Prośba o sprawdzenie loga z ComboFix po usunięciu Vundo

Dla specjalistów Bezpieczeństwo
#1

Prośba do osoby znającej się na rzeczy o sprawdzenie loga z ComboFix (po usunięciu Vundo):

ComboFix 08-04-03.5 - Anna Dudziec 2008-04-04 20:38:43.1 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.280 [GMT 2:00]

Running from: C:\Documents and Settings\Anna Dudziec\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BM5b8e30ab.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\abKTDccf.ini

C:\WINDOWS\system32\abKTDccf.ini2

C:\WINDOWS\system32\cbXOGXRk.dll

C:\WINDOWS\system32\hnuotius.dll

C:\WINDOWS\system32\ployiavy.dll

C:\WINDOWS\Temp\16067429.exe

C:\WINDOWS\yeTyezzd.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_yeTyezzd

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))

.

2008-04-04 19:55 . 2008-04-04 19:55

2008-04-04 19:33 . 2005-08-10 13:21

2008-04-04 19:33 . 2005-08-10 13:18

2008-04-04 19:33 . 2005-08-10 11:25

2008-04-04 19:33 . 2005-08-10 13:21

2008-04-04 19:33 . 2005-08-10 13:18

2008-04-04 19:33 . 2005-08-10 13:21

2008-04-04 19:33 . 2005-08-10 15:36

2008-04-04 19:33 . 2005-08-10 15:59

2008-04-04 19:33 . 2005-08-10 15:54

2008-04-04 19:33 . 2005-08-10 16:06

2008-04-04 19:33 . 2005-08-10 15:46

2008-04-04 19:33 . 2005-08-10 16:06

2008-04-04 07:36 . 2008-04-04 07:36 4,466 --a------ C:\WINDOWS\system32\eqoieaaw.dll

2008-04-03 22:44 . 2008-04-03 22:47

2008-04-03 22:44 . 2008-04-03 22:44

2008-04-03 17:57 . 2008-04-04 15:05 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-04-03 17:19 . 2008-04-03 17:19

2008-04-03 17:17 . 2008-04-03 17:17

2008-04-03 17:12 . 2004-08-04 12:00 1,817,687 --a–c— C:\WINDOWS\system32\dllcache\bckgres.dll

2008-04-03 17:12 . 2004-08-04 12:00 113,222 --a–c— C:\WINDOWS\system32\dllcache\zoneclim.dll

2008-04-03 17:12 . 2004-08-04 12:00 29,760 --a–c— C:\WINDOWS\system32\dllcache\znetm.dll

2008-04-03 17:12 . 2004-08-04 12:00 13,894 --a–c— C:\WINDOWS\system32\dllcache\zonelibm.dll

2008-04-03 17:09 . 2008-04-03 17:11

2008-04-03 17:09 . 2008-04-03 17:09

2008-04-03 17:03 . 2008-04-03 17:04

2008-04-03 15:28 . 2008-04-03 18:30

2008-04-03 15:20 . 2008-04-03 15:20 98,304 --a------ C:\WINDOWS\system32\qttask.exe

2008-04-03 15:18 . 2003-08-18 05:10 122,880 --a------ C:\WINDOWS\system32\directx.cpl

2008-04-03 15:18 . 2003-03-25 05:49 106,544 --a------ C:\WINDOWS\system32\tweakui.cpl

2008-04-03 15:18 . 2003-03-25 05:49 98,304 --a------ C:\WINDOWS\system32\startup.cpl

2008-04-03 15:18 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl

2008-04-03 15:18 . 2003-03-25 05:49 51,238 --a------ C:\WINDOWS\system32\tweakui.hlp

2008-04-03 15:16 . 2008-04-03 15:16

2008-04-03 15:16 . 2004-09-23 18:57 6,676,480 --a------ C:\WINDOWS\system32\quicktime.qts

2008-04-03 15:16 . 2004-11-08 20:01 360,504 --a------ C:\WINDOWS\system32\qtplugin.ocx

2008-04-03 15:16 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\quicktime.cpl

2008-04-03 15:16 . 2008-04-03 15:20 9,006 --a------ C:\WINDOWS\system32\quicktime.qtp

2008-04-03 15:14 . 2008-04-03 15:18

2008-04-03 15:14 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl

2008-04-03 08:32 . 2008-04-03 22:49 1,535,779 —hs---- C:\WINDOWS\system32\vvhnyufk.ini

2008-04-02 22:30 . 2008-04-04 20:37

2008-04-02 22:30 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-04-02 22:30 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-04-02 22:30 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-04-02 22:30 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-04-02 22:29 . 2008-04-03 22:34

2008-04-02 22:29 . 2008-04-02 22:29

2008-04-02 22:25 . 2008-04-02 22:25

2008-04-02 22:23 . 2008-04-02 22:23

2008-04-02 22:23 . 2008-04-02 22:24

2008-04-02 22:05 . 2008-04-02 22:05

2008-04-02 21:59 . 2008-04-02 22:00

2008-04-02 21:59 . 2008-04-02 22:02

2008-04-02 21:09 . 2008-04-02 21:09

2008-04-02 21:09 . 2008-04-02 21:09

2008-04-02 20:12 . 2008-04-02 20:12

2008-04-02 20:10 . 2008-04-03 17:40

2008-04-02 19:30 . 2008-04-02 19:31

2008-04-02 19:13 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-04-02 19:11 . 2008-04-02 19:12

2008-04-02 18:32 . 2008-04-02 18:32

2008-04-02 18:31 . 2008-04-02 18:31

2008-04-02 18:31 . 2008-04-02 18:32

2008-04-02 18:29 . 2008-04-02 18:29

2008-04-02 17:55 . 2007-12-07 04:14 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2008-04-02 17:55 . 2007-07-01 05:31 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-04-02 17:55 . 2007-07-01 05:36 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-04-02 17:55 . 2007-12-07 04:14 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-04-02 17:55 . 2007-12-07 04:14 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-04-02 17:55 . 2007-12-07 04:14 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2008-04-02 17:55 . 2007-12-07 04:14 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2008-04-02 17:55 . 2007-12-07 04:14 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-04-02 17:55 . 2007-12-06 13:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-02 17:54 . 2008-04-02 17:56

2008-04-02 17:50 . 2007-08-13 18:54 33,792 --a–c— C:\WINDOWS\system32\dllcache\custsat.dll

2008-04-02 17:33 . 2006-08-21 11:14 128,896 -----c— C:\WINDOWS\system32\dllcache\fltmgr.sys

2008-04-02 17:33 . 2006-08-21 11:14 23,040 -----c— C:\WINDOWS\system32\dllcache\fltmc.exe

2008-04-02 17:33 . 2006-08-21 14:28 16,896 -----c— C:\WINDOWS\system32\dllcache\fltlib.dll

