16:13 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-10-29 16:43 531,248 --a------ C:\WINDOWS\system32\es.scr

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-18 19:32 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-11-18 11:35 --------- d-----w C:\Program Files\MSBuild

2007-11-18 10:33 --------- d-----w C:\Program Files\ATI Technologies

2007-11-13 23:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2007-10-30 15:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-10-30 15:21 --------- d-----w C:\Program Files\Yahoo!

2007-10-22 21:43 --------- d-----w C:\Program Files\Opera

2007-10-13 17:25 --------- d-----w C:\Documents and Settings\banan213\Dane aplikacji\SopCast

2007-10-13 17:09 --------- d-----w C:\Program Files\SopCast

2007-10-11 18:08 --------- d-----w C:\Program Files\BearShare Applications

2007-10-09 16:27 --------- d-----w C:\Program Files\Java

2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp

2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-09-28 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe