Wczoraj odpaliłem kompa i na pulpicie wyskoczyły mi nieznanego pochodzenia ikonki takie jak Error Cleaner Privacy Protector Spyware&Malware Protection i ekran zrobił mi się czerwony. Za każdym razem jak teoretycznie wyrzuciłem te programy nawet z rejestru to i tak powracały albo przy odpalaniu jakiego kolwiek programu czy podłączeniu neta. Jak sie z tym uporać?? proszę o pomoc. Log z combo fixa wygląda tak:
ComboFix 08-05-15.3 - ttomit 2008-05-22 14:56:36.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1450 [GMT 2:00]
Running from: C:\Documents and Settings\ttomit\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ttomit\Pulpit\Error Cleaner.url
C:\Documents and Settings\ttomit\Pulpit\Privacy Protector.url
C:\Documents and Settings\ttomit\Pulpit\SpywareMalware Protection.url
C:\Documents and Settings\ttomit\Ulubione\Error Cleaner.url
C:\Documents and Settings\ttomit\Ulubione\Privacy Protector.url
C:\Documents and Settings\ttomit\Ulubione\SpywareMalware Protection.url
C:\WINDOWS\system32\ljJDSLCr.dll
C:\WINDOWS\system32\qdmusyra.ini
C:\WINDOWS\system32\rCLSDJjl.ini
C:\WINDOWS\system32\rCLSDJjl.ini2
.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.
2008-05-22 10:47 . 2008-05-22 10:46 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-22 10:47 . 2008-05-22 10:46 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-22 10:46 . 2008-05-22 10:46 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-22 10:41 . 2008-05-22 10:41
2008-05-22 10:20 . 2008-05-22 10:20
2008-05-22 09:24 . 2008-05-22 09:24
2008-05-22 09:00 . 2008-05-22 09:00 90,112 --a------ C:\WINDOWS\system32\arysumdq.dll
2008-05-22 02:08 . 2008-05-22 02:10 354 —hs---- C:\WINDOWS\system32\esxhnghq.ini
2008-05-22 01:36 . 2008-05-22 01:52 534 —hs---- C:\WINDOWS\system32\hteaeuoi.ini
2008-05-22 01:14 . 2008-05-22 01:14 250 --a------ C:\WINDOWS\gmer.ini
2008-05-21 23:48 . 2008-05-22 09:48
2008-05-21 22:46 . 2008-05-21 17:43 217,088 --a------ C:\WINDOWS\pxgdslro.dll
2008-05-21 22:46 . 2008-05-21 17:43 217,088 --a------ C:\WINDOWS\nldfmtapnvb.dll
2008-05-21 22:46 . 2008-05-21 17:43 196,608 --a------ C:\WINDOWS\gnowmebk.dll
2008-05-21 22:46 . 2008-05-21 17:43 155,648 --a------ C:\WINDOWS\gktxaspm.dll
2008-05-21 22:46 . 2008-05-21 17:43 94,208 --a------ C:\WINDOWS\elsq.exe
2008-05-21 22:46 . 2008-05-21 17:44 81,920 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-21 22:46 . 2008-05-21 22:46 29,312 --a------ C:\WINDOWS\system32\opnolLBT.dll
2008-05-18 11:19 . 2008-05-18 11:20
2008-05-18 11:17 . 2000-08-19 19:29 268,048 --a------ C:\WINDOWS\system32\dxtmeta2.dll
2008-05-17 23:49 . 2008-05-17 23:51
2008-05-17 23:11 . 2008-05-17 23:48
2008-05-17 23:11 . 2008-05-17 23:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-05-17 09:18 . 2008-05-22 14:56 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-15 14:33 . 2008-05-15 14:33
2008-05-11 14:00 . 2008-05-11 14:00
2008-05-11 14:00 . 2008-05-11 14:00
2008-05-11 13:55 . 2008-05-11 13:55
2008-05-11 13:55 . 2008-05-15 10:46
2008-05-11 12:43 . 2008-05-11 13:56
2008-05-11 12:43 . 2008-05-11 12:43
2008-05-11 12:37 . 2008-05-11 12:37
2008-05-11 12:35 . 2008-05-11 12:40
2008-05-11 12:35 . 2008-05-11 12:38
2008-05-11 12:33 . 2008-05-11 12:37
2008-05-11 12:33 . 2008-05-11 12:33
2008-05-10 21:17 . 2008-05-10 21:17
2008-05-10 20:59 . 2008-05-10 20:59
2008-05-10 20:58 . 2001-03-13 09:49 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-05-09 19:43 . 2008-05-09 19:43
2008-05-09 11:37 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys
2008-05-09 11:37 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys
2008-05-09 11:37 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys
2008-05-09 11:37 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys
2008-05-09 11:08 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
2008-05-09 11:08 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
2008-05-09 11:08 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
2008-05-08 22:01 . 2008-05-08 22:01
2008-05-08 22:01 . 2008-05-18 11:19
2008-05-08 22:00 . 2008-05-18 11:19
2008-05-08 15:25 . 2008-05-08 15:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-08 15:24 . 2008-05-22 09:18
2008-05-08 11:12 . 2008-05-08 11:12
2008-05-08 11:08 . 2008-05-08 11:08 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-05-08 11:08 . 2008-05-08 11:08 65,011 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-05-08 11:07 . 2008-05-08 11:08 6,116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-08 11:06 . 2008-05-08 11:06