2008-04-02 17:21 . 2008-04-02 17:20 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-04-02 17:21 . 2008-04-02 17:20 270,336 --a------ C:\WINDOWS\system32\imon.dll

2008-04-02 17:20 . 2008-04-02 20:20

2008-04-02 16:50 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-02 16:25 . 2008-04-02 16:25

2008-04-02 16:21 . 2007-07-09 15:11 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-04-02 16:14 . 2006-12-07 08:40 2,362,184 -----c— C:\WINDOWS\system32\dllcache\wmvcore.dll

2008-04-02 15:55 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-04-02 15:50 . 2004-08-04 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-04-02 15:49 . 2005-08-10 13:21

2008-04-02 15:49 . 2008-04-02 18:11

2008-04-02 15:49 . 2005-08-10 11:25

2008-04-02 15:49 . 2008-04-04 20:36

2008-04-02 15:49 . 2008-04-04 18:54

2008-04-02 15:49 . 2008-04-03 22:44

2008-04-02 15:49 . 2008-04-02 16:17

2008-04-02 15:49 . 2008-04-02 15:50

2008-04-02 15:49 . 2005-08-10 15:54

2008-04-02 15:49 . 2005-08-10 15:46

2008-04-02 15:49 . 2008-04-03 22:44

2008-04-02 15:49 . 2008-04-02 15:49 0 -rahs---- C:\WINDOWS\system32\drivers\TOSHIBA_Satellite L20_03171000-PL_PSL2XE-01C01.MRK

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-03 15:43 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-04-03 15:43 --------- d-----w C:\Program Files\Toshiba

2008-04-02 20:28 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-02 15:17 --------- d-----w C:\Program Files\Symantec

2008-04-02 15:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2008-02-18 14:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys

2008-02-18 14:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{9AA82BAF-1576-4CBE-BDCC-013E62D3FD21}]

C:\WINDOWS\system32\ljJBQKDv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]

“IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-06-28 21:05 344064]

“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-08 23:44 98394]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-08 23:43 688218]

“Toshiba Hotkey Utility”=“C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” [2005-08-01 23:25 1093632]

“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2008-04-02 17:20 917504]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 13:06 40048]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-04-01 20:49 36352]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-04-02 22:23 185896]

“QuickTime Task”=“C:\WINDOWS\system32\qttask.exe” [2008-04-03 15:20 98304]

“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2008-02-28 09:59 570664]

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2008-02-18 16:29 2221352]

“UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2008-03-01 07:10 15872]

“BM5b8e30ab”=“C:\WINDOWS\system32\uuunytkp.dll” []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.iac2”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax

“vidc.avrn”= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL

“vidc.advj”= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL

“vidc.mszh”= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll

“vidc.zlib”= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll

“vidc.cscd”= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll

“vidc.cvid”= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll

“msacm.trspch”= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm

“vidc.em2v”= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll

“vidc.mkvc”= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll

“vidc.hfyu”= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll

“msacm.lameacm”= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm

“msacm.lhacm”= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm

“msacm.l3acm”= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm

“vidc.sjpg”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.dmb2”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.gepj”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.qpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll

“vidc.q1.0”= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll

“msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm

“vidc.tscc”= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll

“vidc.vifp”= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll

“vidc.wrpr”= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll

“vidc.wnv1”= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll

“vidc.advs”= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll

“vidc.aflc”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

“vidc.afli”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

“vidc.aasc”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

“vidc.aas4”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

“vidc.asv1”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll

“vidc.asv2”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll

“vidc.asvx”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll

“vidc.vcr1”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll

“vidc.vcr2”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll

“vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL

“vidc.mwv1”= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll

“vidc.bt20”= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

“vidc.y41p”= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

“msacm.pcdv”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm

“vidc.cdvc”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL

“vidc.ddvc”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL

“vidc.png1”= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL

“msacm.CoreFLAC_ACM”= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM

“vidc.davc”= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll

“vidc.div3”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.div5”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.mpg3”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.div4”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.div6”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.ap41”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.dvx4”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll

“vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll

“msacm.divxa32”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm

“vidc.frwd”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll

“vidc.frwt”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll

“vidc.frwa”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll

“vidc.frwu”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll

“vidc.glzw”= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll

“vidc.gpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll

“vidc.i263”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv

“vidc.iv30”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv31”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv32”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv33”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv34”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv35”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv36”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv37”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv38”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv39”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv40”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv41”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv42”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv43”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv44”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv45”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv46”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv47”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv48”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv49”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv50”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll

“vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll

“vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll

“vidc.ir21”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL

“vidc.rt21”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL

“msacm.imc”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM

“vidc.lead”= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL

“vidc.dvsd”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dvc”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dvcs”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dcmj”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.avi1”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.avi2”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.dv25”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.dv50”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.msmc”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mmjp”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx1”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx2”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx3”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx4”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx5”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx6”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx7”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx8”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx9”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mmes”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“msacm.msadpcm”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm

“msacm.imaadpcm”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm

“msacm.msg711”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm

“msacm.msg723”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm

“msacm.msgsm610”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm

“vidc.m261”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv

“vidc.m263”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv

“vidc.i420”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv

“vidc.mrle”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll

“vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.msvc”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

“vidc.cram”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

“vidc.mpg4”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp41”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp42”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp43”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp4s”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp4v”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.wmv3”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll

“msacm.msaudio1”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

“vidc.vixl”= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll

“vidc.nt00”= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll

“msacm.vorbis”= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm

“vidc.vp30”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

“vidc.vp31”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

“vidc.vp60”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

“vidc.vp61”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

“vidc.pdvc”= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

“vidc.ipdv”= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

“vidc.pvw2”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll

“vidc.pimj”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll

“vidc.mjpx”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll

“vidc.miro”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

“vidc.dcap”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

“vidc.mjpa”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

“vidc.gpjm”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

“vidc.pim1”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll

“msacm.qmpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm

“vidc.rmp4”= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll

“vidc.rud0”= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll

“msacm.at3”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm

“vidc.sony”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll

“vidc.dvcp”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll

“vidc.s422”= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll

“vidc.t420”= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

“vidc.y411”= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

“vidc.vssv”= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll

“msacm.voxacm160”= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm

“vidc.xvid”= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 06:42]

R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]

R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]

S3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-01 02:08]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-04 20:42:20

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-04 20:43:53 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-04 18:43:49

Pre-Run: 31,252,430,848 bajtów wolnych

Post-Run: 31,185,940,480 bajt˘w wolnych

.

