podejrzenie wirusa lub złośliwego oprogramowania

[Pawel_x18]

Witam serdecznie,
w ostatnim czasie pojawił się plik exe na dysku C:\ o nazwie "runmgr", usuwam go jednak po każdym restarcie pojawia się do tego włącza się i powoduje dużo błędów. Mój Kaspersky nie wykrywa go jako wirusa jednak on włącza się po każdym uruchomieniu komputera.

Przedstawiam log'i HJ:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:51, on 2008-07-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\- Programy systemowe -\DU Meter\DUMeter.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ASUSTPE.exe
C:\PROGRA~1\Speed-X\SpeedX.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\- Programy systemowe -\Internet Download Manager\IDMan.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\- Programy systemowe -\Internet Download Manager\IEMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\- Programy systemowe -\AQQ\AQQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\- Programy systemowe -\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: w.utils.winfixer.com
O1 - Hosts: 12w.utils.winfixer.com
O1 - Hosts: 1w.utils.winfixer.com
O1 - Hosts: w.utils.winfixer.com
O1 - Hosts: 127w.utils.win
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\- Programy systemowe -\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
O4 - HKLM\..\Run: [Creative KSRun Persistence Module] RunDll32 KSRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\- Programy systemowe -\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\- Programy systemowe -\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\-PROGR~1\AQQ\AQQ.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\- Programy systemowe -\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\- Programy systemowe -\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\- Programy systemowe -\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\- Programy systemowe -\Internet Download Manager\IEGetVL.htm
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: Usługa konfiguracji Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE

--
End of file - 9487 bytes


i z SR:

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"ASUSTPE" = "C:\WINDOWS\system32\ASUSTPE.exe" ["ASUS"]
"CTRegRun" = "C:\WINDOWS\CTRegRun.EXE" ["Creative Technology Ltd "]
"SpeedX" = "C:\PROGRA~1\Speed-X\SpeedX.exe" ["MyPortal.pl"]
"AQQ" = "C:\PROGRA~1\-PROGR~1\AQQ\AQQ.exe" ["AQQ Sp. z o.o."]
"IDMan" = "C:\Program Files\- Programy systemowe -\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"HControl" = "C:\WINDOWS\ATK0100\HControl.exe" [empty string]
"ASUS Live Update" = "C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [empty string]
"CognizanceTS" = "rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule" [MS]
"ACU" = ""C:\Program Files\Atheros\ACU.exe" -nogui" ["Atheros Communications, Inc."]
"ATKMEDIA" = "C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" ["ASUSTeK Computer INC."]
"JMB36X IDE Setup" = "C:\WINDOWS\RaidTool\xInsIDE.exe" [null data]
"ACMON" = ""C:\Program Files\ASUS\Splendid\ACMON.exe"" ["ATK"]
"CTAPR2" = ""C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe" /r" ["Creative Technology Ltd"]
"VolPanel" = ""C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r" ["Creative Technology Ltd"]
"Module Loader" = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun" ["Creative Technology Ltd."]
"Creative KSRun Persistence Module" = "RunDll32 KSRun.dll,RunDLLEntry" [MS]
"DU Meter" = "C:\Program Files\- Programy systemowe -\DU Meter\DUMeter.exe" ["Hagel Technologies"]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"Adobe Reader Speed Launcher" = ""C:\Program Files\- Programy systemowe -\Adobe Reader\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\(Default) = (no title provided)
                                       \StubPath   = "C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
  -> {HKLM...CLSID} = "IDMIEHlprObj Class"
                   \InProcServer32\(Default) = "C:\Program Files\- Programy systemowe -\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"
  -> {HKLM...CLSID} = "IEVkbdBHO Class"
                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll" ["Kaspersky Lab"]
{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\(Default) = "ASUS Security Protect Manager"
  -> {HKLM...CLSID} = "ASUS Security Protect Manager"
                   \InProcServer32\(Default) = "C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll" ["Bioscrypt Inc."]
{E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer"
                   \InProcServer32\(Default) = "C:\PROGRA~1\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
  -> {HKLM...CLSID} = "History Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{E08BF9C5-191E-4B15-8F67-2622B4DB5580}" = "PSD Shell Extension"
  -> {HKLM...CLSID} = "PSDShCtrl Class"
                   \InProcServer32\(Default) = "C:\Program Files\Infineon\Security Platform Software\PSDShExt.dll" ["Infineon Technologies AG"]
"{666C7831-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Context Menu)"
  -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"
                   \InProcServer32\(Default) = "C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll" ["Cognizance Corporation"]
"{666C7832-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (File Properties)"
  -> {HKLM...CLSID} = "Document Manager (Shell File Properties)"
                   \InProcServer32\(Default) = "C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll" ["Cognizance Corporation"]
"{666C7835-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Drive Properties)"
  -> {HKLM...CLSID} = "Document Manager (Shell Drive Properties)"
                   \InProcServer32\(Default) = "C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll" ["Cognizance Corporation"]
"{2F5AC606-70CF-461C-BFE1-6063670C3484}" = "Mouse CPL Extension"
  -> {HKLM...CLSID} = "DisplayCplExt Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\TPESetting.dll" ["ASUS"]
"{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" = "AIMP2: Shell Extention"
  -> {HKLM...CLSID} = "AIMP2: Shell Extention"
                   \InProcServer32\(Default) = "C:\PROGRA~1\-PROGR~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]
"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"
  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\-PROGR~1\AQQ\System\AQQSHE~1.DLL" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"
  -> {HKLM...CLSID} = "Statystyki ochrony WWW"
                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll" ["Kaspersky Lab"]
"{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}" = "Bluetooth"
  -> {HKLM...CLSID} = "Wymiana informacji - Bluetooth"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\TosBtExt.dll" ["TOSHIBA"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
  -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MpShHook.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWA   RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "GinaDLL" = "C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\ocgina.dll" ["Cognizance Corporation"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> IfxWlxEN\DLLName = "IfxWlxEN.dll" ["Infineon Technologies AG"]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
<<!>> OneCard\DLLName = "C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll" ["Cognizance Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"
  -> {HKLM...CLSID} = "AIMP2: Shell Extention"
                   \InProcServer32\(Default) = "C:\PROGRA~1\-PROGR~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]
APSDShExt\(Default) = "{E08BF9C5-191E-4B15-8F67-2622B4DB5580}"
  -> {HKLM...CLSID} = "PSDShCtrl Class"
                   \InProcServer32\(Default) = "C:\Program Files\Infineon\Security Platform Software\PSDShExt.dll" ["Infineon Technologies AG"]
AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"
  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\-PROGR~1\AQQ\System\AQQSHE~1.DLL" [null data]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll" ["Kaspersky Lab"]
tosBtShllExt\(Default) = "{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}"
  -> {HKLM...CLSID} = "Bluetooth File Extenstion"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\TosBtShell.dll" ["TOSHIBA"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"
  -> {HKLM...CLSID} = "AIMP2: Shell Extention"
                   \InProcServer32\(Default) = "C:\PROGRA~1\-PROGR~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]
tosBtShllExt\(Default) = "{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}"
  -> {HKLM...CLSID} = "Bluetooth File Extenstion"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\TosBtShell.dll" ["TOSHIBA"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
APSDShExt\(Default) = "{E08BF9C5-191E-4B15-8F67-2622B4DB5580}"
  -> {HKLM...CLSID} = "PSDShCtrl Class"
                   \InProcServer32\(Default) = "C:\Program Files\Infineon\Security Platform Software\PSDShExt.dll" ["Infineon Technologies AG"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Paweł Jaworski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\system32\wpdshext.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
  -> {HKLM...CLSID} = "WPDShextAutoplay"
                   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]


Startup items in "Paweł Jaworski" & "All Users" startup folders:
----------------------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Bluetooth Manager" -> shortcut to: "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe" [null data]