2008-05-08 10:54 . 2008-04-14 22:50 1,306,624 -----c— C:\WINDOWS\system32\dllcache\msxml6.dll
2008-05-08 10:54 . 2008-04-14 21:52 89,600 -----c— C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-05-08 10:54 . 2007-06-26 11:30 10,457 -----c— C:\WINDOWS\system32\dllcache\wmptour.hta
2008-05-08 10:54 . 2007-06-26 11:30 1,771 -----c— C:\WINDOWS\system32\dllcache\wmptour.css
2008-05-08 10:54 . 2008-04-14 22:05 1,714 -----c— C:\WINDOWS\system32\dllcache\wmpocm.inf
2008-05-08 10:54 . 2007-06-26 11:30 420 -----c— C:\WINDOWS\system32\dllcache\wmploc.js
2008-05-08 10:51 . 2008-05-08 10:51
2008-05-08 10:51 . 2008-04-14 22:51 294,912 -----c— C:\WINDOWS\system32\dllcache\dlimport.exe
2008-05-08 10:48 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002678_.tmp
2008-05-08 00:07 . 2008-05-08 00:07
2008-05-08 00:04 . 2008-05-22 10:11
2008-05-07 23:56 . 2008-05-07 23:56
2008-05-07 22:59 . 2008-05-13 20:43
2008-05-06 16:30 . 2008-05-06 16:30 0 --a------ C:\WINDOWS\mngui.INI
2008-05-06 16:23 . 2006-11-30 15:11 18,704 -ra------ C:\WINDOWS\system32\drivers\se46nd5.sys
2008-05-06 16:18 . 2008-05-06 16:23
2008-05-06 16:16 . 2008-05-06 16:16
2008-05-06 16:13 . 2008-05-06 16:13
2008-05-06 16:12 . 2008-05-06 16:13
2008-05-06 16:12 . 2008-05-06 16:13
2008-05-06 16:12 . 2008-05-06 16:13
2008-05-06 11:55 . 2008-05-06 12:20
2008-05-06 11:44 . 2008-05-06 11:44
2008-05-05 10:38 . 2008-05-05 10:38
2008-05-05 10:38 . 2008-05-05 10:38 1,140 --a------ C:\WINDOWS\mozver.dat
2008-05-05 10:37 . 2008-05-05 10:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-04 19:59 . 2008-05-04 19:59
2008-05-03 12:42 . 2008-05-03 12:42
2008-05-03 12:42 . 2008-05-03 12:42
2008-05-03 11:42 . 2008-05-16 16:32 83 --a------ C:\WINDOWS\wwp.INI
2008-05-03 11:22 . 2008-05-03 11:22 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-05-03 11:22 . 2008-05-03 11:22 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-05-03 11:21 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-05-03 11:21 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-05-02 19:40 . 2008-05-02 19:40
2008-05-02 17:46 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-05-01 23:12 . 2008-05-01 23:12
2008-05-01 23:11 . 2008-05-01 23:11
2008-05-01 23:11 . 2008-05-08 00:12 1,225 --a------ C:\WINDOWS\bestplayer.ini
2008-05-01 23:11 . 2008-05-08 00:12 27 --a------ C:\WINDOWS\bestplayer.bpp
2008-05-01 23:11 . 2008-05-08 00:12 0 --a------ C:\WINDOWS\bestplayer.bbt
2008-05-01 23:09 . 1999-10-09 17:30 305,152 --a------ C:\WINDOWS\IsUninst.exe
2008-05-01 23:09 . 2008-05-01 23:11 781 --a------ C:\WINDOWS\QIII.INI
2008-05-01 23:06 . 2008-05-01 23:06 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-01 22:42 . 2008-05-01 22:42
2008-05-01 22:34 . 2008-05-02 14:05 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-01 20:59 . 2008-05-01 21:01
2008-05-01 20:54 . 2008-05-01 20:54
2008-05-01 20:53 . 2008-05-01 20:53
2008-05-01 20:53 . 2008-05-01 20:53
2008-05-01 20:52 . 2008-05-01 20:52
2008-05-01 20:52 . 2006-04-25 10:26 36,608 -ra------ C:\WINDOWS\system32\drivers\ifxtpm.sys
2008-05-01 20:47 . 2008-05-01 20:47
2008-05-01 20:46 . 2008-05-01 20:46
2008-05-01 20:45 . 2008-05-01 20:45
2008-05-01 20:45 . 2007-02-16 15:46 160,256 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2008-05-01 20:45 . 2007-02-16 15:46 160,256 --a–c— C:\WINDOWS\system32\dllcache\b57xp32.sys
2008-05-01 20:44 . 2008-05-01 20:44
2008-05-01 20:44 . 2008-05-01 20:44
2008-05-01 20:44 . 2007-01-17 03:04 9,599,872 --a------ C:\WINDOWS\system32\drivers\snp2uvc.sys
2008-05-01 20:44 . 2006-12-29 11:48 569,344 --a------ C:\WINDOWS\vsnp2uvc.exe
2008-05-01 20:44 . 2007-01-13 10:17 299,008 --a------ C:\WINDOWS\system32\vsnp2uvc.dll
2008-05-01 20:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe
2008-05-01 20:44 . 2007-01-24 06:26 81,920 --a------ C:\WINDOWS\system32\rsnp2uvc.dll
2008-05-01 20:44 . 2005-11-24 05:55 53,248 --a------ C:\WINDOWS\system32\csnp2uvc.dll
2008-05-01 20:44 . 2007-01-17 03:01 27,904 --a------ C:\WINDOWS\system32\drivers\sncduvc.sys
2008-05-01 20:44 . 2006-05-20 03:39 15,497 --a------ C:\WINDOWS\snp2uvc.ini
2008-05-01 20:44 . 2006-05-20 03:53 13,022 --a------ C:\WINDOWS\snp2uvc.src
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 16:08 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-01 19:35 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-05-01 19:27 --------- d-----w C:\Documents and Settings\ttomit\Dane aplikacji\Ahead