2008-04-02 16:21:20 — E O F —

#2

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

potem log HijackThis 2.02

:slight_smile:

#3

Log z ComboFix:

ComboFix 08-04-03.5 - Anna Dudziec 2008-04-04 23:34:38.1 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.287 [GMT 2:00]

Running from: C:\Documents and Settings\Anna Dudziec\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Anna Dudziec\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\system32\eqoieaaw.dll

C:\WINDOWS\system32\vvhnyufk.ini

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\eqoieaaw.dll

C:\WINDOWS\system32\vvhnyufk.ini

.

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))

.

2008-04-04 19:33 . 2008-04-04 20:43

2008-04-04 19:33 . 2005-08-10 13:18

2008-04-04 19:33 . 2005-08-10 11:25

2008-04-04 19:33 . 2005-08-10 13:21

2008-04-04 19:33 . 2005-08-10 13:18

2008-04-04 19:33 . 2005-08-10 13:21

2008-04-04 19:33 . 2005-08-10 15:36

2008-04-04 19:33 . 2005-08-10 15:59

2008-04-04 19:33 . 2005-08-10 15:54

2008-04-04 19:33 . 2005-08-10 16:06

2008-04-04 19:33 . 2005-08-10 15:46

2008-04-04 19:33 . 2005-08-10 16:06

2008-04-03 22:44 . 2008-04-03 22:47

2008-04-03 22:44 . 2008-04-03 22:44

2008-04-03 17:57 . 2008-04-04 15:05 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-04-03 17:19 . 2008-04-03 17:19

2008-04-03 17:17 . 2008-04-03 17:17

2008-04-03 17:12 . 2004-08-04 12:00 1,817,687 --a–c— C:\WINDOWS\system32\dllcache\bckgres.dll

2008-04-03 17:12 . 2004-08-04 12:00 113,222 --a–c— C:\WINDOWS\system32\dllcache\zoneclim.dll

2008-04-03 17:12 . 2004-08-04 12:00 29,760 --a–c— C:\WINDOWS\system32\dllcache\znetm.dll

2008-04-03 17:12 . 2004-08-04 12:00 13,894 --a–c— C:\WINDOWS\system32\dllcache\zonelibm.dll

2008-04-03 17:09 . 2008-04-03 17:11

2008-04-03 17:09 . 2008-04-03 17:09

2008-04-03 17:03 . 2008-04-03 17:04

2008-04-03 15:28 . 2008-04-03 18:30

2008-04-03 15:20 . 2008-04-03 15:20 98,304 --a------ C:\WINDOWS\system32\qttask.exe

2008-04-03 15:18 . 2003-08-18 05:10 122,880 --a------ C:\WINDOWS\system32\directx.cpl

2008-04-03 15:18 . 2003-03-25 05:49 106,544 --a------ C:\WINDOWS\system32\tweakui.cpl

2008-04-03 15:18 . 2003-03-25 05:49 98,304 --a------ C:\WINDOWS\system32\startup.cpl

2008-04-03 15:18 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl

2008-04-03 15:18 . 2003-03-25 05:49 51,238 --a------ C:\WINDOWS\system32\tweakui.hlp

2008-04-03 15:16 . 2008-04-03 15:16

2008-04-03 15:16 . 2004-09-23 18:57 6,676,480 --a------ C:\WINDOWS\system32\quicktime.qts

2008-04-03 15:16 . 2004-11-08 20:01 360,504 --a------ C:\WINDOWS\system32\qtplugin.ocx

2008-04-03 15:16 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\quicktime.cpl

2008-04-03 15:16 . 2008-04-03 15:20 9,006 --a------ C:\WINDOWS\system32\quicktime.qtp

2008-04-03 15:14 . 2008-04-03 15:18

2008-04-03 15:14 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl

2008-04-02 22:30 . 2008-04-04 23:18

2008-04-02 22:30 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-04-02 22:30 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-04-02 22:30 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-04-02 22:30 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-04-02 22:29 . 2008-04-03 22:34

2008-04-02 22:29 . 2008-04-02 22:29

2008-04-02 22:25 . 2008-04-02 22:25

2008-04-02 22:23 . 2008-04-02 22:23

2008-04-02 22:23 . 2008-04-02 22:24

2008-04-02 22:05 . 2008-04-02 22:05

2008-04-02 21:59 . 2008-04-02 22:00

2008-04-02 21:59 . 2008-04-02 22:02

2008-04-02 21:09 . 2008-04-02 21:09

2008-04-02 21:09 . 2008-04-02 21:09

2008-04-02 20:12 . 2008-04-02 20:12

2008-04-02 20:10 . 2008-04-03 17:40

2008-04-02 19:30 . 2008-04-02 19:31

2008-04-02 19:13 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-04-02 19:11 . 2008-04-02 19:12

2008-04-02 18:32 . 2008-04-02 18:32

2008-04-02 18:31 . 2008-04-02 18:31

2008-04-02 18:31 . 2008-04-02 18:32

2008-04-02 18:29 . 2008-04-02 18:29

2008-04-02 17:55 . 2007-12-07 04:14 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2008-04-02 17:55 . 2007-07-01 05:31 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-04-02 17:55 . 2007-07-01 05:36 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-04-02 17:55 . 2007-12-07 04:14 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-04-02 17:55 . 2007-12-07 04:14 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-04-02 17:55 . 2007-12-07 04:14 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2008-04-02 17:55 . 2007-12-07 04:14 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2008-04-02 17:55 . 2007-12-07 04:14 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-04-02 17:55 . 2007-12-06 13:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-02 17:54 . 2008-04-02 17:56

2008-04-02 17:50 . 2007-08-13 18:54 33,792 --a–c— C:\WINDOWS\system32\dllcache\custsat.dll

2008-04-02 17:33 . 2006-08-21 11:14 128,896 -----c— C:\WINDOWS\system32\dllcache\fltmgr.sys

2008-04-02 17:33 . 2006-08-21 11:14 23,040 -----c— C:\WINDOWS\system32\dllcache\fltmc.exe

2008-04-02 17:33 . 2006-08-21 14:28 16,896 -----c— C:\WINDOWS\system32\dllcache\fltlib.dll

2008-04-02 17:21 . 2008-04-02 17:20 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-04-02 17:21 . 2008-04-02 17:20 270,336 --a------ C:\WINDOWS\system32\imon.dll

2008-04-02 17:20 . 2008-04-02 20:20

2008-04-02 16:50 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-02 16:25 . 2008-04-02 16:25

2008-04-02 16:21 . 2007-07-09 15:11 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-04-02 16:14 . 2006-12-07 08:40 2,362,184 -----c— C:\WINDOWS\system32\dllcache\wmvcore.dll

2008-04-02 15:55 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-04-02 15:50 . 2008-04-02 15:50

2008-04-02 15:50 . 2004-08-04 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-04-02 15:49 . 2008-04-04 20:44