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
"Security Platform Backup Schedule" -> launches: "C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe  /BackupAll" ["Infineon Technologies AG"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1009C944-97D5-44A9-9E32-DFF54F498968}\
"ButtonText" = "ASUS Security Protect Manager e-Wallet"
"MenuText" = "ASUS Security Protect Manager e-&Wallet"
"CLSIDExtension" = "{1009C944-97D5-44A9-9E32-DFF54F498968}"
  -> {HKLM...CLSID} = "ASUS Security Protect Manager User e-Wallet"
                   \InProcServer32\(Default) = "C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll" ["Bioscrypt Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statystyki ochrony WWW"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]
Creative Audio Service, CTAudSvcService, "C:\Program Files\Creative\Shared Files\CTAudSvc.exe" ["Creative Technology Ltd"]
Kaspersky Anti-Virus, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r" ["Kaspersky Lab"]
Local Communication Channel, ASChannel, "C:\WINDOWS\System32\svchost.exe -k Cognizance" {"C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll" ["Cognizance Corporation"]}
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Personal Secure Drive Service, PersonalSecureDriveService, ""C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE"" ["Infineon Technologies AG"]
Security Platform Management Service, IFXSpMgtSrv, "C:\WINDOWS\system32\IFXSPMGT.exe" ["Infineon Technologies AG"]
Trusted Platform Core Service, IFXTCS, "C:\WINDOWS\system32\IFXTCS.exe" ["Infineon Technologies AG"]
Usługa konfiguracji Atheros, ACS, "C:\WINDOWS\system32\acs.exe" ["Atheros"]
Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" ["Toshiba America Business Solutions, Inc."]


---------- (launch time: 2008-07-14 18:24:56)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 28 seconds, including 4 seconds for message boxes)


[Okocza]

Kod: Zaznacz wszystko

O1 - Hosts: w.utils.winfixer.com
O1 - Hosts: 12w.utils.winfixer.com
O1 - Hosts: 1w.utils.winfixer.com
O1 - Hosts: w.utils.winfixer.com
O1 - Hosts: 127w.utils.win

to na fix w hj

daj log z cf

Autor postu otrzymał pochwałę

[Magik]

na fix:

Kod: Zaznacz wszystko

O1 - Hosts: w.utils.winfixer.com
   

O1 - Hosts: 12w.utils.winfixer.com

   O1 - Hosts: 1w.utils.winfixer.com


   O1 - Hosts: 127w.utils.win

+
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

Autor postu otrzymał pochwałę

[Pawel_x18]

log z SDFIX:

Kod: Zaznacz wszystko

[b]SDFix: Version 1.205 [/b]
Run by xxx on 2008-07-14 at 19:46

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe  - Deleted
C:\WINDOWS\hosts  - Deleted
C:\WINDOWS\system32\drivers\hosts  - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 19:50:56
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000099
"TracesSuccessful"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"c:\\runmgr.exe"="c:\\runmgr.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\Program Files\\- Programy systemowe -\\AQQ\\AQQ.exe"="C:\\Program Files\\- Programy systemowe -\\AQQ\\AQQ.exe:*:Enabled:P2P AQQ"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"="C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup"
"C:\\PROGRA~1\\-PROGR~1\\AQQ\\AQQ.exe"="C:\\PROGRA~1\\-PROGR~1\\AQQ\\AQQ.exe:*:Enabled:P2P AQQ"
"C:\\Program Files\\- Programy systemowe -\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\- Programy systemowe -\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\AQQ\\AQQ.exe"="C:\\Program Files\\AQQ\\AQQ.exe:*:Enabled:P2P AQQ"
"C:\\PROGRA~1\\AQQ\\AQQ.exe"="C:\\PROGRA~1\\AQQ\\AQQ.exe:*:Enabled:P2P AQQ"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun 13 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3dbc83ff5f16e1a91f17471a2831f4be\BIT3.tmp"
Mon 14 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5e981018652bb577d09bbdd87faec116\download\BIT3.tmp"

[b]Finished![/b]



z combofix

Kod: Zaznacz wszystko

ComboFix 08-07-13.14 - xxx 2008-07-14 20:00:53.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.2575 [GMT 2:00]
Running from: D:\Moje dokumenty\Odebrane pliki\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
C:\WINDOWS\system32\tmp49.tmp

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASBroker
-------\Service_ASBroker


(((((((((((((((((((((((((   Files Created from 2008-06-14 to 2008-07-14  )))))))))))))))))))))))))))))))
.