2008-05-01 19:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-05-01 19:03 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel
2008-05-01 19:03 --------- d-----w C:\Documents and Settings\ttomit\Dane aplikacji\Intel
2008-05-01 19:03 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Intel
2008-05-01 19:03 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Intel
2008-05-01 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Intel
2008-05-01 19:01 --------- d-----w C:\Program Files\SPP
2008-05-01 18:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-01 17:59 --------- d-----w C:\Program Files\Usługi online
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:51 977,408 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 20:51 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 20:51 285,696 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 20:51 227,328 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 20:51 156,160 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 20:51 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 20:49 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 20:49 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 20:49 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 20:49 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 20:49 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 20:49 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 22:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 22:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
.
------- Sigcheck -------
2004-08-04 01:44 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS$NtServicePackUninstall$\wininet.dll
2008-04-14 22:50 702976 1fd3017efbafdc8eddbf60d90352e8a0 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-04-14 22:50 702976 1fd3017efbafdc8eddbf60d90352e8a0 C:\WINDOWS\system32\wininet.dll
2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\explorer.exe
2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS$NtServicePackUninstall$\explorer.exe
2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}]
2008-05-21 22:46 29312 --a------ C:\WINDOWS\system32\opnolLBT.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{2AB0CA27-95E4-437A-8093-FADF3A2FAC42}]
2008-05-21 17:43 217088 --a------ C:\WINDOWS\nldfmtapnvb.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{F3642B57-3EA8-4EEA-A643-9DE138381A57}]
C:\Documents and Settings\ttomit\redir.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{AE7C2D7A-58B4-4DDD-904F-E089A9514E0F}”= “C:\WINDOWS\gktxaspm.dll” [2008-05-21 17:43 155648]
[HKEY_CLASSES_ROOT\clsid{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f}]
[HKEY_CLASSES_ROOT\gktxaspm.1]
[HKEY_CLASSES_ROOT\TypeLib{6A219592-3D06-46A5-B3FF-CBC8EB6FFF2B}]
[HKEY_CLASSES_ROOT\gktxaspm]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}
[HKEY_CLASSES_ROOT\CLSID{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CLASSES_ROOT\CLSID{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” []
“UberIcon”=“C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe” [2006-05-21 09:43 180224]
“Gadu-Gadu”=“C:\Programy\Media\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-26 14:06 8462336]
“nwiz”=“nwiz.exe” [2007-06-26 14:06 1626112 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NVMCTRAY.DLL” [2007-06-26 14:06 81920]
“RTHDCPL”=“RTHDCPL.EXE” [2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe]
“SMSERIAL”=“C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe” [2007-01-17 08:34 634880]
“WLSS”=“C:\Program Files\Compal\Wireless Select Switch\WLSS.exe” [2007-04-23 18:55 190000]
“snp2uvc”=“C:\WINDOWS\vsnp2uvc.exe” [2006-12-29 11:48 569344]
“PSQLLauncher”=“C:\Program Files\Protector Suite QL\launcher.exe” [2007-03-28 19:23 49168]
“Wow VideoAudio”=“C:\Program Files\Compal\Wow VideoAudio\WVAMain.exe” [2007-05-03 17:51 951856]
“Adobe Reader Speed Launcher”=“C:\Programy\Robocze\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]
“egui”=“C:\Programy\Robocze\ESET NOD32 Antivirus\egui.exe” [2007-11-14 15:05 1410304]
“7c9c762f”=“C:\WINDOWS\system32\arysumdq.dll” [2008-05-22 09:00 90112]
C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 16:35:34 561213]
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-05-08 00:04:39 882176]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}”= C:\WINDOWS\system32\opnolLBT.dll [2008-05-21 22:46 29312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“gnowmebk”= {0CCABBE3-B9FC-4408-A4A4-9B4EA721FB04} - C:\WINDOWS\gnowmebk.dll [2008-05-21 17:43 196608]