2008-04-02 15:49 . 2008-04-02 18:11

2008-04-02 15:49 . 2005-08-10 11:25

2008-04-02 15:49 . 2008-04-04 23:34

2008-04-02 15:49 . 2008-04-04 23:27

2008-04-02 15:49 . 2008-04-03 22:44

2008-04-02 15:49 . 2008-04-02 16:17

2008-04-02 15:49 . 2008-04-02 15:50

2008-04-02 15:49 . 2005-08-10 15:54

2008-04-02 15:49 . 2005-08-10 15:46

2008-04-02 15:49 . 2008-04-03 22:44

2008-04-02 15:49 . 2008-04-02 15:49 0 -rahs---- C:\WINDOWS\system32\drivers\TOSHIBA_Satellite L20_03171000-PL_PSL2XE-01C01.MRK

2008-04-02 15:48 . 2005-08-10 15:36

2008-04-02 15:48 . 2005-08-10 15:59

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-03 15:43 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-04-03 15:43 --------- d-----w C:\Program Files\Toshiba

2008-04-02 20:28 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-02 15:17 --------- d-----w C:\Program Files\Symantec

2008-04-02 15:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2008-02-18 14:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys

2008-02-18 14:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys

2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{9AA82BAF-1576-4CBE-BDCC-013E62D3FD21}]

C:\WINDOWS\system32\ljJBQKDv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]

“IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-06-28 21:05 344064]

“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-08 23:44 98394]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-08 23:43 688218]

“Toshiba Hotkey Utility”=“C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” [2005-08-01 23:25 1093632]

“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2008-04-02 17:20 917504]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 13:06 40048]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-04-01 20:49 36352]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-04-02 22:23 185896]

“QuickTime Task”=“C:\WINDOWS\system32\qttask.exe” [2008-04-03 15:20 98304]

“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2008-02-28 09:59 570664]

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2008-02-18 16:29 2221352]

“UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2008-03-01 07:10 15872]

“BM5b8e30ab”=“C:\WINDOWS\system32\uuunytkp.dll” []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.iac2”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax

“vidc.avrn”= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL

“vidc.advj”= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL

“vidc.mszh”= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll

“vidc.zlib”= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll

“vidc.cscd”= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll

“vidc.cvid”= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll

“msacm.trspch”= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm

“vidc.em2v”= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll

“vidc.mkvc”= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll

“vidc.hfyu”= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll

“msacm.lameacm”= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm

“msacm.lhacm”= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm

“msacm.l3acm”= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm

“vidc.sjpg”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.dmb2”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.gepj”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.qpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll

“vidc.q1.0”= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll

“msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm

“vidc.tscc”= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll

“vidc.vifp”= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll

“vidc.wrpr”= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll

“vidc.wnv1”= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll

“vidc.advs”= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll

“vidc.aflc”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

“vidc.afli”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

“vidc.aasc”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

“vidc.aas4”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

“vidc.asv1”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll

“vidc.asv2”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll

“vidc.asvx”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll

“vidc.vcr1”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll

“vidc.vcr2”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll

“vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL

“vidc.mwv1”= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll

“vidc.bt20”= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

“vidc.y41p”= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

“msacm.pcdv”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm

“vidc.cdvc”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL

“vidc.ddvc”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL

“vidc.png1”= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL

“msacm.CoreFLAC_ACM”= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM

“vidc.davc”= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll

“vidc.div3”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.div5”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.mpg3”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.div4”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.div6”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.ap41”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.dvx4”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll

“vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll

“msacm.divxa32”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm

“vidc.frwd”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll

“vidc.frwt”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll

“vidc.frwa”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll

“vidc.frwu”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll

“vidc.glzw”= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll

“vidc.gpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll

“vidc.i263”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv

“vidc.iv30”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv31”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv32”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv33”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv34”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv35”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv36”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv37”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv38”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv39”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv40”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv41”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv42”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv43”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv44”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv45”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv46”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv47”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv48”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv49”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv50”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll

“vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll

“vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll

“vidc.ir21”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL

“vidc.rt21”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL

“msacm.imc”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM

“vidc.lead”= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL

“vidc.dvsd”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dvc”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dvcs”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dcmj”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.avi1”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.avi2”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.dv25”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.dv50”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.msmc”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mmjp”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx1”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx2”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx3”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx4”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx5”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx6”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx7”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx8”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx9”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mmes”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“msacm.msadpcm”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm

“msacm.imaadpcm”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm

“msacm.msg711”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm

“msacm.msg723”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm

“msacm.msgsm610”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm

“vidc.m261”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv

“vidc.m263”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv

“vidc.i420”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv

“vidc.mrle”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll

“vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.msvc”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

“vidc.cram”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

“vidc.mpg4”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp41”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp42”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp43”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp4s”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp4v”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.wmv3”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll

“msacm.msaudio1”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

“vidc.vixl”= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll

“vidc.nt00”= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll

“msacm.vorbis”= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm

“vidc.vp30”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

“vidc.vp31”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

“vidc.vp60”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

“vidc.vp61”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

“vidc.pdvc”= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

“vidc.ipdv”= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

“vidc.pvw2”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll

“vidc.pimj”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll

“vidc.mjpx”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll

“vidc.miro”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

“vidc.dcap”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

“vidc.mjpa”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

“vidc.gpjm”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

“vidc.pim1”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll

“msacm.qmpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm

“vidc.rmp4”= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll

“vidc.rud0”= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll

“msacm.at3”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm

“vidc.sony”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll

“vidc.dvcp”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll

“vidc.s422”= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll

“vidc.t420”= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

“vidc.y411”= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

“vidc.vssv”= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll

“msacm.voxacm160”= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm

“vidc.xvid”= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 06:42]

R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]

R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]

S3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-01 02:08]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-04 23:36:25

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-04 23:37:11

ComboFix-quarantined-files.txt 2008-04-04 21:37:02

Pre-Run: 31,689,367,552 bajtów wolnych

Post-Run: 31,680,536,576 bajtów wolnych

.

2008-04-02 16:21:20 — E O F —

#4

Log z ComboFix:

ComboFix 08-04-03.5 - Anna Dudziec 2008-04-04 23:34:38.1 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.287 [GMT 2:00]

Running from: C:\Documents and Settings\Anna Dudziec\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Anna Dudziec\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\system32\eqoieaaw.dll

C:\WINDOWS\system32\vvhnyufk.ini

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\eqoieaaw.dll

C:\WINDOWS\system32\vvhnyufk.ini

.

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))

.