2008-07-14 19:43 . 2008-07-14 19:43   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-07-14 19:41 . 2008-07-14 19:52   <DIR>   d--------   C:\SDFix
2008-07-14 19:39 . 2008-07-14 19:39   2,753   --a------   C:\runmgr.exe
2008-07-14 19:35 . 2008-07-14 19:35   <DIR>   d--------   C:\Program Files\AQQ
2008-07-14 17:05 . 2008-07-14 17:05   <DIR>   d--------   C:\Program Files\MSBuild
2008-07-14 17:03 . 2008-07-14 17:06   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-07-14 17:03 . 2008-07-14 17:03   <DIR>   d--------   C:\Program Files\Reference Assemblies
2008-07-14 17:02 . 2006-06-29 13:07   14,048   ---------   C:\WINDOWS\system32\spmsg2.dll
2008-07-14 16:39 . 2008-07-14 16:39   0   --a------   C:\WINDOWS\nsreg.dat
2008-07-14 15:30 . 2008-07-14 15:30   <DIR>   d--------   C:\Program Files\Macromedia
2008-07-14 15:27 . 2008-07-14 15:27   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-07-14 15:27 . 2008-07-14 15:28   <DIR>   d--------   C:\Program Files\Common Files\Macromedia
2008-07-14 14:55 . 2008-07-14 14:55   96,966   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-07-14 14:55 . 2008-07-14 14:55   88,774   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-07-14 14:54 . 2008-07-14 14:54   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-07-14 14:54 . 2008-07-14 20:04   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-07-14 14:54 . 2008-07-14 20:03   1,437,216   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-14 14:54 . 2008-07-14 20:03   311,328   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-14 14:54 . 2008-07-14 20:03   13,356   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-14 14:54 . 2008-07-14 20:03   3,192   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-14 14:53 . 2008-07-14 14:53   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-07-14 14:49 . 2008-07-14 14:49   <DIR>   d--------   C:\Program Files\Internet Download Manager
2008-07-14 14:05 . 2008-07-14 14:05   <DIR>   d--------   C:\Program Files\FlashFXP
2008-07-14 14:05 . 2008-07-14 17:54   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-14 14:05 . 2008-07-14 14:05   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\FlashFXP
2008-07-14 13:54 . 2008-04-23 09:20   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-14 13:54 . 2007-04-17 11:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-14 13:54 . 2007-03-08 07:11   1,036,288   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-14 13:54 . 2008-04-23 09:20   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-14 13:54 . 2008-04-23 09:20   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-14 13:54 . 2008-04-23 09:20   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-14 13:54 . 2008-04-23 09:20   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-14 13:54 . 2008-04-23 09:20   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-14 13:54 . 2008-04-22 09:39   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-13 15:43 . 2008-07-13 15:43   <DIR>   d--------   C:\WINDOWS\XP Codec Pack
2008-07-13 15:43 . 2008-06-30 16:47   421,888   --a------   C:\WINDOWS\system32\ac3filter.acm
2008-07-13 12:38 . 2008-07-13 12:38   <DIR>   d--h-----   C:\Program Files\MSXML 4.0
2008-07-13 12:27 . 2008-07-13 12:28   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-07-13 11:56 . 2008-07-13 11:56   <DIR>   d--h-----   C:\Program Files\Windows Defender
2008-07-13 11:36 . 2008-07-13 11:36   <DIR>   d--------   C:\WINDOWS\Logs
2008-07-13 11:35 . 2008-07-13 11:40   <DIR>   d--h-----   C:\WINDOWS\msdownld.tmp
2008-07-13 11:16 . 2008-07-13 11:16   13,646   --a------   C:\WINDOWS\system32\wpa.bak
2008-07-12 20:57 . 2008-07-12 20:57   <DIR>   d--------   C:\WINDOWS\wallpapers
2008-07-12 20:40 . 2008-07-12 20:40   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies
2008-07-12 20:38 . 2008-07-12 20:38   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-12 20:26 . 2008-07-12 20:26   286,720   --a------   C:\WINDOWS\iun506.exe
2008-07-12 18:34 . 2008-07-12 18:34   34,064   --a------   C:\WINDOWS\system32\lhacm.acm
2008-07-12 18:32 . 2008-07-12 18:32   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\SRSLabs
