syf:
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\gaopdxserv.sys]
“imagepath”="\systemroot\system32\drivers\gaopdxrmoeypuhrqtuockbgrvvmkhbscvnlsxy.sys"
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“135:TCP”= 135:TCP:TCP Port 135
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“C:\Documents and Settings\Adrian Dudzinski\kgrrb.exe”=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=“C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Adrian Dudzinski\kgrrb.exe \s”
009-04-11 09:51 . 2009-04-11 09:51 2,709 --a------ C:\WINDOWS\system32\andlo32do.dat
2009-04-07 16:09 . 2009-04-07 16:09 33,280 —h----- C:\Documents and Settings\Adrian Dudzinski\kgrrb.exe
2009-04-06 09:50 . 2009-04-12 16:44 2,709 --a------ C:\WINDOWS\system32\sheawib.dat
2009-04-05 09:16 . 2009-04-05 09:16 2,709 --a------ C:\WINDOWS\system32\poydllcra.dat
2009-04-04 14:39 . 2009-04-04 14:39 314,880 --a------ C:\WINDOWS\system32\RCX1D7.tmp
2009-04-04 14:39 . 2009-04-04 14:39 2,709 --a------ C:\WINDOWS\system32\hasbe.dat
2009-04-02 21:12 . 2009-04-02 21:12 2,709 --a------ C:\WINDOWS\system32\toorshejm.dat
2009-04-02 21:06 . 2009-04-02 21:06 2,709 --a------ C:\WINDOWS\system32\dllortowi.dat
DNS z ukrainy 
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Adrian Dudzinski\kgrrb.exe \s
możliwe że to conficker, ale nie wiem na pewno
? przez HijackThis?