2008-04-04 19:33 . 2008-04-04 20:43

2008-04-04 19:33 . 2005-08-10 13:18

2008-04-04 19:33 . 2005-08-10 11:25

2008-04-04 19:33 . 2005-08-10 13:21

2008-04-04 19:33 . 2005-08-10 13:18

2008-04-04 19:33 . 2005-08-10 13:21

2008-04-04 19:33 . 2005-08-10 15:36

2008-04-04 19:33 . 2005-08-10 15:59

2008-04-04 19:33 . 2005-08-10 15:54

2008-04-04 19:33 . 2005-08-10 16:06

2008-04-04 19:33 . 2005-08-10 15:46

2008-04-04 19:33 . 2005-08-10 16:06

2008-04-03 22:44 . 2008-04-03 22:47

2008-04-03 22:44 . 2008-04-03 22:44

2008-04-03 17:57 . 2008-04-04 15:05 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-04-03 17:19 . 2008-04-03 17:19

2008-04-03 17:17 . 2008-04-03 17:17

2008-04-03 17:12 . 2004-08-04 12:00 1,817,687 --a–c— C:\WINDOWS\system32\dllcache\bckgres.dll

2008-04-03 17:12 . 2004-08-04 12:00 113,222 --a–c— C:\WINDOWS\system32\dllcache\zoneclim.dll

2008-04-03 17:12 . 2004-08-04 12:00 29,760 --a–c— C:\WINDOWS\system32\dllcache\znetm.dll

2008-04-03 17:12 . 2004-08-04 12:00 13,894 --a–c— C:\WINDOWS\system32\dllcache\zonelibm.dll

2008-04-03 17:09 . 2008-04-03 17:11

2008-04-03 17:09 . 2008-04-03 17:09

2008-04-03 17:03 . 2008-04-03 17:04

2008-04-03 15:28 . 2008-04-03 18:30

2008-04-03 15:20 . 2008-04-03 15:20 98,304 --a------ C:\WINDOWS\system32\qttask.exe

2008-04-03 15:18 . 2003-08-18 05:10 122,880 --a------ C:\WINDOWS\system32\directx.cpl

2008-04-03 15:18 . 2003-03-25 05:49 106,544 --a------ C:\WINDOWS\system32\tweakui.cpl

2008-04-03 15:18 . 2003-03-25 05:49 98,304 --a------ C:\WINDOWS\system32\startup.cpl

2008-04-03 15:18 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl

2008-04-03 15:18 . 2003-03-25 05:49 51,238 --a------ C:\WINDOWS\system32\tweakui.hlp

2008-04-03 15:16 . 2008-04-03 15:16

2008-04-03 15:16 . 2004-09-23 18:57 6,676,480 --a------ C:\WINDOWS\system32\quicktime.qts

2008-04-03 15:16 . 2004-11-08 20:01 360,504 --a------ C:\WINDOWS\system32\qtplugin.ocx

2008-04-03 15:16 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\quicktime.cpl

2008-04-03 15:16 . 2008-04-03 15:20 9,006 --a------ C:\WINDOWS\system32\quicktime.qtp

2008-04-03 15:14 . 2008-04-03 15:18

2008-04-03 15:14 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl

2008-04-02 22:30 . 2008-04-04 23:18

2008-04-02 22:30 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-04-02 22:30 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-04-02 22:30 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-04-02 22:30 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-04-02 22:29 . 2008-04-03 22:34

2008-04-02 22:29 . 2008-04-02 22:29

2008-04-02 22:25 . 2008-04-02 22:25

2008-04-02 22:23 . 2008-04-02 22:23

2008-04-02 22:23 . 2008-04-02 22:24

2008-04-02 22:05 . 2008-04-02 22:05

2008-04-02 21:59 . 2008-04-02 22:00

2008-04-02 21:59 . 2008-04-02 22:02

2008-04-02 21:09 . 2008-04-02 21:09

2008-04-02 21:09 . 2008-04-02 21:09

2008-04-02 20:12 . 2008-04-02 20:12

2008-04-02 20:10 . 2008-04-03 17:40

2008-04-02 19:30 . 2008-04-02 19:31

2008-04-02 19:13 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-04-02 19:11 . 2008-04-02 19:12

2008-04-02 18:32 . 2008-04-02 18:32

2008-04-02 18:31 . 2008-04-02 18:31

2008-04-02 18:31 . 2008-04-02 18:32

2008-04-02 18:29 . 2008-04-02 18:29

2008-04-02 17:55 . 2007-12-07 04:14 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2008-04-02 17:55 . 2007-07-01 05:31 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-04-02 17:55 . 2007-07-01 05:36 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-04-02 17:55 . 2007-12-07 04:14 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-04-02 17:55 . 2007-12-07 04:14 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-04-02 17:55 . 2007-12-07 04:14 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2008-04-02 17:55 . 2007-12-07 04:14 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2008-04-02 17:55 . 2007-12-07 04:14 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-04-02 17:55 . 2007-12-06 13:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-02 17:54 . 2008-04-02 17:56

2008-04-02 17:50 . 2007-08-13 18:54 33,792 --a–c— C:\WINDOWS\system32\dllcache\custsat.dll

2008-04-02 17:33 . 2006-08-21 11:14 128,896 -----c— C:\WINDOWS\system32\dllcache\fltmgr.sys

2008-04-02 17:33 . 2006-08-21 11:14 23,040 -----c— C:\WINDOWS\system32\dllcache\fltmc.exe

2008-04-02 17:33 . 2006-08-21 14:28 16,896 -----c— C:\WINDOWS\system32\dllcache\fltlib.dll

2008-04-02 17:21 . 2008-04-02 17:20 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-04-02 17:21 . 2008-04-02 17:20 270,336 --a------ C:\WINDOWS\system32\imon.dll

2008-04-02 17:20 . 2008-04-02 20:20

2008-04-02 16:50 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-02 16:25 . 2008-04-02 16:25

2008-04-02 16:21 . 2007-07-09 15:11 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-04-02 16:14 . 2006-12-07 08:40 2,362,184 -----c— C:\WINDOWS\system32\dllcache\wmvcore.dll

2008-04-02 15:55 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-04-02 15:50 . 2008-04-02 15:50

2008-04-02 15:50 . 2004-08-04 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-04-02 15:49 . 2008-04-04 20:44

2008-04-02 15:49 . 2008-04-02 18:11

2008-04-02 15:49 . 2005-08-10 11:25

2008-04-02 15:49 . 2008-04-04 23:34

2008-04-02 15:49 . 2008-04-04 23:27

2008-04-02 15:49 . 2008-04-03 22:44

2008-04-02 15:49 . 2008-04-02 16:17

2008-04-02 15:49 . 2008-04-02 15:50

2008-04-02 15:49 . 2005-08-10 15:54

2008-04-02 15:49 . 2005-08-10 15:46

2008-04-02 15:49 . 2008-04-03 22:44

2008-04-02 15:49 . 2008-04-02 15:49 0 -rahs---- C:\WINDOWS\system32\drivers\TOSHIBA_Satellite L20_03171000-PL_PSL2XE-01C01.MRK

2008-04-02 15:48 . 2005-08-10 15:36

2008-04-02 15:48 . 2005-08-10 15:59

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-03 15:43 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-04-03 15:43 --------- d-----w C:\Program Files\Toshiba