“pxgdslro”= {CEEB9F29-65FE-4721-8C9F-C5AC8687D76A} - C:\WINDOWS\pxgdslro.dll [2008-05-21 17:43 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-04-06 15:28 434176 C:\WINDOWS\system32\IfxWlxEN.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnolLBT]
opnolLBT.dll 2008-05-21 22:46 29312 C:\WINDOWS\system32\opnolLBT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-28 19:46 90112 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.ffds”= C:\Programy\Media\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM~\startupfolder\C:^Documents and Settings^ttomit^Menu Start^Programy^Autostart^RocketDock.lnk]
path=C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup
[HKLM~\startupfolder\C:^Documents and Settings^ttomit^Menu Start^Programy^Autostart^Y’z Shadow.lnk]
path=C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\Y’z Shadow.lnk
backup=C:\WINDOWS\pss\Y’z Shadow.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
–a------ 2007-04-04 00:29 165784 C:\Programy\Robocze\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
–a------ 2008-03-20 12:04 2127296 C:\Programy\Media\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 01:06 487424 C:\Programy\Media\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyGuarder]
C:\Documents and Settings\ttomit\spyguarder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programy\Media\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“SharedAccess”=2 (0x2)
“SENS”=2 (0x2)
“Eventlog”=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“D:\Gry\Quake 3\quake3.exe”=
“D:\Gry\Assassin’s Creed\AssassinsCreed_Dx9.exe”=
“D:\Gry\Assassin’s Creed\AssassinsCreed_Dx10.exe”=
“D:\Gry\Assassin’s Creed\AssassinsCreed_Launcher.exe”=
“C:\Programy\Media\DC++\DCPlusPlus.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“D:\Gry\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe”=
“C:\Programy\Robocze\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Programy\Media\BitComet\BitComet.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“14312:TCP”= 14312:TCP:BitComet 14312 TCP
“14312:UDP”= 14312:UDP:BitComet 14312 UDP
R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-04-06 16:09]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-04-25 10:26]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-28 19:15]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 15:11]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 15:11]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 15:11]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 15:11]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 15:11]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 15:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{53323c78-1b76-11dd-b9cf-001c26ebf43a}]
\Shell\AutoRun\command - v.exe
\Shell\explore\Command - v.exe
\Shell\open\Command - v.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6dc317a2-1864-11dd-b9c5-001c26ebf43a}]
\Shell\AutoRun\command - F:\1dg.exe
\Shell\explore\Command - F:\1dg.exe
\Shell\open\Command - F:\1dg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b209c7bc-186e-11dd-b9c6-001c26ebf43a}]
\Shell\AutoRun\command - F:\1dg.exe
\Shell\explore\Command - F:\1dg.exe
\Shell\open\Command - F:\1dg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b209c7bd-186e-11dd-b9c6-001c26ebf43a}]
\Shell\AutoRun\command - H:\1dg.exe
\Shell\explore\Command - H:\1dg.exe
\Shell\open\Command - H:\1dg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”
.
Contents of the ‘Scheduled Tasks’ folder
“2008-05-01 19:08:28 C:\WINDOWS\Tasks\Security Platform Backup Schedule.job”
- C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 15:02:08
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
C:\WINDOWS\system32\qdmusyra.ini 294 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\opnolLBT.dll
PROCESS: C:\WINDOWS\explorer.exe
-
C:\WINDOWS\system32\nview.dll
-
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
-
C:\WINDOWS\system32\arysumdq.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programy\Robocze\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
.
**************************************************************************
.
Completion time: 2008-05-22 15:06:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 13:06:02
Pre-Run: 19,078,983,680 bajtów wolnych
Post-Run: 19,059,462,144 bajt˘w wolnych
435