2008-07-12 18:28 . 2008-07-12 18:28   <DIR>   d--------   C:\Program Files\Common Files\SRS
2008-07-12 12:08 . 2001-08-17 21:56   7,552   --a------   C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-07-12 12:08 . 2001-08-17 21:56   7,552   --a--c---   C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-07-12 11:15 . 2008-07-12 18:19   <DIR>   d--h-----   C:\Program Files\Winamp
2008-07-11 20:41 . 2008-07-11 20:53   <DIR>   d--------   C:\WINDOWS\Aplikacje
2008-07-11 20:28 . 2008-07-11 20:28   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-07-11 20:28 . 2008-07-11 20:28   <DIR>   d--------   C:\WINDOWS\system32\drivers\umdf
2008-07-11 20:27 . 2008-07-14 19:34   <DIR>   d--------   C:\Program Files\- Programy systemowe -
2008-07-11 20:26 . 2008-07-11 20:26   <DIR>   d--h-----   C:\Program Files\Speed-X
2008-07-11 20:26 . 2008-07-11 20:26   0   --ah-----   C:\WINDOWS\system32\sx.inf
2008-07-11 20:01 . 2008-07-11 20:02   <DIR>   d--------   C:\WINDOWS\Kopie security TPM
2008-07-11 18:47 . 2008-07-11 18:48   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-07-11 18:34 . 2003-06-12 23:25   7,062   --a------   C:\WINDOWS\system32\audiopid.vxd
2008-07-11 18:33 . 2000-05-22 10:58   647,872   ---------   C:\WINDOWS\system32\Mscomct2.ocx
2008-07-11 18:33 . 2006-10-06 08:17   53,248   ---------   C:\WINDOWS\Ctregrun.exe
2008-07-11 18:32 . 2007-07-09 04:59   782,336   -ra------   C:\WINDOWS\system32\tmp4A.tmp
2008-07-11 18:32 . 2008-07-11 18:32   413,696   --a------   C:\WINDOWS\system32\wrap_oal.dll
2008-07-11 18:32 . 2008-07-11 18:32   110,592   --a------   C:\WINDOWS\system32\OpenAL32.dll
2008-07-11 18:28 . 2008-07-11 18:33   <DIR>   d--h-----   C:\Program Files\Creative
2008-07-11 18:25 . 2008-04-14 00:15   60,032   --a------   C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-07-11 18:25 . 2008-04-14 00:15   60,032   --a--c---   C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-07-11 12:59 . 2007-10-03 13:53   220,696   -ra------   C:\WINDOWS\system32\drivers\iaNvStor.sys
2008-07-11 12:59 . 2007-10-03 13:52   167,936   -ra------   C:\WINDOWS\system32\nvccoin.dll
2008-07-11 12:54 . 2007-07-25 12:48   172,032   --a------   C:\WINDOWS\system32\rixdicon.dll
2008-07-11 12:54 . 2004-09-04 03:00   90,112   --a------   C:\WINDOWS\system32\snymsico.dll
2008-07-11 12:54 . 2007-08-08 20:42   45,568   --a------   C:\WINDOWS\system32\drivers\rimmptsk.sys
2008-07-11 12:54 . 2007-07-30 10:42   43,008   --a------   C:\WINDOWS\system32\drivers\rimsptsk.sys
2008-07-11 12:54 . 2007-07-30 11:54   38,400   --a------   C:\WINDOWS\system32\drivers\rixdptsk.sys
2008-07-11 12:53 . 2008-07-11 12:53   <DIR>   d--------   C:\WINDOWS\ITECIR
2008-07-11 12:53 . 2008-07-11 12:53   <DIR>   d--h-----   C:\Program Files\DIFX
2008-07-11 12:53 . 2007-06-20 13:49   49,664   --a------   C:\WINDOWS\system32\drivers\itecir.sys
2008-07-11 12:53 . 2006-10-05 05:46   7,680   --a------   C:\WINDOWS\system32\CIRCoInst.dll
2008-07-11 12:52 . 2005-07-06 15:43   155,648   --a------   C:\WINDOWS\system32\ACEngSvr.exe
2008-07-11 12:49 . 2008-07-11 12:49   <DIR>   d--------   C:\WINDOWS\RaidTool
2008-07-11 12:49 . 2007-04-12 18:18   48,000   -ra------   C:\WINDOWS\system32\drivers\jraid.sys
2008-07-11 12:49 . 2006-02-08 13:52   6,912   -ra------   C:\WINDOWS\system32\drivers\JGOGO.sys
2008-07-11 12:46 . 2006-10-14 11:43   69,632   --a------   C:\WINDOWS\system32\ASUSTPE.exe
2008-07-11 12:46 . 2006-08-16 15:56   32,768   --a------   C:\WINDOWS\system32\TPESetting.dll
2008-07-11 12:38 . 2008-07-11 12:38   0   --a------   C:\WINDOWS\tosOBEX.INI
2008-07-11 12:36 . 2008-06-14 20:01   273,024   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-07-11 12:36 . 2008-06-14 20:01   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-11 12:34 . 2008-07-11 12:34   <DIR>   d--h-----   C:\Program Files\Toshiba
2008-07-11 12:27 . 2008-07-11 12:27   2,772,992   --a------   C:\WINDOWS\system32\NETw4r32.dll
2008-07-11 12:27 . 2008-07-11 12:27   2,530,176   --a------   C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-07-11 12:27 . 2008-07-11 12:27   684,032   --a------   C:\WINDOWS\system32\NETw4c32.dll
