Mam wirusy i nie moge się ich pozbyć. POMOCY!


(Ttomit) #1

Wczoraj odpaliłem kompa i na pulpicie wyskoczyły mi nieznanego pochodzenia ikonki takie jak Error Cleaner Privacy Protector Spyware&Malware Protection i ekran zrobił mi się czerwony. Za każdym razem jak teoretycznie wyrzuciłem te programy nawet z rejestru to i tak powracały albo przy odpalaniu jakiego kolwiek programu czy podłączeniu neta. Jak sie z tym uporać?? proszę o pomoc. Log z combo fixa wygląda tak:

ComboFix 08-05-15.3 - ttomit 2008-05-22 14:56:36.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1450 [GMT 2:00]

Running from: C:\Documents and Settings\ttomit\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\ttomit\Pulpit\Error Cleaner.url

C:\Documents and Settings\ttomit\Pulpit\Privacy Protector.url

C:\Documents and Settings\ttomit\Pulpit\SpywareMalware Protection.url

C:\Documents and Settings\ttomit\Ulubione\Error Cleaner.url

C:\Documents and Settings\ttomit\Ulubione\Privacy Protector.url

C:\Documents and Settings\ttomit\Ulubione\SpywareMalware Protection.url

C:\WINDOWS\system32\ljJDSLCr.dll

C:\WINDOWS\system32\qdmusyra.ini

C:\WINDOWS\system32\rCLSDJjl.ini

C:\WINDOWS\system32\rCLSDJjl.ini2

.

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))

.

2008-05-22 10:47 . 2008-05-22 10:46 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-05-22 10:47 . 2008-05-22 10:46 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-22 10:46 . 2008-05-22 10:46 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-05-22 10:41 . 2008-05-22 10:41

2008-05-22 10:20 . 2008-05-22 10:20

2008-05-22 09:24 . 2008-05-22 09:24

2008-05-22 09:00 . 2008-05-22 09:00 90,112 --a------ C:\WINDOWS\system32\arysumdq.dll

2008-05-22 02:08 . 2008-05-22 02:10 354 ---hs---- C:\WINDOWS\system32\esxhnghq.ini

2008-05-22 01:36 . 2008-05-22 01:52 534 ---hs---- C:\WINDOWS\system32\hteaeuoi.ini

2008-05-22 01:14 . 2008-05-22 01:14 250 --a------ C:\WINDOWS\gmer.ini

2008-05-21 23:48 . 2008-05-22 09:48

2008-05-21 22:46 . 2008-05-21 17:43 217,088 --a------ C:\WINDOWS\pxgdslro.dll

2008-05-21 22:46 . 2008-05-21 17:43 217,088 --a------ C:\WINDOWS\nldfmtapnvb.dll

2008-05-21 22:46 . 2008-05-21 17:43 196,608 --a------ C:\WINDOWS\gnowmebk.dll

2008-05-21 22:46 . 2008-05-21 17:43 155,648 --a------ C:\WINDOWS\gktxaspm.dll

2008-05-21 22:46 . 2008-05-21 17:43 94,208 --a------ C:\WINDOWS\elsq.exe

2008-05-21 22:46 . 2008-05-21 17:44 81,920 --a------ C:\WINDOWS\mdtgkswr.exe

2008-05-21 22:46 . 2008-05-21 22:46 29,312 --a------ C:\WINDOWS\system32\opnolLBT.dll

2008-05-18 11:19 . 2008-05-18 11:20

2008-05-18 11:17 . 2000-08-19 19:29 268,048 --a------ C:\WINDOWS\system32\dxtmeta2.dll

2008-05-17 23:49 . 2008-05-17 23:51

2008-05-17 23:11 . 2008-05-17 23:48

2008-05-17 23:11 . 2008-05-17 23:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-05-17 09:18 . 2008-05-22 14:56 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-15 14:33 . 2008-05-15 14:33

2008-05-11 14:00 . 2008-05-11 14:00

2008-05-11 14:00 . 2008-05-11 14:00

2008-05-11 13:55 . 2008-05-11 13:55

2008-05-11 13:55 . 2008-05-15 10:46

2008-05-11 12:43 . 2008-05-11 13:56

2008-05-11 12:43 . 2008-05-11 12:43

2008-05-11 12:37 . 2008-05-11 12:37

2008-05-11 12:35 . 2008-05-11 12:40

2008-05-11 12:35 . 2008-05-11 12:38

2008-05-11 12:33 . 2008-05-11 12:37

2008-05-11 12:33 . 2008-05-11 12:33

2008-05-10 21:17 . 2008-05-10 21:17

2008-05-10 20:59 . 2008-05-10 20:59

2008-05-10 20:58 . 2001-03-13 09:49 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-05-09 19:43 . 2008-05-09 19:43

2008-05-09 11:37 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys

2008-05-09 11:37 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys

2008-05-09 11:37 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys

2008-05-09 11:37 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys

2008-05-09 11:08 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys

2008-05-09 11:08 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys

2008-05-09 11:08 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys

2008-05-08 22:01 . 2008-05-08 22:01

2008-05-08 22:01 . 2008-05-18 11:19

2008-05-08 22:00 . 2008-05-18 11:19

2008-05-08 15:25 . 2008-05-08 15:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-05-08 15:24 . 2008-05-22 09:18

2008-05-08 11:12 . 2008-05-08 11:12

2008-05-08 11:08 . 2008-05-08 11:08 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-05-08 11:08 . 2008-05-08 11:08 65,011 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-05-08 11:07 . 2008-05-08 11:08 6,116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-05-08 11:06 . 2008-05-08 11:06

2008-05-08 10:54 . 2008-04-14 22:50 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll

2008-05-08 10:54 . 2008-04-14 21:52 89,600 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll

2008-05-08 10:54 . 2007-06-26 11:30 10,457 -----c--- C:\WINDOWS\system32\dllcache\wmptour.hta

2008-05-08 10:54 . 2007-06-26 11:30 1,771 -----c--- C:\WINDOWS\system32\dllcache\wmptour.css

2008-05-08 10:54 . 2008-04-14 22:05 1,714 -----c--- C:\WINDOWS\system32\dllcache\wmpocm.inf

2008-05-08 10:54 . 2007-06-26 11:30 420 -----c--- C:\WINDOWS\system32\dllcache\wmploc.js

2008-05-08 10:51 . 2008-05-08 10:51

2008-05-08 10:51 . 2008-04-14 22:51 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe

2008-05-08 10:48 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002678_.tmp

2008-05-08 00:07 . 2008-05-08 00:07

2008-05-08 00:04 . 2008-05-22 10:11

2008-05-07 23:56 . 2008-05-07 23:56

2008-05-07 22:59 . 2008-05-13 20:43

2008-05-06 16:30 . 2008-05-06 16:30 0 --a------ C:\WINDOWS\mngui.INI

2008-05-06 16:23 . 2006-11-30 15:11 18,704 -ra------ C:\WINDOWS\system32\drivers\se46nd5.sys

2008-05-06 16:18 . 2008-05-06 16:23

2008-05-06 16:16 . 2008-05-06 16:16

2008-05-06 16:13 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 11:55 . 2008-05-06 12:20

2008-05-06 11:44 . 2008-05-06 11:44

2008-05-05 10:38 . 2008-05-05 10:38

2008-05-05 10:38 . 2008-05-05 10:38 1,140 --a------ C:\WINDOWS\mozver.dat

2008-05-05 10:37 . 2008-05-05 10:37 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-04 19:59 . 2008-05-04 19:59

2008-05-03 12:42 . 2008-05-03 12:42

2008-05-03 12:42 . 2008-05-03 12:42

2008-05-03 11:42 . 2008-05-16 16:32 83 --a------ C:\WINDOWS\wwp.INI

2008-05-03 11:22 . 2008-05-03 11:22 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-05-03 11:22 . 2008-05-03 11:22 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-05-03 11:21 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2008-05-03 11:21 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2008-05-02 19:40 . 2008-05-02 19:40