2008-04-02 20:28 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-02 15:17 --------- d-----w C:\Program Files\Symantec

2008-04-02 15:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2008-02-18 14:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys

2008-02-18 14:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys

2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{9AA82BAF-1576-4CBE-BDCC-013E62D3FD21}]

C:\WINDOWS\system32\ljJBQKDv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]

“IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-06-28 21:05 344064]

“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-08 23:44 98394]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-08 23:43 688218]

“Toshiba Hotkey Utility”=“C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” [2005-08-01 23:25 1093632]

“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2008-04-02 17:20 917504]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 13:06 40048]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-04-01 20:49 36352]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-04-02 22:23 185896]

“QuickTime Task”=“C:\WINDOWS\system32\qttask.exe” [2008-04-03 15:20 98304]

“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2008-02-28 09:59 570664]

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2008-02-18 16:29 2221352]

“UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2008-03-01 07:10 15872]

“BM5b8e30ab”=“C:\WINDOWS\system32\uuunytkp.dll” []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.iac2”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax

“vidc.avrn”= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL

“vidc.advj”= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL

“vidc.mszh”= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll

“vidc.zlib”= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll

“vidc.cscd”= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll

“vidc.cvid”= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll

“msacm.trspch”= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm

“vidc.em2v”= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll

“vidc.mkvc”= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll

“vidc.hfyu”= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll

“msacm.lameacm”= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm

“msacm.lhacm”= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm

“msacm.l3acm”= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm

“vidc.sjpg”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.dmb2”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.gepj”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.qpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll

“vidc.q1.0”= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll

“msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm

“vidc.tscc”= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll

“vidc.vifp”= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll

“vidc.wrpr”= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll

“vidc.wnv1”= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll

“vidc.advs”= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll

“vidc.aflc”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

“vidc.afli”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

“vidc.aasc”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

“vidc.aas4”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

“vidc.asv1”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll

“vidc.asv2”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll

“vidc.asvx”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll

“vidc.vcr1”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll

“vidc.vcr2”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll

“vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL

“vidc.mwv1”= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll

“vidc.bt20”= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

“vidc.y41p”= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

“msacm.pcdv”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm

“vidc.cdvc”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL

“vidc.ddvc”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL

“vidc.png1”= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL

“msacm.CoreFLAC_ACM”= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM

“vidc.davc”= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll

“vidc.div3”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.div5”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.mpg3”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.div4”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.div6”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.ap41”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.dvx4”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll

“vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll

“msacm.divxa32”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm

“vidc.frwd”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll

“vidc.frwt”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll

“vidc.frwa”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll

“vidc.frwu”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll

“vidc.glzw”= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll

“vidc.gpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll

“vidc.i263”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv

“vidc.iv30”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv31”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv32”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv33”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv34”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv35”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv36”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv37”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv38”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv39”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv40”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv41”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv42”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv43”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv44”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv45”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv46”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv47”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv48”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv49”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv50”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll

“vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll

“vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll

“vidc.ir21”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL

“vidc.rt21”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL

“msacm.imc”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM

“vidc.lead”= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL

“vidc.dvsd”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dvc”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dvcs”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dcmj”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.avi1”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.avi2”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.dv25”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.dv50”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.msmc”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mmjp”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx1”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx2”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx3”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx4”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx5”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx6”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx7”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx8”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx9”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mmes”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“msacm.msadpcm”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm

“msacm.imaadpcm”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm

“msacm.msg711”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm

“msacm.msg723”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm

“msacm.msgsm610”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm

“vidc.m261”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv

“vidc.m263”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv

“vidc.i420”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv

“vidc.mrle”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll

“vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.msvc”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

“vidc.cram”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

“vidc.mpg4”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp41”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp42”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp43”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp4s”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp4v”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.wmv3”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll

“msacm.msaudio1”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

“vidc.vixl”= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll

“vidc.nt00”= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll

“msacm.vorbis”= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm

“vidc.vp30”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

“vidc.vp31”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

“vidc.vp60”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

“vidc.vp61”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

“vidc.pdvc”= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

“vidc.ipdv”= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

“vidc.pvw2”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll

“vidc.pimj”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll

“vidc.mjpx”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll

“vidc.miro”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

“vidc.dcap”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

“vidc.mjpa”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

“vidc.gpjm”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

“vidc.pim1”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll

“msacm.qmpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm

“vidc.rmp4”= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll

“vidc.rud0”= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll

“msacm.at3”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm

“vidc.sony”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll

“vidc.dvcp”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll

“vidc.s422”= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll

“vidc.t420”= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

“vidc.y411”= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

“vidc.vssv”= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll

“msacm.voxacm160”= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm

“vidc.xvid”= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 06:42]

R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]

R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]

S3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-01 02:08]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-04 23:36:25

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-04 23:37:11

ComboFix-quarantined-files.txt 2008-04-04 21:37:02

Pre-Run: 31,689,367,552 bajtów wolnych

Post-Run: 31,680,536,576 bajtów wolnych

.

2008-04-02 16:21:20 — E O F —

#5

Log z hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 23:40:24, on 2008-04-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\qttask.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\DOCUME~1\ANNADU~1\USTAWI~1\Temp\Katalog tymczasowy 1 dla HijackThis_pl.zip\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.co.uk/8SEENGB020100/FRWCompleteAddIns

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {9AA82BAF-1576-4CBE-BDCC-013E62D3FD21} - C:\WINDOWS\system32\ljJBQKDv.dll (file missing)

O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”

O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [Toshiba Hotkey Utility] “C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang PL

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\system32\qttask.exe” -atboottime

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”

O4 - HKLM…\Run: [bM5b8e30ab] Rundll32.exe “C:\WINDOWS\system32\uuunytkp.dll”,s

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Nero BackItUp Scheduler 3 (nero backitup scheduler 3) - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService (nmindexingservice) - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: PLFlash DeviceIoControl Service (plflash deviceiocontrol service) - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

#6

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

    C:\WINDOWS\system32\ljJBQKDv.dll

    C:\WINDOWS\system32\uuunytkp.dll

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

#7

Dzięki wielkie za pomoc, mam nadzieję, że już wszystko jest ok.

Przesyłam log

ComboFix 08-04-04.1 - Anna Dudziec 2008-04-06 0:17:21.1 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.221 [GMT 2:00]

Running from: C:\Documents and Settings\Anna Dudziec\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Anna Dudziec\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\system32\ljJBQKDv.dll

C:\WINDOWS\system32\uuunytkp.dll

.

((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))

.