2008-07-11 12:23 . 2008-07-14 19:19   <DIR>   d--------   C:\WINDOWS\system32\pl-pl
2008-07-11 12:23 . 2008-07-11 12:23   <DIR>   d--------   C:\WINDOWS\system32\pl
2008-07-11 12:23 . 2008-07-13 11:29   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-07-11 12:23 . 2008-07-11 12:23   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-07-11 12:19 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\[u]0[/u]02605_.tmp
2008-07-11 12:17 . 2008-07-11 12:17   <DIR>   d--------   C:\WINDOWS\EHome
2008-07-11 12:05 . 2008-07-11 12:05   <DIR>   d--h-----   C:\Program Files\Marvell
2008-07-11 11:51 . 2008-07-11 11:51   <DIR>   d--h-----   C:\Program Files\Atheros
2008-07-11 11:50 . 2008-07-11 11:50   <DIR>   d--------   C:\WINDOWS\OPTIONS
2008-07-11 11:43 . 2004-07-05 21:07   83,968   --a------   C:\WINDOWS\system\DriveIcon.dll
2008-07-11 11:43 . 2006-06-10 00:07   27,520   --a------   C:\WINDOWS\system32\drivers\RTSTOR.sys
2008-07-11 11:24 . 2008-07-11 11:24   <DIR>   d--h-----   C:\Program Files\Fingerprint Sensor
2008-07-11 11:24 . 2008-07-11 11:24   <DIR>   d--h-----   C:\Program Files\ASUS Security Center
2008-07-11 11:24 . 2005-01-18 21:25   339,968   -ra------   C:\WINDOWS\system32\msvcr70.dll
2008-07-11 11:18 . 2008-07-11 11:18   <DIR>   d--h-----   C:\Program Files\Intel
2008-07-11 11:18 . 2008-05-01 16:35   53,248   --a------   C:\WINDOWS\system32\CSVer.dll
2008-07-11 11:14 . 2008-07-11 12:07   16,608   --a------   C:\WINDOWS\gdrv.sys
2008-07-11 11:07 . 2008-07-11 11:07   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Infineon
2008-07-11 11:07 . 2005-10-21 05:19   36,352   -ra------   C:\WINDOWS\system32\drivers\ifxtpm.sys
2008-07-11 11:06 . 2008-07-11 11:06   <DIR>   d--h-----   C:\Program Files\Infineon
2008-07-11 11:03 . 2008-07-11 11:59   <DIR>   d--------   C:\WINDOWS\ATK0100
2008-07-11 11:03 . 2005-02-17 17:07   5,632   -ra------   C:\WINDOWS\system32\drivers\ATKACPI.sys
2008-07-11 10:54 . 2008-07-11 12:52   <DIR>   d--h-----   C:\Program Files\ASUS
2008-07-11 10:51 . 2008-07-11 10:51   <DIR>   d--------   C:\WINDOWS\system32\Lang
2008-07-11 10:51 . 2008-07-11 10:51   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-07-11 10:51 . 2008-07-11 10:51   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-07-11 10:49 . 2006-08-01 09:02   49,152   -r-------   C:\WINDOWS\system32\ChCfg.exe
2008-07-11 10:49 . 2008-07-11 10:49   0   --a------   C:\WINDOWS\system32\drivers\SET83.tmp
2008-07-11 10:48 . 2008-07-11 11:50   <DIR>   d--h-----   C:\Program Files\Realtek
2008-07-11 10:48 . 2006-09-12 08:34   499,712   -r-------   C:\WINDOWS\RtlExUpd.dll
2008-07-11 10:45 . 2000-03-02 13:16   7,424   -ra------   C:\WINDOWS\system32\drivers\MMIOPORT.SYS
2008-07-10 20:10 . 2008-07-11 18:33   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 09:51   21,275   ----a-w   C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-10 18:06   0   ---ha-w   C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2008-07-10 18:06   0   ---ha-w   C:\WINDOWS\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-07-10 17:58   ---------   d--h--w   C:\Program Files\microsoft frontpage
2008-07-10 17:57   ---------   d--h--w   C:\Program Files\Usługi online
2008-06-13 10:39   23,552   ----a-w   C:\WINDOWS\system32\ff_wmv9.dll
2008-06-12 17:36   7,680   ----a-w   C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 16:25   962,560   ----a-w   C:\WINDOWS\system32\VSFilter.dll
2008-05-30 12:19   507,400   ----a-w   C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18   238,088   ----a-w   C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17   65,032   ----a-w   C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17   25,608   ----a-w   C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11   467,984   ----a-w   C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11   3,850,760   ----a-w   C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11   1,491,992   ----a-w   C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-07 05:16   1,291,264   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-04-25 16:22   206,088   ----a-w   C:\WINDOWS\system32\klogon.dll