2008-05-02 17:46 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys

2008-05-01 23:12 . 2008-05-01 23:12

2008-05-01 23:11 . 2008-05-01 23:11

2008-05-01 23:11 . 2008-05-08 00:12 1,225 --a------ C:\WINDOWS\bestplayer.ini

2008-05-01 23:11 . 2008-05-08 00:12 27 --a------ C:\WINDOWS\bestplayer.bpp

2008-05-01 23:11 . 2008-05-08 00:12 0 --a------ C:\WINDOWS\bestplayer.bbt

2008-05-01 23:09 . 1999-10-09 17:30 305,152 --a------ C:\WINDOWS\IsUninst.exe

2008-05-01 23:09 . 2008-05-01 23:11 781 --a------ C:\WINDOWS\QIII.INI

2008-05-01 23:06 . 2008-05-01 23:06 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-05-01 22:42 . 2008-05-01 22:42

2008-05-01 22:34 . 2008-05-02 14:05 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-01 20:59 . 2008-05-01 21:01

2008-05-01 20:54 . 2008-05-01 20:54

2008-05-01 20:53 . 2008-05-01 20:53

2008-05-01 20:53 . 2008-05-01 20:53

2008-05-01 20:52 . 2008-05-01 20:52

2008-05-01 20:52 . 2006-04-25 10:26 36,608 -ra------ C:\WINDOWS\system32\drivers\ifxtpm.sys

2008-05-01 20:47 . 2008-05-01 20:47

2008-05-01 20:46 . 2008-05-01 20:46

2008-05-01 20:45 . 2008-05-01 20:45

2008-05-01 20:45 . 2007-02-16 15:46 160,256 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys

2008-05-01 20:45 . 2007-02-16 15:46 160,256 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys

2008-05-01 20:44 . 2008-05-01 20:44

2008-05-01 20:44 . 2008-05-01 20:44

2008-05-01 20:44 . 2007-01-17 03:04 9,599,872 --a------ C:\WINDOWS\system32\drivers\snp2uvc.sys

2008-05-01 20:44 . 2006-12-29 11:48 569,344 --a------ C:\WINDOWS\vsnp2uvc.exe

2008-05-01 20:44 . 2007-01-13 10:17 299,008 --a------ C:\WINDOWS\system32\vsnp2uvc.dll

2008-05-01 20:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe

2008-05-01 20:44 . 2007-01-24 06:26 81,920 --a------ C:\WINDOWS\system32\rsnp2uvc.dll

2008-05-01 20:44 . 2005-11-24 05:55 53,248 --a------ C:\WINDOWS\system32\csnp2uvc.dll

2008-05-01 20:44 . 2007-01-17 03:01 27,904 --a------ C:\WINDOWS\system32\drivers\sncduvc.sys

2008-05-01 20:44 . 2006-05-20 03:39 15,497 --a------ C:\WINDOWS\snp2uvc.ini

2008-05-01 20:44 . 2006-05-20 03:53 13,022 --a------ C:\WINDOWS\snp2uvc.src

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 16:08 --------- d-----w C:\Program Files\Common Files\Ahead

2008-05-01 19:35 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-05-01 19:27 --------- d-----w C:\Documents and Settings\ttomit\Dane aplikacji\Ahead

2008-05-01 19:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead

2008-05-01 19:03 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\ttomit\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Intel

2008-05-01 19:01 --------- d-----w C:\Program Files\SPP

2008-05-01 18:28 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-05-01 17:59 --------- d-----w C:\Program Files\Usługi online

2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 20:51 977,408 ----a-w C:\WINDOWS\explorer.exe

2008-04-14 20:51 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 20:51 285,696 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 20:51 227,328 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 20:51 156,160 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 20:51 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 20:49 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll

2008-04-14 20:49 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll

2008-04-14 20:49 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll

2008-04-14 20:49 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll

2008-04-14 20:49 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll

2008-04-14 20:49 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll

2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 22:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 22:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

.

------- Sigcheck -------

2004-08-04 01:44 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS\$NtServicePackUninstall$\wininet.dll

2008-04-14 22:50 702976 1fd3017efbafdc8eddbf60d90352e8a0 C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2008-04-14 22:50 702976 1fd3017efbafdc8eddbf60d90352e8a0 C:\WINDOWS\system32\wininet.dll

2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\explorer.exe

2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}]

2008-05-21 22:46 29312 --a------ C:\WINDOWS\system32\opnolLBT.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{2AB0CA27-95E4-437A-8093-FADF3A2FAC42}]

2008-05-21 17:43 217088 --a------ C:\WINDOWS\nldfmtapnvb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{F3642B57-3EA8-4EEA-A643-9DE138381A57}]

C:\Documents and Settings\ttomit\redir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{AE7C2D7A-58B4-4DDD-904F-E089A9514E0F}"= "C:\WINDOWS\gktxaspm.dll" [2008-05-21 17:43 155648]

[HKEY_CLASSES_ROOT\clsid{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f}]

[HKEY_CLASSES_ROOT\gktxaspm.1]

[HKEY_CLASSES_ROOT\TypeLib{6A219592-3D06-46A5-B3FF-CBC8EB6FFF2B}]

[HKEY_CLASSES_ROOT\gktxaspm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224]

"Gadu-Gadu"="C:\Programy\Media\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-26 14:06 8462336]

"nwiz"="nwiz.exe" [2007-06-26 14:06 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2007-06-26 14:06 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 08:34 634880]

"WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 18:55 190000]

"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 11:48 569344]

"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 19:23 49168]

"Wow VideoAudio"="C:\Program Files\Compal\Wow VideoAudio\WVAMain.exe" [2007-05-03 17:51 951856]

"Adobe Reader Speed Launcher"="C:\Programy\Robocze\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"egui"="C:\Programy\Robocze\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05 1410304]

"7c9c762f"="C:\WINDOWS\system32\arysumdq.dll" [2008-05-22 09:00 90112]

C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 16:35:34 561213]

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-05-08 00:04:39 882176]

Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}"= C:\WINDOWS\system32\opnolLBT.dll [2008-05-21 22:46 29312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"gnowmebk"= {0CCABBE3-B9FC-4408-A4A4-9B4EA721FB04} - C:\WINDOWS\gnowmebk.dll [2008-05-21 17:43 196608]

"pxgdslro"= {CEEB9F29-65FE-4721-8C9F-C5AC8687D76A} - C:\WINDOWS\pxgdslro.dll [2008-05-21 17:43 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]

IfxWlxEN.dll 2006-04-06 15:28 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnolLBT]

opnolLBT.dll 2008-05-21 22:46 29312 C:\WINDOWS\system32\opnolLBT.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

C:\WINDOWS\system32\psqlpwd.dll 2007-03-28 19:46 90112 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\Programy\Media\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^ttomit^Menu Start^Programy^Autostart^RocketDock.lnk]

path=C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\RocketDock.lnk

backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ttomit^Menu Start^Programy^Autostart^Y'z Shadow.lnk]

path=C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\Y'z Shadow.lnk

backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-04-04 00:29 165784 C:\Programy\Robocze\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

--a------ 2008-03-20 12:04 2127296 C:\Programy\Media\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2006-11-24 01:06 487424 C:\Programy\Media\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyGuarder]

C:\Documents and Settings\ttomit\spyguarder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Programy\Media\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SharedAccess"=2 (0x2)

"SENS"=2 (0x2)

"Eventlog"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"D:\Gry\Quake 3\quake3.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Dx9.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Dx10.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Launcher.exe"=

"C:\Programy\Media\DC++\DCPlusPlus.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"D:\Gry\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"=

"C:\Programy\Robocze\Microsoft Office\Office12\OUTLOOK.EXE"=

"C:\Programy\Media\BitComet\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14312:TCP"= 14312:TCP:BitComet 14312 TCP

"14312:UDP"= 14312:UDP:BitComet 14312 UDP

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-04-06 16:09]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-04-25 10:26]

R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-28 19:15]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 15:11]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 15:11]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 15:11]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 15:11]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 15:11]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 15:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{53323c78-1b76-11dd-b9cf-001c26ebf43a}]

\Shell\AutoRun\command - v.exe

\Shell\explore\Command - v.exe

\Shell\open\Command - v.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6dc317a2-1864-11dd-b9c5-001c26ebf43a}]

\Shell\AutoRun\command - F:\1dg.exe

\Shell\explore\Command - F:\1dg.exe

\Shell\open\Command - F:\1dg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b209c7bc-186e-11dd-b9c6-001c26ebf43a}]

\Shell\AutoRun\command - F:\1dg.exe

\Shell\explore\Command - F:\1dg.exe

\Shell\open\Command - F:\1dg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b209c7bd-186e-11dd-b9c6-001c26ebf43a}]

\Shell\AutoRun\command - H:\1dg.exe

\Shell\explore\Command - H:\1dg.exe

\Shell\open\Command - H:\1dg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

"2008-05-01 19:08:28 C:\WINDOWS\Tasks\Security Platform Backup Schedule.job"

  • C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 15:02:08

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\qdmusyra.ini 294 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

  • C:\WINDOWS\system32\opnolLBT.dll

PROCESS: C:\WINDOWS\explorer.exe

  • C:\WINDOWS\system32\nview.dll

  • C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll

  • C:\WINDOWS\system32\arysumdq.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programy\Robocze\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\IFXSPMGT.exe

C:\WINDOWS\system32\IFXTCS.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Infineon\Security Platform Software\PSDrt.exe

C:\Program Files\Infineon\Security Platform Software\SpTNA.exe

.

**************************************************************************

.

Completion time: 2008-05-22 15:06:09 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-22 13:06:02

Pre-Run: 19,078,983,680 bajtów wolnych

Post-Run: 19,059,462,144 bajt˘w wolnych

435


(huber2t) #2

Do wyleczenia pendrive z wirusów użyj

Perlovg Removal Tool

Flash Disinfector

lub format

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\system32\arysumdq.dll

C:\WINDOWS\system32\esxhnghq.ini

C:\WINDOWS\system32\hteaeuoi.ini

C:\WINDOWS\pxgdslro.dll

C:\WINDOWS\nldfmtapnvb.dll

C:\WINDOWS\gnowmebk.dll

C:\WINDOWS\gktxaspm.dll

C:\WINDOWS\elsq.exe

C:\WINDOWS\mdtgkswr.exe

C:\WINDOWS\system32\opnolLBT.dll

C:\WINDOWS\system32\dxtmeta2.dll

C:\WINDOWS\system32\opnolLBT.dll

C:\Documents and Settings\ttomit\redir.dll

C:\WINDOWS\nldfmtapnvb.dll

C:\WINDOWS\gktxaspm.dll

C:\WINDOWS\system32\IfxWlxEN.dll


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AB0CA27-95E4-437A-8093-FADF3A2FAC42}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3642B57-3EA8-4EEA-A643-9DE138381A57}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{AE7C2D7A-58B4-4DDD-904F-E089A9514E0F}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnolLBT]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.org


(Ttomit) #3

oto nowy log:

ComboFix 08-05-15.3 - ttomit 2008-05-22 19:48:21.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1512 [GMT 2:00]

Running from: C:\Documents and Settings\ttomit\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\ttomit\Pulpit\CFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\Documents and Settings\ttomit\redir.dll

C:\WINDOWS\elsq.exe

C:\WINDOWS\gktxaspm.dll

C:\WINDOWS\gnowmebk.dll

C:\WINDOWS\mdtgkswr.exe

C:\WINDOWS\nldfmtapnvb.dll

C:\WINDOWS\pxgdslro.dll

C:\WINDOWS\system32\arysumdq.dll

C:\WINDOWS\system32\dxtmeta2.dll

C:\WINDOWS\system32\esxhnghq.ini

C:\WINDOWS\system32\hteaeuoi.ini

C:\WINDOWS\system32\IfxWlxEN.dll

C:\WINDOWS\system32\opnolLBT.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\ttomit\Pulpit\Error Cleaner.url

C:\Documents and Settings\ttomit\Pulpit\Privacy Protector.url

C:\Documents and Settings\ttomit\Pulpit\SpywareMalware Protection.url

C:\Documents and Settings\ttomit\redir.dll

C:\WINDOWS\elsq.exe

C:\WINDOWS\gktxaspm.dll

C:\WINDOWS\gnowmebk.dll

C:\WINDOWS\mdtgkswr.exe

C:\WINDOWS\nldfmtapnvb.dll

C:\WINDOWS\pxgdslro.dll

C:\WINDOWS\system32\dxtmeta2.dll

C:\WINDOWS\system32\esxhnghq.ini

C:\WINDOWS\system32\hteaeuoi.ini

C:\WINDOWS\system32\IfxWlxEN.dll

C:\WINDOWS\system32\ljJDSLCr.dll

C:\WINDOWS\system32\oodxfuka.ini

C:\WINDOWS\system32\opnolLBT.dll

C:\WINDOWS\system32\rCLSDJjl.ini

C:\WINDOWS\system32\UxIQAcfe.ini

C:\WINDOWS\system32\UxIQAcfe.ini2

.

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))

.

2008-05-22 19:44 . 2008-05-22 19:44 90,624 --a------ C:\WINDOWS\system32\akufxdoo.dll

2008-05-22 19:43 . 2008-05-22 19:43 317,824 --a------ C:\WINDOWS\system32\efcAQIxU.dll

2008-05-22 19:35 . 2008-05-22 19:43

2008-05-22 19:35 . 2008-05-22 19:35

2008-05-22 19:28 . 2008-05-22 19:35

2008-05-22 17:09 . 2008-05-22 19:35

2008-05-22 10:41 . 2008-05-22 19:35

2008-05-22 09:24 . 2008-05-22 09:24

2008-05-22 01:14 . 2008-05-22 01:14 250 --a------ C:\WINDOWS\gmer.ini

2008-05-22 00:34 . 2008-05-22 00:34 1,589,760 --a------ C:\Documents and Settings\ttomit\spyguarder.exe

2008-05-21 23:48 . 2008-05-22 19:35

2008-05-18 11:19 . 2008-05-18 11:20

2008-05-17 23:49 . 2008-05-17 23:51

2008-05-17 23:11 . 2008-05-17 23:48

2008-05-17 23:11 . 2008-05-17 23:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-05-17 09:18 . 2008-05-22 19:47 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-15 14:33 . 2008-05-15 14:33

2008-05-11 14:00 . 2008-05-11 14:00

2008-05-11 14:00 . 2008-05-11 14:00

2008-05-11 13:55 . 2008-05-11 13:55

2008-05-11 13:55 . 2008-05-15 10:46

2008-05-11 12:43 . 2008-05-11 13:56

2008-05-11 12:43 . 2008-05-11 12:43

2008-05-11 12:37 . 2008-05-11 12:37

2008-05-11 12:35 . 2008-05-11 12:40

2008-05-11 12:35 . 2008-05-11 12:38

2008-05-11 12:33 . 2008-05-11 12:37

2008-05-11 12:33 . 2008-05-11 12:33

2008-05-10 21:17 . 2008-05-10 21:17

2008-05-10 20:59 . 2008-05-10 20:59

2008-05-10 20:58 . 2001-03-13 09:49 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-05-09 19:43 . 2008-05-09 19:43

2008-05-09 11:37 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys

2008-05-09 11:37 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys

2008-05-09 11:37 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys

2008-05-09 11:37 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys

2008-05-09 11:08 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys

2008-05-09 11:08 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys

2008-05-09 11:08 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys

2008-05-08 22:01 . 2008-05-08 22:01

2008-05-08 22:01 . 2008-05-18 11:19

2008-05-08 22:00 . 2008-05-18 11:19

2008-05-08 15:25 . 2008-05-08 15:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-05-08 15:24 . 2008-05-22 19:35

2008-05-08 11:12 . 2008-05-08 11:12

2008-05-08 11:08 . 2008-05-08 11:08 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-05-08 11:08 . 2008-05-08 11:08 65,011 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-05-08 11:07 . 2008-05-08 11:08 6,116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-05-08 11:06 . 2008-05-08 11:06

2008-05-08 10:54 . 2008-04-14 22:50 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll

2008-05-08 10:54 . 2008-04-14 21:52 89,600 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll

2008-05-08 10:54 . 2007-06-26 11:30 10,457 -----c--- C:\WINDOWS\system32\dllcache\wmptour.hta

2008-05-08 10:54 . 2007-06-26 11:30 1,771 -----c--- C:\WINDOWS\system32\dllcache\wmptour.css

2008-05-08 10:54 . 2008-04-14 22:05 1,714 -----c--- C:\WINDOWS\system32\dllcache\wmpocm.inf

2008-05-08 10:54 . 2007-06-26 11:30 420 -----c--- C:\WINDOWS\system32\dllcache\wmploc.js

2008-05-08 10:51 . 2008-05-08 10:51

2008-05-08 10:51 . 2008-04-14 22:51 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe

2008-05-08 10:48 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002678_.tmp

2008-05-08 00:07 . 2008-05-08 00:07

2008-05-08 00:04 . 2008-05-22 19:44

2008-05-07 23:56 . 2008-05-07 23:56

2008-05-07 22:59 . 2008-05-13 20:43

2008-05-06 16:30 . 2008-05-06 16:30 0 --a------ C:\WINDOWS\mngui.INI

2008-05-06 16:23 . 2006-11-30 15:11 18,704 -ra------ C:\WINDOWS\system32\drivers\se46nd5.sys

2008-05-06 16:18 . 2008-05-06 16:23

2008-05-06 16:16 . 2008-05-06 16:16

2008-05-06 16:13 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 11:55 . 2008-05-06 12:20

2008-05-06 11:44 . 2008-05-06 11:44

2008-05-05 10:38 . 2008-05-05 10:38

2008-05-05 10:38 . 2008-05-05 10:38 1,140 --a------ C:\WINDOWS\mozver.dat

2008-05-05 10:37 . 2008-05-05 10:37 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-04 19:59 . 2008-05-04 19:59

2008-05-03 12:42 . 2008-05-03 12:42

2008-05-03 12:42 . 2008-05-03 12:42

2008-05-03 11:42 . 2008-05-16 16:32 83 --a------ C:\WINDOWS\wwp.INI

2008-05-03 11:22 . 2008-05-03 11:22 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-05-03 11:22 . 2008-05-03 11:22 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-05-03 11:21 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2008-05-03 11:21 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2008-05-02 19:40 . 2008-05-02 19:40

2008-05-02 17:46 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys

2008-05-01 23:12 . 2008-05-01 23:12

2008-05-01 23:11 . 2008-05-01 23:11

2008-05-01 23:11 . 2008-05-08 00:12 1,225 --a------ C:\WINDOWS\bestplayer.ini

2008-05-01 23:11 . 2008-05-08 00:12 27 --a------ C:\WINDOWS\bestplayer.bpp

2008-05-01 23:11 . 2008-05-08 00:12 0 --a------ C:\WINDOWS\bestplayer.bbt

2008-05-01 23:09 . 1999-10-09 17:30 305,152 --a------ C:\WINDOWS\IsUninst.exe

2008-05-01 23:09 . 2008-05-01 23:11 781 --a------ C:\WINDOWS\QIII.INI

2008-05-01 23:06 . 2008-05-01 23:06 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-05-01 22:42 . 2008-05-01 22:42

2008-05-01 22:34 . 2008-05-02 14:05 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-01 20:59 . 2008-05-01 21:01

2008-05-01 20:54 . 2008-05-01 20:54

2008-05-01 20:53 . 2008-05-01 20:53

2008-05-01 20:53 . 2008-05-01 20:53

2008-05-01 20:52 . 2008-05-01 20:52

2008-05-01 20:52 . 2006-04-25 10:26 36,608 -ra------ C:\WINDOWS\system32\drivers\ifxtpm.sys

2008-05-01 20:47 . 2008-05-01 20:47

2008-05-01 20:46 . 2008-05-01 20:46

2008-05-01 20:45 . 2008-05-01 20:45

2008-05-01 20:45 . 2007-02-16 15:46 160,256 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys

2008-05-01 20:45 . 2007-02-16 15:46 160,256 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys

2008-05-01 20:44 . 2008-05-01 20:44

2008-05-01 20:44 . 2008-05-01 20:44

2008-05-01 20:44 . 2007-01-17 03:04 9,599,872 --a------ C:\WINDOWS\system32\drivers\snp2uvc.sys

2008-05-01 20:44 . 2006-12-29 11:48 569,344 --a------ C:\WINDOWS\vsnp2uvc.exe

2008-05-01 20:44 . 2007-01-13 10:17 299,008 --a------ C:\WINDOWS\system32\vsnp2uvc.dll

2008-05-01 20:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe

2008-05-01 20:44 . 2007-01-24 06:26 81,920 --a------ C:\WINDOWS\system32\rsnp2uvc.dll

2008-05-01 20:44 . 2005-11-24 05:55 53,248 --a------ C:\WINDOWS\system32\csnp2uvc.dll

2008-05-01 20:44 . 2007-01-17 03:01 27,904 --a------ C:\WINDOWS\system32\drivers\sncduvc.sys

2008-05-01 20:44 . 2006-05-20 03:39 15,497 --a------ C:\WINDOWS\snp2uvc.ini

2008-05-01 20:44 . 2006-05-20 03:53 13,022 --a------ C:\WINDOWS\snp2uvc.src

2008-05-01 20:40 . 2004-09-04 03:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll

2008-05-01 20:40 . 2007-01-23 16:40 42,496 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys

2008-05-01 20:40 . 2007-02-24 14:42 39,936 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys

2008-05-01 20:37 . 2008-05-01 20:37

2008-05-01 20:37 . 2008-04-14 22:50 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-05-01 20:36 . 2008-04-14 21:50 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-05-01 20:35 . 2008-05-01 20:35

2008-05-01 20:35 . 2006-11-28 08:50 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 16:08 --------- d-----w C:\Program Files\Common Files\Ahead

2008-05-01 19:35 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-05-01 19:27 --------- d-----w C:\Documents and Settings\ttomit\Dane aplikacji\Ahead

2008-05-01 19:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead

2008-05-01 19:03 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\ttomit\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Intel

2008-05-01 19:01 --------- d-----w C:\Program Files\SPP

2008-05-01 18:28 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-05-01 17:59 --------- d-----w C:\Program Files\Usługi online

2008-04-25 19:27 104,161 --sh--r C:\1dg.exe

2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 20:51 977,408 ----a-w C:\WINDOWS\explorer.exe

2008-04-14 20:51 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 20:51 285,696 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 20:51 227,328 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 20:51 156,160 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 20:51 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 20:49 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll

2008-04-14 20:49 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll

2008-04-14 20:49 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll

2008-04-14 20:49 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll

2008-04-14 20:49 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll

2008-04-14 20:49 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll

2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 22:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

.

------- Sigcheck -------

2004-08-04 01:44 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS\$NtServicePackUninstall$\wininet.dll

2008-04-14 22:50 702976 1fd3017efbafdc8eddbf60d90352e8a0 C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2008-04-14 22:50 702976 1fd3017efbafdc8eddbf60d90352e8a0 C:\WINDOWS\system32\wininet.dll

2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\explorer.exe

2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{FD0E2B18-9678-4C4B-A147-EFD704FB7466}]

2008-05-22 19:43 317824 --a------ C:\WINDOWS\system32\efcAQIxU.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224]

"Gadu-Gadu"="C:\Programy\Media\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

"SpyGuarder"="C:\Documents and Settings\ttomit\spyguarder.exe" [2008-05-22 00:34 1589760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-26 14:06 8462336]

"nwiz"="nwiz.exe" [2007-06-26 14:06 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2007-06-26 14:06 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 08:34 634880]

"WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 18:55 190000]

"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 11:48 569344]

"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 19:23 49168]

"Wow VideoAudio"="C:\Program Files\Compal\Wow VideoAudio\WVAMain.exe" [2007-05-03 17:51 951856]

"Adobe Reader Speed Launcher"="C:\Programy\Robocze\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"egui"="C:\Programy\Robocze\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05 1410304]

"7c9c762f"="C:\WINDOWS\system32\akufxdoo.dll" [2008-05-22 19:44 90624]

C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 16:35:34 561213]

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-05-08 00:04:39 882176]

Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"gnowmebk"= {0CCABBE3-B9FC-4408-A4A4-9B4EA721FB04} - C:\WINDOWS\gnowmebk.dll []

"pxgdslro"= {CEEB9F29-65FE-4721-8C9F-C5AC8687D76A} - C:\WINDOWS\pxgdslro.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\Programy\Media\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^ttomit^Menu Start^Programy^Autostart^RocketDock.lnk]

path=C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\RocketDock.lnk

backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ttomit^Menu Start^Programy^Autostart^Y'z Shadow.lnk]

path=C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\Y'z Shadow.lnk

backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-04-04 00:29 165784 C:\Programy\Robocze\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

--a------ 2008-03-20 12:04 2127296 C:\Programy\Media\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2006-11-24 01:06 487424 C:\Programy\Media\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Programy\Media\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"SharedAccess"=2 (0x2)

"SENS"=2 (0x2)

"Eventlog"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"D:\Gry\Quake 3\quake3.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Dx9.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Dx10.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Launcher.exe"=

"C:\Programy\Media\DC++\DCPlusPlus.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"D:\Gry\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"=

"C:\Programy\Robocze\Microsoft Office\Office12\OUTLOOK.EXE"=

"C:\Programy\Media\BitComet\BitComet.exe"=

"D:\Gry\[PC] Formula 1 2006 [ENG] [RIP] [dopeman]\F1\F1 2006.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14312:TCP"= 14312:TCP:BitComet 14312 TCP

"14312:UDP"= 14312:UDP:BitComet 14312 UDP

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-04-06 16:09]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-04-25 10:26]

R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-28 19:15]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 15:11]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 15:11]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 15:11]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 15:11]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 15:11]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 15:11]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

"2008-05-01 19:08:28 C:\WINDOWS\Tasks\Security Platform Backup Schedule.job"

  • C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 19:52:43

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

  • C:\WINDOWS\system32\nview.dll

  • C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll

  • C:\WINDOWS\system32\akufxdoo.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programy\Robocze\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\IFXSPMGT.exe

C:\WINDOWS\system32\IFXTCS.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE

D:\Gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-05-22 19:57:12 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-22 17:57:07

ComboFix2.txt 2008-05-22 17:32:09

Pre-Run: 18,979,618,816 bajtów wolnych

Post-Run: 18,905,821,184 bajt˘w wolnych

425


(huber2t) #4

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\system32\akufxdoo.dll

C:\WINDOWS\system32\efcAQIxU.dll

C:\Documents and Setting-s\ttomit\spyguarder.exe

C:\1dg.exe


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD0E2B18-9678-4C4B-A147-EFD704FB7466}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window

C:\WINDOWS\system32\akufxdoo.dlls\CurrentVersion\Run]

"7c9c762f"=-

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.


(Ttomit) #5

teraz wyskoczyły mi jeszcze jakieś błędy przy odpalaniu windy:/ Finger print software: kannot initialize application i rundll: Wystąpił błąd podczas ładowania: C\Windows\System 32\akufxdoo.dll nie mozna odnaleźć określonego modułu, a teraz log wygląda tak:

ComboFix 08-05-15.3 - ttomit 2008-05-22 20:14:39.8 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1547 [GMT 2:00]

Running from: C:\Documents and Settings\ttomit\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\ttomit\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\1dg.exe

C:\Documents and Setting-s\ttomit\spyguarder.exe

C:\WINDOWS\system32\akufxdoo.dll

C:\WINDOWS\system32\efcAQIxU.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\1dg.exe

C:\WINDOWS\system32\akufxdoo.dll

C:\WINDOWS\system32\efcAQIxU.dll

.

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))

.

2008-05-22 19:53 . 2008-05-22 20:12 414 ---hs---- C:\WINDOWS\system32\oodxfuka.ini

2008-05-22 19:35 . 2008-05-22 19:43

2008-05-22 19:35 . 2008-05-22 19:35

2008-05-22 19:28 . 2008-05-22 19:35

2008-05-22 17:09 . 2008-05-22 19:35

2008-05-22 10:41 . 2008-05-22 19:35

2008-05-22 09:24 . 2008-05-22 09:24

2008-05-22 01:14 . 2008-05-22 01:14 250 --a------ C:\WINDOWS\gmer.ini

2008-05-22 00:34 . 2008-05-22 00:34 1,589,760 --a------ C:\Documents and Settings\ttomit\spyguarder.exe

2008-05-21 23:48 . 2008-05-22 19:35

2008-05-18 11:19 . 2008-05-18 11:20

2008-05-17 23:49 . 2008-05-17 23:51

2008-05-17 23:11 . 2008-05-17 23:48

2008-05-17 23:11 . 2008-05-17 23:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-05-17 09:18 . 2008-05-22 19:47 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-15 14:33 . 2008-05-15 14:33

2008-05-11 14:00 . 2008-05-11 14:00

2008-05-11 14:00 . 2008-05-11 14:00

2008-05-11 13:55 . 2008-05-11 13:55

2008-05-11 13:55 . 2008-05-15 10:46

2008-05-11 12:43 . 2008-05-11 13:56

2008-05-11 12:43 . 2008-05-11 12:43

2008-05-11 12:37 . 2008-05-11 12:37

2008-05-11 12:35 . 2008-05-11 12:40

2008-05-11 12:35 . 2008-05-11 12:38

2008-05-11 12:33 . 2008-05-11 12:37

2008-05-11 12:33 . 2008-05-11 12:33

2008-05-10 21:17 . 2008-05-10 21:17

2008-05-10 20:59 . 2008-05-10 20:59

2008-05-10 20:58 . 2001-03-13 09:49 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-05-09 19:43 . 2008-05-09 19:43

2008-05-09 11:37 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys

2008-05-09 11:37 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys

2008-05-09 11:37 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys

2008-05-09 11:37 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys

2008-05-09 11:08 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys

2008-05-09 11:08 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys

2008-05-09 11:08 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys

2008-05-08 22:01 . 2008-05-08 22:01

2008-05-08 22:01 . 2008-05-18 11:19

2008-05-08 22:00 . 2008-05-18 11:19

2008-05-08 15:25 . 2008-05-08 15:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-05-08 15:24 . 2008-05-22 19:35

2008-05-08 11:12 . 2008-05-08 11:12

2008-05-08 11:08 . 2008-05-08 11:08 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-05-08 11:08 . 2008-05-08 11:08 65,011 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-05-08 11:07 . 2008-05-08 11:08 6,116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-05-08 11:06 . 2008-05-08 11:06

2008-05-08 10:54 . 2008-04-14 22:50 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll

2008-05-08 10:54 . 2008-04-14 21:52 89,600 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll

2008-05-08 10:54 . 2007-06-26 11:30 10,457 -----c--- C:\WINDOWS\system32\dllcache\wmptour.hta

2008-05-08 10:54 . 2007-06-26 11:30 1,771 -----c--- C:\WINDOWS\system32\dllcache\wmptour.css

2008-05-08 10:54 . 2008-04-14 22:05 1,714 -----c--- C:\WINDOWS\system32\dllcache\wmpocm.inf

2008-05-08 10:54 . 2007-06-26 11:30 420 -----c--- C:\WINDOWS\system32\dllcache\wmploc.js

2008-05-08 10:51 . 2008-05-08 10:51

2008-05-08 10:51 . 2008-04-14 22:51 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe

2008-05-08 10:48 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002678_.tmp

2008-05-08 00:07 . 2008-05-08 00:07

2008-05-08 00:04 . 2008-05-22 20:04

2008-05-07 23:56 . 2008-05-07 23:56

2008-05-07 22:59 . 2008-05-13 20:43

2008-05-06 16:30 . 2008-05-06 16:30 0 --a------ C:\WINDOWS\mngui.INI

2008-05-06 16:23 . 2006-11-30 15:11 18,704 -ra------ C:\WINDOWS\system32\drivers\se46nd5.sys

2008-05-06 16:18 . 2008-05-06 16:23

2008-05-06 16:16 . 2008-05-06 16:16

2008-05-06 16:13 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 11:55 . 2008-05-06 12:20

2008-05-06 11:44 . 2008-05-06 11:44

2008-05-05 10:38 . 2008-05-05 10:38

2008-05-05 10:38 . 2008-05-05 10:38 1,140 --a------ C:\WINDOWS\mozver.dat

2008-05-05 10:37 . 2008-05-05 10:37 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-04 19:59 . 2008-05-04 19:59

2008-05-03 12:42 . 2008-05-03 12:42

2008-05-03 12:42 . 2008-05-03 12:42

2008-05-03 11:42 . 2008-05-16 16:32 83 --a------ C:\WINDOWS\wwp.INI

2008-05-03 11:22 . 2008-05-03 11:22 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-05-03 11:22 . 2008-05-03 11:22 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-05-03 11:21 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2008-05-03 11:21 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2008-05-02 19:40 . 2008-05-02 19:40

2008-05-02 17:46 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys

2008-05-01 23:12 . 2008-05-01 23:12

2008-05-01 23:11 . 2008-05-01 23:11

2008-05-01 23:11 . 2008-05-08 00:12 1,225 --a------ C:\WINDOWS\bestplayer.ini

2008-05-01 23:11 . 2008-05-08 00:12 27 --a------ C:\WINDOWS\bestplayer.bpp

2008-05-01 23:11 . 2008-05-08 00:12 0 --a------ C:\WINDOWS\bestplayer.bbt

2008-05-01 23:09 . 1999-10-09 17:30 305,152 --a------ C:\WINDOWS\IsUninst.exe

2008-05-01 23:09 . 2008-05-01 23:11 781 --a------ C:\WINDOWS\QIII.INI

2008-05-01 23:06 . 2008-05-01 23:06 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-05-01 22:42 . 2008-05-01 22:42

2008-05-01 22:34 . 2008-05-02 14:05 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-01 20:59 . 2008-05-01 21:01

2008-05-01 20:54 . 2008-05-01 20:54

2008-05-01 20:53 . 2008-05-01 20:53

2008-05-01 20:53 . 2008-05-01 20:53

2008-05-01 20:52 . 2008-05-01 20:52

2008-05-01 20:52 . 2006-04-25 10:26 36,608 -ra------ C:\WINDOWS\system32\drivers\ifxtpm.sys

2008-05-01 20:47 . 2008-05-01 20:47

2008-05-01 20:46 . 2008-05-01 20:46

2008-05-01 20:45 . 2008-05-01 20:45

2008-05-01 20:45 . 2007-02-16 15:46 160,256 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys

2008-05-01 20:45 . 2007-02-16 15:46 160,256 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys

2008-05-01 20:44 . 2008-05-01 20:44

2008-05-01 20:44 . 2008-05-01 20:44

2008-05-01 20:44 . 2007-01-17 03:04 9,599,872 --a------ C:\WINDOWS\system32\drivers\snp2uvc.sys

2008-05-01 20:44 . 2006-12-29 11:48 569,344 --a------ C:\WINDOWS\vsnp2uvc.exe

2008-05-01 20:44 . 2007-01-13 10:17 299,008 --a------ C:\WINDOWS\system32\vsnp2uvc.dll

2008-05-01 20:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe

2008-05-01 20:44 . 2007-01-24 06:26 81,920 --a------ C:\WINDOWS\system32\rsnp2uvc.dll

2008-05-01 20:44 . 2005-11-24 05:55 53,248 --a------ C:\WINDOWS\system32\csnp2uvc.dll

2008-05-01 20:44 . 2007-01-17 03:01 27,904 --a------ C:\WINDOWS\system32\drivers\sncduvc.sys

2008-05-01 20:44 . 2006-05-20 03:39 15,497 --a------ C:\WINDOWS\snp2uvc.ini

2008-05-01 20:44 . 2006-05-20 03:53 13,022 --a------ C:\WINDOWS\snp2uvc.src

2008-05-01 20:40 . 2004-09-04 03:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll

2008-05-01 20:40 . 2007-01-23 16:40 42,496 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys

2008-05-01 20:40 . 2007-02-24 14:42 39,936 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys

2008-05-01 20:37 . 2008-05-01 20:37

2008-05-01 20:37 . 2008-04-14 22:50 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-05-01 20:36 . 2008-04-14 21:50 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-05-01 20:35 . 2008-05-01 20:35

2008-05-01 20:35 . 2006-11-28 08:50 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys

2008-05-01 20:35 . 2006-10-15 08:02 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 16:08 --------- d-----w C:\Program Files\Common Files\Ahead

2008-05-01 19:35 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-05-01 19:27 --------- d-----w C:\Documents and Settings\ttomit\Dane aplikacji\Ahead

2008-05-01 19:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead

2008-05-01 19:03 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\ttomit\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Intel

2008-05-01 19:01 --------- d-----w C:\Program Files\SPP

2008-05-01 18:28 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-05-01 17:59 --------- d-----w C:\Program Files\Usługi online

2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 20:51 977,408 ----a-w C:\WINDOWS\explorer.exe

2008-04-14 20:51 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-14 20:51 285,696 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-14 20:51 227,328 ----a-w C:\WINDOWS\regedit.exe

2008-04-14 20:51 156,160 ----a-w C:\WINDOWS\notepad.exe

2008-04-14 20:51 10,752 ----a-w C:\WINDOWS\hh.exe

2008-04-14 20:49 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll

2008-04-14 20:49 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll

2008-04-14 20:49 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll

2008-04-14 20:49 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll

2008-04-14 20:49 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll

2008-04-14 20:49 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll

2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 22:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 22:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 22:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 22:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

.

------- Sigcheck -------

2004-08-04 01:44 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS\$NtServicePackUninstall$\wininet.dll

2008-04-14 22:50 702976 1fd3017efbafdc8eddbf60d90352e8a0 C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2008-04-14 22:50 702976 1fd3017efbafdc8eddbf60d90352e8a0 C:\WINDOWS\system32\wininet.dll

2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\explorer.exe

2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-05-22_19.56.59.42 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-05-22 17:52:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-05-22 18:16:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-05-22 17:44:25 59,774 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2008-05-22 17:58:47 59,774 ----a-w C:\WINDOWS\system32\perfc009.dat

  • 2008-05-22 17:44:25 75,904 ----a-w C:\WINDOWS\system32\perfc015.dat

  • 2008-05-22 17:58:47 75,904 ----a-w C:\WINDOWS\system32\perfc015.dat

  • 2008-05-22 17:44:25 395,534 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2008-05-22 17:58:47 395,534 ----a-w C:\WINDOWS\system32\perfh009.dat

  • 2008-05-22 17:44:25 451,934 ----a-w C:\WINDOWS\system32\perfh015.dat

  • 2008-05-22 17:58:47 451,934 ----a-w C:\WINDOWS\system32\perfh015.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224]

"Gadu-Gadu"="C:\Programy\Media\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

"SpyGuarder"="C:\Documents and Settings\ttomit\spyguarder.exe" [2008-05-22 00:34 1589760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-26 14:06 8462336]

"nwiz"="nwiz.exe" [2007-06-26 14:06 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2007-06-26 14:06 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 08:34 634880]

"WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 18:55 190000]

"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 11:48 569344]

"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 19:23 49168]

"Wow VideoAudio"="C:\Program Files\Compal\Wow VideoAudio\WVAMain.exe" [2007-05-03 17:51 951856]

"Adobe Reader Speed Launcher"="C:\Programy\Robocze\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"egui"="C:\Programy\Robocze\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05 1410304]

"7c9c762f"="C:\WINDOWS\system32\akufxdoo.dll" []

C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 16:35:34 561213]

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-05-08 00:04:39 882176]

Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"gnowmebk"= {0CCABBE3-B9FC-4408-A4A4-9B4EA721FB04} - C:\WINDOWS\gnowmebk.dll []

"pxgdslro"= {CEEB9F29-65FE-4721-8C9F-C5AC8687D76A} - C:\WINDOWS\pxgdslro.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\Programy\Media\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^ttomit^Menu Start^Programy^Autostart^RocketDock.lnk]

path=C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\RocketDock.lnk

backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ttomit^Menu Start^Programy^Autostart^Y'z Shadow.lnk]

path=C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\Y'z Shadow.lnk

backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-04-04 00:29 165784 C:\Programy\Robocze\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

--a------ 2008-03-20 12:04 2127296 C:\Programy\Media\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2006-11-24 01:06 487424 C:\Programy\Media\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Programy\Media\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"SharedAccess"=2 (0x2)

"SENS"=2 (0x2)

"Eventlog"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"D:\Gry\Quake 3\quake3.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Dx9.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Dx10.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Launcher.exe"=

"C:\Programy\Media\DC++\DCPlusPlus.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"D:\Gry\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"=

"C:\Programy\Robocze\Microsoft Office\Office12\OUTLOOK.EXE"=

"C:\Programy\Media\BitComet\BitComet.exe"=

"D:\Gry\[PC] Formula 1 2006 [ENG] [RIP] [dopeman]\F1\F1 2006.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14312:TCP"= 14312:TCP:BitComet 14312 TCP

"14312:UDP"= 14312:UDP:BitComet 14312 UDP

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-04-06 16:09]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-04-25 10:26]

R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-28 19:15]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 15:11]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 15:11]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 15:11]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 15:11]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 15:11]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 15:11]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

"2008-05-01 19:08:28 C:\WINDOWS\Tasks\Security Platform Backup Schedule.job"

  • C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 20:17:13

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

  • C:\WINDOWS\system32\nview.dll

  • C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programy\Robocze\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\IFXSPMGT.exe

C:\WINDOWS\system32\IFXTCS.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE

D:\Gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-05-22 20:20:37 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-22 18:20:32

ComboFix2.txt 2008-05-22 17:57:12

ComboFix3.txt 2008-05-22 17:32:09

Pre-Run: 18,892,742,656 bajtów wolnych

Post-Run: 18,874,417,152 bajt˘w wolnych

410


(huber2t) #6

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\system32\oodxfuka.ini

C:\Documents and Settings\ttomit\spyguarder.exe

C:\WINDOWS\002678_.tmp

C:\WINDOWS\system32\akufxdoo.dll

C:\WINDOWS\system32\amvo.exe


Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"7c9c762f"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"gnowmebk"=-

"pxgdslro"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.


(Ttomit) #7

tym razem nie wyskoczyły te błędy:) kolejny log:

ComboFix 08-05-21.3 - ttomit 2008-05-22 20:39:18.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1557 [GMT 2:00]

Running from: C:\Documents and Settings\ttomit\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\ttomit\Pulpit\cfscript.txt.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\Documents and Settings\ttomit\spyguarder.exe

C:\WINDOWS\002678_.tmp

C:\WINDOWS\system32\akufxdoo.dll

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\oodxfuka.ini

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\ttomit\spyguarder.exe

C:\WINDOWS\002678_.tmp

C:\WINDOWS\system32\oodxfuka.ini

.

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))

.

2008-05-22 19:35 . 2008-05-22 19:43

2008-05-22 19:35 . 2008-05-22 19:35

2008-05-22 17:09 . 2008-05-22 19:35

2008-05-22 10:41 . 2008-05-22 19:35

2008-05-22 09:24 . 2008-05-22 09:24

2008-05-22 01:14 . 2008-05-22 01:14 250 --a------ C:\WINDOWS\gmer.ini

2008-05-21 23:48 . 2008-05-22 19:35

2008-05-18 11:19 . 2008-05-18 11:20

2008-05-17 23:49 . 2008-05-17 23:51

2008-05-17 23:11 . 2008-05-17 23:48

2008-05-17 23:11 . 2008-05-17 23:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-05-15 14:33 . 2008-05-15 14:33

2008-05-11 14:00 . 2008-05-11 14:00

2008-05-11 14:00 . 2008-05-11 14:00

2008-05-11 13:55 . 2008-05-11 13:55

2008-05-11 13:55 . 2008-05-15 10:46

2008-05-11 12:43 . 2008-05-11 13:56

2008-05-11 12:43 . 2008-05-11 12:43

2008-05-11 12:37 . 2008-05-11 12:37

2008-05-11 12:35 . 2008-05-11 12:40

2008-05-11 12:35 . 2008-05-11 12:38

2008-05-11 12:33 . 2008-05-11 12:37

2008-05-11 12:33 . 2008-05-11 12:33

2008-05-10 21:17 . 2008-05-10 21:17

2008-05-10 20:59 . 2008-05-10 20:59

2008-05-10 20:58 . 2001-03-13 09:49 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-05-09 19:43 . 2008-05-09 19:43

2008-05-09 11:37 . 2006-09-18 14:58 97,184 -ra------ C:\WINDOWS\system32\drivers\SE27mdm.sys

2008-05-09 11:37 . 2006-09-18 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\SE27mdfl.sys

2008-05-09 11:37 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys

2008-05-09 11:37 . 2006-09-18 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys

2008-05-09 11:08 . 2006-09-18 14:58 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys

2008-05-09 11:08 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys

2008-05-09 11:08 . 2006-09-18 14:59 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys

2008-05-08 22:01 . 2008-05-08 22:01

2008-05-08 22:01 . 2008-05-18 11:19

2008-05-08 22:00 . 2008-05-18 11:19

2008-05-08 15:25 . 2008-05-08 15:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-05-08 15:24 . 2008-05-22 19:35

2008-05-08 11:12 . 2008-05-08 11:12

2008-05-08 11:08 . 2008-05-08 11:08 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-05-08 11:08 . 2008-05-08 11:08 65,011 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-05-08 11:07 . 2008-05-08 11:08 6,116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-05-08 11:06 . 2008-05-08 11:06

2008-05-08 10:54 . 2008-04-14 22:50 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll

2008-05-08 10:54 . 2008-04-14 21:52 89,600 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll

2008-05-08 10:54 . 2007-06-26 11:30 10,457 -----c--- C:\WINDOWS\system32\dllcache\wmptour.hta

2008-05-08 10:54 . 2007-06-26 11:30 1,771 -----c--- C:\WINDOWS\system32\dllcache\wmptour.css

2008-05-08 10:54 . 2008-04-14 22:05 1,714 -----c--- C:\WINDOWS\system32\dllcache\wmpocm.inf

2008-05-08 10:54 . 2007-06-26 11:30 420 -----c--- C:\WINDOWS\system32\dllcache\wmploc.js

2008-05-08 10:51 . 2008-05-08 10:51

2008-05-08 10:51 . 2008-04-14 22:51 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe

2008-05-08 00:07 . 2008-05-08 00:07

2008-05-08 00:04 . 2008-05-22 20:28

2008-05-07 23:56 . 2008-05-07 23:56

2008-05-07 22:59 . 2008-05-13 20:43

2008-05-06 16:30 . 2008-05-06 16:30 0 --a------ C:\WINDOWS\mngui.INI

2008-05-06 16:23 . 2006-11-30 15:11 18,704 -ra------ C:\WINDOWS\system32\drivers\se46nd5.sys

2008-05-06 16:18 . 2008-05-06 16:23

2008-05-06 16:16 . 2008-05-06 16:16

2008-05-06 16:13 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 16:12 . 2008-05-06 16:13

2008-05-06 11:55 . 2008-05-06 12:20

2008-05-06 11:44 . 2008-05-06 11:44

2008-05-05 10:38 . 2008-05-05 10:38

2008-05-05 10:38 . 2008-05-05 10:38 1,140 --a------ C:\WINDOWS\mozver.dat

2008-05-05 10:37 . 2008-05-05 10:37 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-04 19:59 . 2008-05-04 19:59

2008-05-03 12:42 . 2008-05-03 12:42

2008-05-03 12:42 . 2008-05-03 12:42

2008-05-03 11:42 . 2008-05-16 16:32 83 --a------ C:\WINDOWS\wwp.INI

2008-05-03 11:22 . 2008-05-03 11:22 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-05-03 11:22 . 2008-05-03 11:22 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-05-03 11:21 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2008-05-03 11:21 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2008-05-02 19:40 . 2008-05-02 19:40

2008-05-02 17:46 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys

2008-05-01 23:12 . 2008-05-01 23:12

2008-05-01 23:11 . 2008-05-01 23:11

2008-05-01 23:11 . 2008-05-08 00:12 1,225 --a------ C:\WINDOWS\bestplayer.ini

2008-05-01 23:11 . 2008-05-08 00:12 27 --a------ C:\WINDOWS\bestplayer.bpp

2008-05-01 23:11 . 2008-05-08 00:12 0 --a------ C:\WINDOWS\bestplayer.bbt

2008-05-01 23:09 . 1999-10-09 17:30 305,152 --a------ C:\WINDOWS\IsUninst.exe

2008-05-01 23:09 . 2008-05-01 23:11 781 --a------ C:\WINDOWS\QIII.INI

2008-05-01 23:06 . 2008-05-01 23:06 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-05-01 22:42 . 2008-05-01 22:42

2008-05-01 22:34 . 2008-05-02 14:05 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-01 20:59 . 2008-05-01 21:01

2008-05-01 20:54 . 2008-05-01 20:54

2008-05-01 20:53 . 2008-05-01 20:53

2008-05-01 20:53 . 2008-05-01 20:53

2008-05-01 20:52 . 2008-05-01 20:52

2008-05-01 20:52 . 2006-04-25 10:26 36,608 -ra------ C:\WINDOWS\system32\drivers\ifxtpm.sys

2008-05-01 20:47 . 2008-05-01 20:47

2008-05-01 20:46 . 2008-05-01 20:46

2008-05-01 20:45 . 2008-05-01 20:45

2008-05-01 20:45 . 2007-02-16 15:46 160,256 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys

2008-05-01 20:45 . 2007-02-16 15:46 160,256 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys

2008-05-01 20:44 . 2008-05-01 20:44

2008-05-01 20:44 . 2008-05-01 20:44

2008-05-01 20:44 . 2007-01-17 03:04 9,599,872 --a------ C:\WINDOWS\system32\drivers\snp2uvc.sys

2008-05-01 20:44 . 2006-12-29 11:48 569,344 --a------ C:\WINDOWS\vsnp2uvc.exe

2008-05-01 20:44 . 2007-01-13 10:17 299,008 --a------ C:\WINDOWS\system32\vsnp2uvc.dll

2008-05-01 20:44 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe

2008-05-01 20:44 . 2007-01-24 06:26 81,920 --a------ C:\WINDOWS\system32\rsnp2uvc.dll

2008-05-01 20:44 . 2005-11-24 05:55 53,248 --a------ C:\WINDOWS\system32\csnp2uvc.dll

2008-05-01 20:44 . 2007-01-17 03:01 27,904 --a------ C:\WINDOWS\system32\drivers\sncduvc.sys

2008-05-01 20:44 . 2006-05-20 03:39 15,497 --a------ C:\WINDOWS\snp2uvc.ini

2008-05-01 20:44 . 2006-05-20 03:53 13,022 --a------ C:\WINDOWS\snp2uvc.src

2008-05-01 20:40 . 2004-09-04 03:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll

2008-05-01 20:40 . 2007-01-23 16:40 42,496 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys

2008-05-01 20:40 . 2007-02-24 14:42 39,936 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys

2008-05-01 20:37 . 2008-05-01 20:37

2008-05-01 20:37 . 2008-04-14 22:50 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-05-01 20:36 . 2008-04-14 21:50 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-05-01 20:35 . 2008-05-01 20:35

2008-05-01 20:35 . 2006-11-28 08:50 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys

2008-05-01 20:35 . 2006-10-15 08:02 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys

2008-05-01 20:35 . 2006-10-15 08:01 149,123 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys

2008-05-01 20:35 . 2006-10-15 08:04 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll

2008-05-01 20:35 . 2006-10-15 07:59 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys

2008-05-01 20:35 . 2006-11-28 08:48 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys

2008-05-01 20:35 . 2006-10-09 16:00 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-08 09:08 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-05-02 16:08 --------- d-----w C:\Program Files\Common Files\Ahead

2008-05-01 19:35 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-05-01 19:27 --------- d-----w C:\Documents and Settings\ttomit\Dane aplikacji\Ahead

2008-05-01 19:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead

2008-05-01 19:03 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\ttomit\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Intel

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Intel

2008-05-01 19:01 --------- d-----w C:\Program Files\SPP

2008-05-01 18:28 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-05-01 17:59 --------- d-----w C:\Program Files\Usługi online

2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 20:48 1,448,960 ----a-w C:\WINDOWS\system32\WINNTBBU.DLL

2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 19:52 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 19:45 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll

2008-04-14 19:43 680,448 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 19:39 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll

2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-04-14 19:29 8,192 ----a-w C:\WINDOWS\system32\asferror.dll

2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

.

------- Sigcheck -------

2004-08-04 01:44 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS\$NtServicePackUninstall$\wininet.dll

2008-04-14 22:50 702976 1fd3017efbafdc8eddbf60d90352e8a0 C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2008-04-14 22:50 702976 1fd3017efbafdc8eddbf60d90352e8a0 C:\WINDOWS\system32\wininet.dll

2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\explorer.exe

2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2008-04-14 22:51 977408 f042e3426d45d86d9bb55f6a79ab441a C:\WINDOWS\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224]

"Gadu-Gadu"="C:\Programy\Media\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

"SpyGuarder"="C:\Documents and Settings\ttomit\spyguarder.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-26 14:06 8462336]

"nwiz"="nwiz.exe" [2007-06-26 14:06 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2007-06-26 14:06 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 08:34 634880]

"WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 18:55 190000]

"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 11:48 569344]

"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 19:23 49168]

"Wow VideoAudio"="C:\Program Files\Compal\Wow VideoAudio\WVAMain.exe" [2007-05-03 17:51 951856]

"Adobe Reader Speed Launcher"="C:\Programy\Robocze\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"egui"="C:\Programy\Robocze\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05 1410304]

C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 16:35:34 561213]

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-05-08 00:04:39 882176]

Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\Programy\Media\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^ttomit^Menu Start^Programy^Autostart^RocketDock.lnk]

path=C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\RocketDock.lnk

backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ttomit^Menu Start^Programy^Autostart^Y'z Shadow.lnk]

path=C:\Documents and Settings\ttomit\Menu Start\Programy\Autostart\Y'z Shadow.lnk

backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-04-04 00:29 165784 C:\Programy\Robocze\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

--a------ 2008-03-20 12:04 2127296 C:\Programy\Media\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2006-11-24 01:06 487424 C:\Programy\Media\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Programy\Media\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"SharedAccess"=2 (0x2)

"SENS"=2 (0x2)

"Eventlog"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"D:\Gry\Quake 3\quake3.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Dx9.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Dx10.exe"=

"D:\Gry\Assassin's Creed\AssassinsCreed_Launcher.exe"=

"C:\Programy\Media\DC++\DCPlusPlus.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"D:\Gry\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"=

"C:\Programy\Robocze\Microsoft Office\Office12\OUTLOOK.EXE"=

"C:\Programy\Media\BitComet\BitComet.exe"=

"D:\Gry\[PC] Formula 1 2006 [ENG] [RIP] [dopeman]\F1\F1 2006.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14312:TCP"= 14312:TCP:BitComet 14312 TCP

"14312:UDP"= 14312:UDP:BitComet 14312 UDP

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-04-06 16:09]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-04-25 10:26]

R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-28 19:15]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 15:11]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 15:11]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 15:11]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 15:11]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 15:11]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 15:11]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

"2008-05-01 19:08:28 C:\WINDOWS\Tasks\Security Platform Backup Schedule.job"

  • C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 20:40:13

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-22 20:40:36

ComboFix-quarantined-files.txt 2008-05-22 18:40:34

Pre-Run: 18,857,476,096 bajtów wolnych

Post-Run: 18,838,622,208 bajtów wolnych

368

W dniu 22.05.2008 , o godzinie 21:01 został dopisany post przez ttomit

Jeżeli już jest czysty to wielkie dzięki za pomoc. Niby nic nie wyskakuje a jak by co to napisze i poproszę o pomoc. Wielkie thx


(huber2t) #8

Log wyglada na czysty

Usuń ręcznie folder C:\Qoobox ,usuń instalkę Combofix z dysku

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

Włącz przywracanie systemu.


(Monczkin) #9