2008-04-05 22:45 . 2008-04-05 22:45

2008-04-04 23:57 . 2008-04-04 23:57

2008-04-04 19:33 . 2008-04-04 23:37

2008-04-04 19:33 . 2005-08-10 13:18

2008-04-04 19:33 . 2005-08-10 11:25

2008-04-04 19:33 . 2005-08-10 13:21

2008-04-04 19:33 . 2005-08-10 13:18

2008-04-04 19:33 . 2005-08-10 13:21

2008-04-04 19:33 . 2005-08-10 15:36

2008-04-04 19:33 . 2005-08-10 15:59

2008-04-04 19:33 . 2005-08-10 15:54

2008-04-04 19:33 . 2005-08-10 16:06

2008-04-04 19:33 . 2005-08-10 15:46

2008-04-04 19:33 . 2005-08-10 16:06

2008-04-03 22:44 . 2008-04-03 22:47

2008-04-03 22:44 . 2008-04-03 22:44

2008-04-03 17:57 . 2008-04-05 12:21 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-04-03 17:19 . 2008-04-03 17:19

2008-04-03 17:17 . 2008-04-03 17:17

2008-04-03 17:12 . 2004-08-04 12:00 1,817,687 --a–c— C:\WINDOWS\system32\dllcache\bckgres.dll

2008-04-03 17:12 . 2004-08-04 12:00 113,222 --a–c— C:\WINDOWS\system32\dllcache\zoneclim.dll

2008-04-03 17:12 . 2004-08-04 12:00 29,760 --a–c— C:\WINDOWS\system32\dllcache\znetm.dll

2008-04-03 17:12 . 2004-08-04 12:00 13,894 --a–c— C:\WINDOWS\system32\dllcache\zonelibm.dll

2008-04-03 17:09 . 2008-04-03 17:11

2008-04-03 17:09 . 2008-04-03 17:09

2008-04-03 17:03 . 2008-04-03 17:04

2008-04-03 15:28 . 2008-04-03 18:30

2008-04-03 15:20 . 2008-04-03 15:20 98,304 --a------ C:\WINDOWS\system32\qttask.exe

2008-04-03 15:18 . 2003-08-18 05:10 122,880 --a------ C:\WINDOWS\system32\directx.cpl

2008-04-03 15:18 . 2003-03-25 05:49 106,544 --a------ C:\WINDOWS\system32\tweakui.cpl

2008-04-03 15:18 . 2003-03-25 05:49 98,304 --a------ C:\WINDOWS\system32\startup.cpl

2008-04-03 15:18 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl

2008-04-03 15:18 . 2003-03-25 05:49 51,238 --a------ C:\WINDOWS\system32\tweakui.hlp

2008-04-03 15:16 . 2008-04-03 15:16

2008-04-03 15:16 . 2004-09-23 18:57 6,676,480 --a------ C:\WINDOWS\system32\quicktime.qts

2008-04-03 15:16 . 2004-11-08 20:01 360,504 --a------ C:\WINDOWS\system32\qtplugin.ocx

2008-04-03 15:16 . 2004-09-23 18:57 323,072 --a------ C:\WINDOWS\system32\quicktime.cpl

2008-04-03 15:16 . 2008-04-03 15:20 9,006 --a------ C:\WINDOWS\system32\quicktime.qtp

2008-04-03 15:14 . 2008-04-03 15:18

2008-04-03 15:14 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl

2008-04-02 22:30 . 2008-04-06 00:16

2008-04-02 22:30 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-04-02 22:30 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-04-02 22:30 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-04-02 22:30 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-04-02 22:29 . 2008-04-05 23:07

2008-04-02 22:29 . 2008-04-02 22:29

2008-04-02 22:25 . 2008-04-02 22:25

2008-04-02 22:23 . 2008-04-02 22:23

2008-04-02 22:23 . 2008-04-02 22:24

2008-04-02 22:05 . 2008-04-02 22:05

2008-04-02 21:59 . 2008-04-02 22:00

2008-04-02 21:59 . 2008-04-02 22:02

2008-04-02 21:09 . 2008-04-02 21:09

2008-04-02 21:09 . 2008-04-02 21:09

2008-04-02 20:12 . 2008-04-02 20:12

2008-04-02 20:10 . 2008-04-03 17:40

2008-04-02 19:30 . 2008-04-02 19:31

2008-04-02 19:13 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-04-02 19:11 . 2008-04-02 19:12

2008-04-02 18:32 . 2008-04-02 18:32

2008-04-02 18:31 . 2008-04-02 18:31

2008-04-02 18:31 . 2008-04-02 18:32

2008-04-02 18:29 . 2008-04-02 18:29

2008-04-02 17:55 . 2007-12-07 04:14 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2008-04-02 17:55 . 2007-07-01 05:31 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-04-02 17:55 . 2007-07-01 05:36 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-04-02 17:55 . 2007-12-07 04:14 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-04-02 17:55 . 2007-12-07 04:14 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-04-02 17:55 . 2007-12-07 04:14 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2008-04-02 17:55 . 2007-12-07 04:14 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2008-04-02 17:55 . 2007-12-07 04:14 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-04-02 17:55 . 2007-12-06 13:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-02 17:54 . 2008-04-02 17:56

2008-04-02 17:50 . 2007-08-13 18:54 33,792 --a–c— C:\WINDOWS\system32\dllcache\custsat.dll

2008-04-02 17:33 . 2006-08-21 11:14 128,896 -----c— C:\WINDOWS\system32\dllcache\fltmgr.sys

2008-04-02 17:33 . 2006-08-21 11:14 23,040 -----c— C:\WINDOWS\system32\dllcache\fltmc.exe

2008-04-02 17:33 . 2006-08-21 14:28 16,896 -----c— C:\WINDOWS\system32\dllcache\fltlib.dll

2008-04-02 17:21 . 2008-04-02 17:20 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-04-02 17:21 . 2008-04-02 17:20 270,336 --a------ C:\WINDOWS\system32\imon.dll

2008-04-02 17:20 . 2008-04-02 20:20

2008-04-02 16:50 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-02 16:25 . 2008-04-02 16:25

2008-04-02 16:21 . 2007-07-09 15:11 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-04-02 16:14 . 2006-12-07 08:40 2,362,184 -----c— C:\WINDOWS\system32\dllcache\wmvcore.dll

2008-04-02 15:55 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-04-02 15:50 . 2008-04-02 15:50

2008-04-02 15:50 . 2004-08-04 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-04-02 15:49 . 2008-04-04 23:37

2008-04-02 15:49 . 2008-04-02 18:11

2008-04-02 15:49 . 2005-08-10 11:25

2008-04-02 15:49 . 2008-04-06 00:17

2008-04-02 15:49 . 2008-04-04 23:27

2008-04-02 15:49 . 2008-04-03 22:44

2008-04-02 15:49 . 2008-04-02 16:17

2008-04-02 15:49 . 2008-04-02 15:50

2008-04-02 15:49 . 2005-08-10 15:54

2008-04-02 15:49 . 2005-08-10 15:46

2008-04-02 15:49 . 2008-04-03 22:44

2008-04-02 15:49 . 2008-04-02 15:49 0 -rahs---- C:\WINDOWS\system32\drivers\TOSHIBA_Satellite L20_03171000-PL_PSL2XE-01C01.MRK