2008-04-23 07:20   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-04-14 20:51   7,680   ----a-w   C:\WINDOWS\system32\spdwnwxp.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-26 18:35   391168   -ra------   C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2006-10-14 11:43 69632]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2006-10-06 08:17 53248]
"SpeedX"="C:\PROGRA~1\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718]
"AQQ"="C:\PROGRA~1\AQQ\AQQ.exe" [2007-02-28 14:18 2351864]
"IDMan"="C:\Program Files\- Programy systemowe -\Internet Download Manager\IDMan.exe" [2007-12-21 07:08 931760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 15:09 1029416]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 02:46 13508608]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-22 02:46 86016]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 11:37 110592]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 23:12 17920]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2006-07-04 15:09 336001]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 20:33 53248]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-21 08:36 36864]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-07-10 10:59 851968]
"CTAPR2"="C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe" [2007-08-03 14:29 61611]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2007-12-19 16:58 217192]
"Module Loader"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 15:43 57344]
"DU Meter"="C:\Program Files\- Programy systemowe -\DU Meter\DUMeter.exe" [2004-08-25 10:26 1465856]
"Adobe Reader Speed Launcher"="C:\Program Files\- Programy systemowe -\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-02-22 02:46 1626112 C:\WINDOWS\system32\nwiz.exe]
"Creative KSRun Persistence Module"="KSRun.dll" [2008-02-12 10:56 16896 C:\WINDOWS\system32\KSRun.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-10 09:20 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\runmgr.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=
"C:\\Program Files\\- Programy systemowe -\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AQQ\\AQQ.exe"=
"C:\\PROGRA~1\\AQQ\\AQQ.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 ItSDisk;ItSDisk;C:\WINDOWS\system32\Drivers\ItSDisk.sys [2006-05-16 19:14]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 12:50]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2006-03-02 14:00]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-02-13 10:49]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 05:19]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 itecir;ITECIR Infrared Receiver;C:\WINDOWS\system32\DRIVERS\itecir.sys [2007-06-20 13:49]
S3 ksaud;Creative USB Audio Driver;C:\WINDOWS\system32\drivers\ksaud.sys [2008-02-12 11:17]
S3 ksaudfl;ksaudfl;C:\WINDOWS\system32\drivers\ksaudfl.sys [2008-01-23 09:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ      ASBroker ASChannel

.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 18:07:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-07-13 10:00:00 C:\WINDOWS\Tasks\Security Platform Backup Schedule.job"
- C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 20:04:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
-> C:\WINDOWS\system32\ac3filter.acm
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\- Programy systemowe -\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-07-14 20:08:52 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-14 18:07:47

Pre-Run: 111,087,529,984 bajtów wolnych
Post-Run: 111,073,689,600 bajt˘w wolnych

280   --- E O F ---   2008-07-14 17:19:26


[Dzi@dek]

Wklej do notatnika

Kod: Zaznacz wszystko

File::
C:\runmgr.exe

Plik Zapisz jako... CFScript - najlepiej jeśli zapiszesz w

takiej lokalizacji, by ikona CFScript.txt znalazła się obok ikony ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
Potwierdz zrestartuje sie komputer.

Jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER. Rozpocznie się proces usuwania.

Daj nowy log z Combo.

Wykonaj skan programem http://www.programosy.pl/program,dr-web-cureit.html

Autor postu otrzymał pochwałę