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-03 15:43 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-04-03 15:43 --------- d-----w C:\Program Files\Toshiba

2008-04-02 20:28 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-02 15:17 --------- d-----w C:\Program Files\Symantec

2008-04-02 15:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2008-02-18 14:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys

2008-02-18 14:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys

2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]

“IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-06-28 21:05 344064]

“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-08 23:44 98394]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-08 23:43 688218]

“Toshiba Hotkey Utility”=“C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” [2005-08-01 23:25 1093632]

“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2008-04-02 17:20 917504]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 13:06 40048]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-04-01 20:49 36352]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-04-02 22:23 185896]

“QuickTime Task”=“C:\WINDOWS\system32\qttask.exe” [2008-04-03 15:20 98304]

“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2008-02-28 09:59 570664]

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2008-02-18 16:29 2221352]

“UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2008-03-01 07:10 15872]

“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-02-01 12:55 1103240]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.iac2”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax

“vidc.avrn”= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL

“vidc.advj”= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL

“vidc.mszh”= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll

“vidc.zlib”= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll

“vidc.cscd”= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll

“vidc.cvid”= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll

“msacm.trspch”= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm

“vidc.em2v”= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll

“vidc.mkvc”= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll

“vidc.hfyu”= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll

“msacm.lameacm”= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm

“msacm.lhacm”= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm

“msacm.l3acm”= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm

“vidc.sjpg”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.dmb2”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.gepj”= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll

“vidc.qpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll

“vidc.q1.0”= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll

“msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm

“vidc.tscc”= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll

“vidc.vifp”= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll

“vidc.wrpr”= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll

“vidc.wnv1”= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll

“vidc.advs”= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll

“vidc.aflc”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

“vidc.afli”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL

“vidc.aasc”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

“vidc.aas4”= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll

“vidc.asv1”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll

“vidc.asv2”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll

“vidc.asvx”= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll

“vidc.vcr1”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll

“vidc.vcr2”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll

“vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL

“vidc.mwv1”= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll

“vidc.bt20”= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

“vidc.y41p”= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv

“msacm.pcdv”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm

“vidc.cdvc”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL

“vidc.ddvc”= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL

“vidc.png1”= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL

“msacm.CoreFLAC_ACM”= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM

“vidc.davc”= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll

“vidc.div3”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.div5”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.mpg3”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll

“vidc.div4”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.div6”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.ap41”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll

“vidc.dvx4”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll

“vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll

“msacm.divxa32”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm

“vidc.frwd”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll

“vidc.frwt”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll

“vidc.frwa”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll

“vidc.frwu”= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll

“vidc.glzw”= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll

“vidc.gpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll

“vidc.i263”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv

“vidc.iv30”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv31”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv32”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv33”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv34”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv35”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv36”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv37”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv38”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv39”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll

“vidc.iv40”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv41”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv42”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv43”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv44”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv45”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv46”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv47”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv48”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv49”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll

“vidc.iv50”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll

“vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll

“vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll

“vidc.ir21”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL

“vidc.rt21”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL

“msacm.imc”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM

“vidc.lead”= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL

“vidc.dvsd”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dvc”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dvcs”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL

“vidc.dcmj”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.avi1”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.avi2”= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL

“vidc.dv25”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.dv50”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.msmc”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mmjp”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx1”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx2”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx3”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx4”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx5”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx6”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx7”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx8”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mtx9”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“vidc.mmes”= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

“msacm.msadpcm”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm

“msacm.imaadpcm”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm

“msacm.msg711”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm

“msacm.msg723”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm

“msacm.msgsm610”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm

“vidc.m261”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv

“vidc.m263”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv

“vidc.i420”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv

“vidc.mrle”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll

“vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

“vidc.msvc”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

“vidc.cram”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll

“vidc.mpg4”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp41”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp42”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp43”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp4s”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.mp4v”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll

“vidc.wmv3”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll

“msacm.msaudio1”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

“vidc.vixl”= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll

“vidc.nt00”= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll

“msacm.vorbis”= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm

“vidc.vp30”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

“vidc.vp31”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll

“vidc.vp60”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

“vidc.vp61”= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll

“vidc.pdvc”= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

“vidc.ipdv”= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll

“vidc.pvw2”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll

“vidc.pimj”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll

“vidc.mjpx”= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll

“vidc.miro”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

“vidc.dcap”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL

“vidc.mjpa”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

“vidc.gpjm”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL

“vidc.pim1”= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll

“msacm.qmpeg”= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm

“vidc.rmp4”= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll

“vidc.rud0”= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll

“msacm.at3”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm

“vidc.sony”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll

“vidc.dvcp”= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll

“vidc.s422”= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll

“vidc.t420”= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

“vidc.y411”= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll

“vidc.vssv”= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll

“msacm.voxacm160”= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm

“vidc.xvid”= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 06:42]

R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2005-05-09 15:17]

R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]

S3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-01 02:08]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-06 00:18:58

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-06 0:19:31

ComboFix-quarantined-files.txt 2008-04-05 22:19:24

ComboFix2.txt 2008-04-04 21:37:12

Pre-Run: 31,611,555,840 bajtów wolnych

Post-Run: 31,604,125,696 bajtów wolnych

.

2008-04-04 21:58:17 — E O F —

#8

I w razie czego log z HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 00:28:53, on 2008-04-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\qttask.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\All Users\Pulpit\putty_ssh.exe

C:\DOCUME~1\ANNADU~1\USTAWI~1\Temp\Katalog tymczasowy 2 dla HijackThis_pl.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.co.uk/8SEENGB020100/FRWCompleteAddIns

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”

O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [Toshiba Hotkey Utility] “C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang PL

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\system32\qttask.exe” -atboottime

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”

O4 - HKLM…\Run: [iSTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Nero BackItUp Scheduler 3 (nero backitup scheduler 3) - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService (nmindexingservice) - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: PLFlash DeviceIoControl Service (plflash deviceiocontrol service) - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

#9

Log z Hijackthis jest czysty

#10

Log Combo wygląda na czysty

przeskanuj tym http://www.kaspersky.pl/virusscanner.html

jeśli coś znajdzie pokaż raport

jeśli czysty usuń ręcznie folder C: \Qoobox

usuń instalkę Combofix z dysku.

włącz przywracanie systemu

:slight_smile: