pxpfern.exe

[serenity15]

mam probelm z wyzej wymienionym plikiem. Wpisałem go w googlach i wypada na to ze to trojan jak go usunąc?
mam jeszcze taki plik: tnmgncd

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:18, on 2008-04-30
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\System\tnmgncd.exe
C:\Program Files\Common Files\Microsoft Shared\pxpfern.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Opera\Opera.exe
G:\hijackthis.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [bhbsdrx] C:\Program Files\Common Files\System\tnmgncd.exe
O4 - HKLM\..\Run: [htocusa] C:\Program Files\Common Files\Microsoft Shared\pxpfern.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6587FA0D-4449-4493-BFE9-8C29A0E6F5A3}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 5140 bytes

[Okocza]

po 1 zamykasz porty:

http://www.forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html

po 2 dajesz log z combofixa:

http://www.forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

po 3 skanujesz:

Kod: Zaznacz wszystko

C:\Program Files\Common Files\Microsoft Shared\pxpfern.exe
C:\Program Files\Common Files\Microsoft Shared\pxpfern.exe
C:\WINDOWS\system32\IoctlSvc.exe

na www.virustotal.com i wklejasz raport na forum.

[serenity15]

combofixa:

ComboFix 08-04-29.5 - Administrator 2008-04-30 19:57:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1661 [GMT 2:00]
Running from: G:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\meex.exe
C:\WINDOWS\system32\adeafdedd7_z.dll
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\system32\cenzura-spam.dat
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
H:\Autorun.inf
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-30 19:57 . 2007-06-18 18:42 25,824 ---hsc--- C:\Program Files\meex.exe
2008-04-30 19:21 . 2008-04-30 19:21 716,272 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
2008-04-30 17:59 . 2008-04-30 17:59 505,128 --a--c--- C:\WINDOWS\system32\msvcp71.dll
2008-04-30 17:59 . 2008-04-30 17:59 29,480 --a--c--- C:\WINDOWS\system32\msxml3a.dll
2008-04-30 17:55 . 2008-04-30 17:55 <DIR> d----c--- C:\Program Files\InterVideo
2008-04-30 17:55 . 2008-04-30 17:55 <DIR> d----c--- C:\Program Files\Common Files\Protexis
2008-04-30 17:55 . 2008-04-30 17:55 <DIR> d----c--- C:\Program Files\Common Files\InterVideo
2008-04-30 17:55 . 2008-04-30 17:55 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-04-30 17:55 . 2005-09-20 17:27 10,368 --a--c--- C:\WINDOWS\system32\drivers\iviaspi.sys
2008-04-30 17:54 . 2008-04-30 17:54 <DIR> d----c--- C:\Program Files\Corel
2008-04-30 17:43 . 2008-04-30 17:43 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\Corel
2008-04-30 17:43 . 2008-04-30 17:58 5,642 --ahsc--- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys
2008-04-30 17:43 . 2008-04-30 17:55 168 -r-hsc--- C:\Documents and Settings\All Users\Dane aplikacji\4844DB46C6.sys
2008-04-30 17:42 . 2008-04-30 18:00 <DIR> d----c--- C:\Program Files\InstallShield Installation Information
2008-04-30 17:37 . 2008-04-30 17:37 <DIR> d----c--- C:\Program Files\Webteh
2008-04-30 17:37 . 2008-04-30 17:39 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\BSplayer PRO
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d----c--- C:\Program Files\K-Lite Codec Pack
2008-04-30 17:28 . 2008-03-21 22:30 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
2008-04-30 17:14 . 2008-04-30 17:14 <DIR> d----c--- C:\Program Files\Opera
2008-04-30 17:06 . 2008-04-30 18:56 <DIR> d----c--- C:\Program Files\AutoConnect
2008-04-25 16:09 . 2008-04-25 16:09 1,571,840 --a--c--- C:\WINDOWS\system32\sfcfiles.dll
2008-04-25 16:09 . 2008-04-25 16:09 999,936 --a--c--- C:\WINDOWS\system32\syssetup.dll
2008-04-25 16:07 . 2008-04-25 16:07 2,603,008 --a------ C:\WINDOWS\system32\wpdshext.dll
2008-04-15 01:16 . 2008-04-15 01:16 1,804 --a--c--- C:\WINDOWS\system32\Dcache.bin
2008-04-15 00:56 . 2008-04-15 00:56 332,288 --a--c--- C:\WINDOWS\system32\netsetup.exe
2008-04-15 00:56 . 2008-04-15 00:56 332,288 --a--c--- C:\WINDOWS\system32\dllcache\netsetup.exe
2008-04-15 00:55 . 2008-04-15 00:55 1,202,774 --a--c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-15 00:55 . 2008-04-15 00:55 785,972 --a--c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-15 00:55 . 2008-04-15 00:55 204,396 --a--c--- C:\WINDOWS\system32\dllcache\msimain.sdb
2008-04-15 00:55 . 2008-04-15 00:55 85,628 --a--c--- C:\WINDOWS\system32\dllcache\apps.chm
2008-04-15 00:55 . 2008-04-15 00:55 9,424 --a--c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-04-15 00:54 . 2008-04-15 00:54 237,870 --a--c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-15 00:52 . 2008-04-15 00:52 4,190,352 --a--c--- C:\WINDOWS\system32\dllcache\luna.mst
2008-04-15 00:52 . 2008-04-15 00:52 299,520 --a--c--- C:\WINDOWS\system32\drmclien.dll
2008-04-15 00:52 . 2008-04-15 00:52 299,520 --a--c--- C:\WINDOWS\system32\dllcache\drmclien.dll
2008-04-15 00:52 . 2008-04-15 00:52 92,424 --a--c--- C:\WINDOWS\system32\rdpdd.dll
2008-04-15 00:52 . 2008-04-15 00:52 92,424 --a--c--- C:\WINDOWS\system32\dllcache\rdpdd.dll
2008-04-15 00:52 . 2008-04-15 00:52 12,168 --a--c--- C:\WINDOWS\system32\tsddd.dll
2008-04-15 00:52 . 2008-04-15 00:52 12,168 --a--c--- C:\WINDOWS\system32\dllcache\tsddd.dll
2008-04-15 00:49 . 2008-04-15 00:49 1,852,928 --a--c--- C:\WINDOWS\system32\dllcache\acgenral.dll
2008-04-15 00:48 . 2008-04-15 00:48 1,449,472 --a--c--- C:\WINDOWS\system32\winntbbu.dll
2008-04-15 00:48 . 2008-04-15 00:48 1,449,472 --a--c--- C:\WINDOWS\system32\dllcache\winntbbu.dll
2008-04-15 00:48 . 2008-04-15 00:48 219,648 --a--c--- C:\WINDOWS\system32\sysmon.ocx
2008-04-15 00:48 . 2008-04-15 00:48 219,648 --a--c--- C:\WINDOWS\system32\dllcache\sysmon.ocx
2008-04-15 00:48 . 2008-04-15 00:48 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2008-04-15 00:48 . 2008-04-15 00:48 5,632 --a--c--- C:\WINDOWS\system32\dllcache\wmi.dll
2008-04-15 00:47 . 2008-04-15 00:47 103,424 --a--c--- C:\WINDOWS\system32\dpcdll.dll
2008-04-15 00:47 . 2008-04-15 00:47 103,424 --a--c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-04-15 00:47 . 2008-04-15 00:47 86,016 --a--c--- C:\WINDOWS\system32\sl_anet.acm
2008-04-15 00:47 . 2008-04-15 00:47 81,920 --a--c--- C:\WINDOWS\system32\proctexe.ocx
2008-04-15 00:47 . 2008-04-15 00:47 81,920 --a--c--- C:\WINDOWS\system32\dllcache\proctexe.ocx
2008-04-15 00:47 . 2008-04-15 00:47 57,375 --a--c--- C:\WINDOWS\system32\odbcji32.dll
2008-04-15 00:47 . 2008-04-15 00:47 57,375 --a--c--- C:\WINDOWS\system32\dllcache\odbcji32.dll
2008-04-15 00:46 . 2008-04-15 00:46 110,592 --a--c--- C:\WINDOWS\system32\msscript.ocx
2008-04-15 00:46 . 2008-04-15 00:46 110,592 --a--c--- C:\WINDOWS\system32\dllcache\msscript.ocx
2008-04-15 00:43 . 2008-04-15 00:43 847,386 --a--c--- C:\WINDOWS\system32\msdxm.ocx
2008-04-15 00:43 . 2008-04-15 00:43 847,386 --a--c--- C:\WINDOWS\system32\dllcache\msdxm.ocx
2008-04-15 00:43 . 2008-04-15 00:43 177,152 --a------ C:\WINDOWS\system32\MSCTFIME.IME
2008-04-15 00:43 . 2008-04-15 00:43 177,152 --a--c--- C:\WINDOWS\system32\dllcache\msctfime.ime
2008-04-15 00:43 . 2008-04-15 00:43 4,126 --a--c--- C:\WINDOWS\system32\msdxmlc.dll
2008-04-15 00:43 . 2008-04-15 00:43 4,126 --a--c--- C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-15 00:42 . 2008-04-15 00:42 294,912 --a--c--- C:\WINDOWS\system32\msaud32.acm
2008-04-15 00:42 . 2008-04-15 00:42 14,848 --a--c--- C:\WINDOWS\system32\msadp32.acm
2008-04-15 00:42 . 2008-04-15 00:42 3,584 --a--c--- C:\WINDOWS\system32\msafd.dll
2008-04-15 00:42 . 2008-04-15 00:42 3,584 --a--c--- C:\WINDOWS\system32\dllcache\msafd.dll
2008-04-15 00:40 . 2008-04-15 00:40 290,816 --a--c--- C:\WINDOWS\system32\l3codeca.acm
2008-04-15 00:36 . 2008-04-15 00:36 16,384 --a--c--- C:\WINDOWS\system32\imaadp32.acm
2008-04-15 00:36 . 2008-04-15 00:36 3,584 --a--c--- C:\WINDOWS\system32\icmp.dll
2008-04-15 00:36 . 2008-04-15 00:36 3,584 --a--c--- C:\WINDOWS\system32\dllcache\icmp.dll
2008-04-15 00:35 . 2008-04-15 00:35 569,856 --a--c--- C:\WINDOWS\system32\gpedit.dll
2008-04-15 00:35 . 2008-04-15 00:35 569,856 --a--c--- C:\WINDOWS\system32\dllcache\gpedit.dll
2008-04-15 00:35 . 2008-04-15 00:35 545,280 --a--c--- C:\WINDOWS\system32\hhctrl.ocx
2008-04-15 00:35 . 2008-04-15 00:35 545,280 --a--c--- C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-04-15 00:35 . 2008-04-15 00:35 9,344 --a------ C:\WINDOWS\system32\framebuf.dll
2008-04-15 00:35 . 2008-04-15 00:35 9,344 --a--c--- C:\WINDOWS\system32\dllcache\framebuf.dll
2008-04-15 00:33 . 2008-04-15 00:33 24,064 --a--c--- C:\WINDOWS\system32\pidgen.dll
2008-04-15 00:33 . 2008-04-15 00:33 24,064 --a--c--- C:\WINDOWS\system32\dllcache\pidgen.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a--c--- C:\WINDOWS\system32\dpnlobby.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a--c--- C:\WINDOWS\system32\dpnaddr.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a--c--- C:\WINDOWS\system32\dllcache\dpnlobby.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a--c--- C:\WINDOWS\system32\dllcache\dpnaddr.dll
2008-04-15 00:32 . 2008-04-15 00:32 153,088 --a--c--- C:\WINDOWS\system32\dllcache\daxctle.ocx
2008-04-15 00:32 . 2008-04-15 00:32 153,088 --a--c--- C:\WINDOWS\system32\daxctle.ocx
2008-04-15 00:31 . 2008-04-15 00:31 16,896 --a--c--- C:\WINDOWS\system32\dllcache\cfgmgr32.dll
2008-04-15 00:31 . 2008-04-15 00:31 16,896 --a--c--- C:\WINDOWS\system32\cfgmgr32.dll
2008-04-15 00:30 . 2008-04-15 00:30 285,696 --a--c--- C:\WINDOWS\system32\dllcache\atmfd.dll
2008-04-15 00:30 . 2008-04-15 00:30 285,696 --a--c--- C:\WINDOWS\system32\atmfd.dll
2008-04-15 00:29 . 2008-04-15 00:29 115,200 --a--c--- C:\WINDOWS\system32\dllcache\asctrls.ocx
2008-04-15 00:29 . 2008-04-15 00:29 115,200 --a--c--- C:\WINDOWS\system32\asctrls.ocx
2008-04-15 00:05 . 2008-04-15 00:05 144,776 --a--c--- C:\WINDOWS\system32\dllcache\archvapp.inf
2008-04-15 00:05 . 2008-04-15 00:05 1,950 --a--c--- C:\WINDOWS\system32\pid.inf
2008-04-15 00:05 . 2008-04-15 00:05 1,950 --a--c--- C:\WINDOWS\system32\dllcache\pid.inf
2008-04-15 00:03 . 2008-04-15 00:03 120,320 --a--c--- C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-15 00:03 . 2008-04-15 00:03 120,320 --a--c--- C:\WINDOWS\system32\dllcache\pcmcia.sys
2008-04-15 00:03 . 2008-04-15 01:09 80,256 --a--c--- C:\WINDOWS\system32\drivers\parport.sys
2008-04-15 00:03 . 2008-04-15 01:09 80,256 --a--c--- C:\WINDOWS\system32\dllcache\parport.sys
2008-04-15 00:03 . 2008-04-15 00:03 68,608 --a--c--- C:\WINDOWS\system32\drivers\pci.sys
2008-04-15 00:03 . 2008-04-15 00:03 68,608 --a--c--- C:\WINDOWS\system32\dllcache\pci.sys
2008-04-15 00:03 . 2008-04-15 01:09 46,848 --a--c--- C:\WINDOWS\system32\drivers\p3.sys
2008-04-15 00:03 . 2008-04-15 01:09 46,848 --a--c--- C:\WINDOWS\system32\dllcache\p3.sys
2008-04-14 23:59 . 2008-04-14 23:59 2,146,816 --a--c--- C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 23:59 . 2008-04-14 23:59 2,146,816 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-04-14 23:59 . 2008-04-15 01:09 2,025,472 --a--c--- C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 23:59 . 2008-04-15 01:09 2,025,472 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-04-14 23:55 . 2008-04-14 23:55 4,096 --a--c--- C:\WINDOWS\system32\dsprpres.dll
2008-04-14 23:55 . 2008-04-14 23:55 4,096 --a--c--- C:\WINDOWS\system32\dllcache\dsprpres.dll
2008-04-14 23:52 . 2008-04-14 23:52 800,000 --a--c--- C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 23:52 . 2008-04-14 23:52 800,000 --a--c--- C:\WINDOWS\system32\dllcache\dmboot.sys
2008-04-14 23:52 . 2008-04-14 23:52 153,856 --a--c--- C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 23:52 . 2008-04-14 23:52 153,856 --a--c--- C:\WINDOWS\system32\dllcache\dmio.sys
2008-04-14 23:52 . 2008-04-14 23:52 89,600 --a--c--- C:\WINDOWS\system32\msxml6r.dll
2008-04-14 23:52 . 2008-04-14 23:52 89,600 --a--c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 23:50 . 2008-04-14 23:50 80,896 --a--c--- C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 23:50 . 2008-04-14 23:50 80,896 --a--c--- C:\WINDOWS\system32\dllcache\msshamsg.dll
2008-04-14 23:50 . 2008-04-14 23:50 24,960 --a--c--- C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 23:50 . 2008-04-14 23:50 24,960 --a--c--- C:\WINDOWS\system32\dllcache\kbdclass.sys
2008-04-14 23:48 . 2008-04-14 23:48 37,632 --a--c--- C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 23:48 . 2008-04-14 23:48 37,632 --a--c--- C:\WINDOWS\system32\dllcache\isapnp.sys
2008-04-14 23:47 . 2008-04-15 01:09 40,832 --a--c--- C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 23:47 . 2008-04-15 01:09 40,832 --a--c--- C:\WINDOWS\system32\dllcache\crusoe.sys
2008-04-14 23:46 . 2008-04-14 23:46 40,448 --a--c--- C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 23:46 . 2008-04-14 23:46 40,448 --a--c--- C:\WINDOWS\system32\dllcache\intelppm.sys
2008-04-14 23:43 . 2008-04-14 23:43 563,200 --a------ C:\WINDOWS\system32\shdoclc.dll
2008-04-14 23:43 . 2008-04-14 23:43 563,200 --a--c--- C:\WINDOWS\system32\dllcache\shdoclc.dll
2008-04-14 23:41 . 2008-04-14 23:41 65,280 --a--c--- C:\WINDOWS\system32\drivers\serial.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 17:21 --------- dc----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-04-30 16:53 --------- dc----w C:\Program Files\MSBuild
2008-04-30 16:49 --------- dc----w C:\Program Files\Reference Assemblies
2008-04-30 16:24 --------- dc----w C:\Program Files\BitComet
2008-04-30 16:23 --------- dc----w C:\Program Files\uTorrent
2008-04-30 16:18 --------- dc----w C:\Program Files\jv16 PowerTools 2008
2008-04-30 16:16 --------- dc----w C:\Program Files\NAPI-PROJEKT
2008-04-30 16:16 --------- dc----w C:\Program Files\Java
2008-04-30 16:16 --------- dc----w C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-04-30 16:15 --------- dc----w C:\Program Files\Common Files\Java
2008-04-30 16:14 --------- dc----w C:\Program Files\Gadu-Gadu
2008-04-30 16:14 --------- dc----w C:\Program Files\eMule
2008-04-30 16:13 --------- dc----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-04-30 16:11 --------- dc----w C:\Program Files\Winamp
2008-04-30 16:10 --------- dc----w C:\Program Files\NeroInstall.bak
2008-04-30 16:09 --------- dc----w C:\Documents and Settings\Administrator\Dane aplikacji\Nero
2008-04-30 16:08 --------- dc----w C:\Program Files\Common Files\Nero
2008-04-30 16:07 --------- dc----w C:\Program Files\Nero
2008-04-30 16:07 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-30 16:03 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-04-30 16:01 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-04-30 16:00 --------- dc----w C:\Program Files\CyberLink
2008-04-30 16:00 --------- dc----w C:\Program Files\Common Files\CyberLink
2008-04-30 16:00 --------- dc----w C:\Documents and Settings\Administrator\Dane aplikacji\CyberLink
2008-04-30 15:59 353,576 -c--a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-30 14:46 169 -csh--w C:\Program Files\bhbsdrx.inf
2008-04-30 14:38 --------- dc----w C:\Program Files\microsoft frontpage
2008-04-30 14:36 --------- dc----w C:\Program Files\Usługi online
2008-04-30 14:34 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-04-25 14:07 991,744 -c--a-w C:\WINDOWS\system32\drmv2clt.dll
2008-04-15 01:04 1,246,357 -c--a-r C:\WINDOWS\SET3.tmp
2008-04-15 00:56 16,825 -c--a-r C:\WINDOWS\SET8.tmp
2008-04-15 00:56 1,088,840 -c--a-r C:\WINDOWS\SET4.tmp
2008-04-14 22:52 87,176 -c--a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 22:52 21,896 -c--a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 22:52 139,656 -c--a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 22:52 12,040 -c--a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 22:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 22:49 98,304 -c--a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 22:39 7,680 -c--a-w C:\WINDOWS\system32\kbdsmsno.dll
2008-04-14 22:04 73,472 -c--a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 21:46 5,504 -c--a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 21:45 49,664 -c--a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 21:35 58,880 -c--a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 20:52 40,840 -c--a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:51 294,912 -c--a-w C:\WINDOWS\system32\msh263.drv
2008-04-14 20:51 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
2008-04-14 20:50 4,096 -c--a-w C:\WINDOWS\system32\ksuser.dll
2008-04-14 00:27 41,472 -c--a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 00:27 40,576 -c--a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 00:27 34,560 -c--a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 00:27 20,864 -c--a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 00:27 152,832 -c--a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 00:27 14,336 -c--a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 00:27 10,112 -c--a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 00:26 69,120 -c--a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 00:26 35,072 -c--a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 00:26 34,688 -c--a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 00:26 30,592 -c--a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 00:26 12,800 -c--a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 00:24 11,264 -c--a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 00:15 59,520 -c--a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-14 00:15 36,864 -c--a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-04-14 00:15 30,208 -c--a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-04-14 00:15 24,960 -c--a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-04-14 00:15 20,608 -c--a-w C:\WINDOWS\system32\drivers\usbuhci.sys
2008-04-14 00:15 17,664 -c--a-w C:\WINDOWS\system32\watchdog.sys
2008-04-14 00:15 143,872 -c--a-w C:\WINDOWS\system32\drivers\usbport.sys
2008-04-14 00:15 10,368 -c--a-w C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-14 00:06 42,368 -c--a-w C:\WINDOWS\system32\drivers\AGP440.SYS
2008-04-14 00:03 129,792 -c--a-w C:\WINDOWS\system32\drivers\fltMgr.sys
2008-04-13 22:49 146,048 -c--a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:47 83,072 -c--a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:45 60,800 -c--a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:15 60,160 -c--a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 22:15 6,272 -c--a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 22:15 56,576 -c--a-w C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-13 22:15 52,864 -c--a-w C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-13 22:15 49,408 -c--a-w C:\WINDOWS\system32\drivers\stream.sys
2008-04-13 22:15 2,944 -c--a-w C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-13 22:15 172,416 -c--a-w C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-13 22:09 7,552 -c--a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-13 22:09 5,376 -c--a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-13 22:09 4,992 -c--a-w C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-13 22:02 196,224 -c--a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-13 20:09 142,592 -c--a-w C:\WINDOWS\system32\drivers\aec.sys
2008-03-31 21:25 682,496 -c--a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 -c--a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 20:28 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-02-28 15:38 972,072 -c--a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 -c--a-w C:\WINDOWS\UNRecode.exe
2008-02-18 14:04 95,600 -c--a-w C:\WINDOWS\system32\NeroCo.dll
2008-01-10 12:16 159,839 -c--a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 -c--a-w C:\WINDOWS\system32\xvidcore.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27 295424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bhbsdrx"="C:\Program Files\Common Files\System\tnmgncd.exe" [2007-06-18 18:42 25824]
"htocusa"="C:\Program Files\Common Files\Microsoft Shared\pxpfern.exe" [2007-06-18 18:42 25824]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 15:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 15:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 15:07 86016]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 11:01 151552 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 00:51 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24]
R2 PSI_SVC_2;Protexis Licensing V2;"C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 14:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 15:28]

*Newly Created Service* - BITS
*Newly Created Service* - CATCHME
*Newly Created Service* - CLR_OPTIMIZATION_V2.0.50727_32
*Newly Created Service* - FONTCACHE3.0.0.0
*Newly Created Service* - NERO_BACKITUP_SCHEDULER_3
*Newly Created Service* - REGI
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 19:58:05
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2008-04-30 19:58:38
ComboFix-quarantined-files.txt 2008-04-30 17:58:33

Pre-Run: 5,460,209,664 bajtów wolnych
Post-Run: 5,907,386,368 bajtów wolnych

298

C:\Program Files\Common Files\Microsoft Shared\pxpfern.exe
C:\Program Files\Common Files\Microsoft Shared\pxpfern.exe
C:\WINDOWS\system32\IoctlSvc.exe

po uruchomieniu combofixa te pliki zniknęły bo zaczął on tam cos grzebać

[Okocza]

czyli już ich nie ma

[serenity15]

czyli już ich nie ma

nie widze ich tam
moze sa ukryte bo jak nawet w Opcjach Folderów daje opcje "Pokaz ukryte pliki i foldery" to folderów nie pokazuje

[Okocza]

daj log z hijack this

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\Program Files\bhbsdrx.inf
C:\Program Files\meex.exe

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

[serenity15]

po uzyciu combofixa uzyłem kasperskiego i on wywalił te 2 pliki co wyzej napisałem. Po kilku uruchomieniach kompa nie ma ich jak na razie.
I teraz pytanie czym był ten trojan bo wszedzie jest angielski opis a ten wirus powodował takie dziwne sytuacje jak:
1. Nie pozwalał pokazać ukrytych plików i folderów
2. Po kliknieciu w przeglądarce lub otwarciu katalogu z napisem "System" zamykał dane okno
3. Po wybraniu jakiegos pliku i daniu "Uruchom jako..." okienko natychmiast sie zamykało.

I mam pytanie skąd to sie wzieło?????????
Instalowałem system wczoraj z SP3 i on sie odrazu pojawił nawet nic nie sciągnąłem jeszcze. Jakby sie odrazu z WIndowsem wgrał. Czyzby był na dysku?

A oto logi

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:20, on 2008-05-01
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Opera\Opera.exe
G:\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6587FA0D-4449-4493-BFE9-8C29A0E6F5A3}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6396 bytes

Combofix:

ComboFix 08-04-29.5 - Administrator 2008-05-01 8:52:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1661 [GMT 2:00]
Running from: G:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\bhbsdrx.inf
C:\Program Files\meex.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\bhbsdrx.inf
C:\Program Files\meex.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-04-30 21:11 . 2008-04-30 21:11 <DIR> d----c--- C:\WINDOWS\VirtualEar
2008-04-30 21:11 . 2008-04-30 21:11 <DIR> d----c--- C:\Program Files\Analog Devices
2008-04-30 21:11 . 2001-09-11 14:20 1,285,632 --a--c--- C:\WINDOWS\system32\SMMedia.dll
2008-04-30 21:11 . 2001-10-04 14:50 991,232 --a--c--- C:\WINDOWS\system32\virtear.dll
2008-04-30 21:11 . 2001-09-19 12:47 765,952 --a--c--- C:\WINDOWS\system\crlds3d.dll
2008-04-30 21:11 . 2004-09-14 12:55 88,960 --a--c--- C:\WINDOWS\system32\drivers\MidiSyn.sys
2008-04-30 21:11 . 2003-08-19 18:36 65,536 --a--c--- C:\WINDOWS\system32\Audio3d.dll
2008-04-30 21:11 . 2004-12-08 16:16 49,152 --a--c--- C:\WINDOWS\system32\DSndUp.exe
2008-04-30 21:11 . 2002-04-17 14:05 45,056 --a--c--- C:\WINDOWS\system32\CleanUp.exe
2008-04-30 21:11 . 2001-09-11 14:20 30,208 --a--c--- C:\WINDOWS\system32\wdmioctl.dll
2008-04-30 21:08 . 2008-04-30 21:08 <DIR> d----c--- C:\Program Files\Common Files\InstallShield
2008-04-30 21:02 . 2006-10-26 19:56 32,592 --a--c--- C:\WINDOWS\system32\msonpmon.dll
2008-04-30 21:01 . 2008-04-30 21:01 <DIR> d----c--- C:\Program Files\Microsoft Works
2008-04-30 21:00 . 2008-04-30 21:00 <DIR> d----c--- C:\Program Files\Microsoft.NET
2008-04-30 20:58 . 2008-04-30 20:58 <DIR> d----c--- C:\Program Files\Microsoft Visual Studio 8
2008-04-30 20:57 . 2008-04-30 20:57 <DIR> d----c--- C:\WINDOWS\SHELLNEW
2008-04-30 20:57 . 2008-04-30 21:06 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-30 20:30 . 2008-04-30 20:36 96,645 --a--c--- C:\WINDOWS\system32\drivers\klin.dat
2008-04-30 20:30 . 2008-04-30 20:36 87,941 --a--c--- C:\WINDOWS\system32\drivers\klick.dat
2008-04-30 20:29 . 2008-04-30 20:29 <DIR> d----c--- C:\Program Files\Kaspersky Lab
2008-04-30 20:29 . 2008-04-30 20:59 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-30 20:29 . 2008-05-01 08:53 1,211,424 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-30 20:29 . 2008-05-01 08:53 49,440 --ahsc--- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-30 20:29 . 2008-04-30 21:12 21,368 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-30 20:29 . 2008-04-30 21:12 6,128 --ahsc--- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-30 19:21 . 2008-04-30 19:21 716,272 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
2008-04-30 17:59 . 2008-04-30 17:59 505,128 --a--c--- C:\WINDOWS\system32\msvcp71.dll
2008-04-30 17:59 . 2008-04-30 17:59 29,480 --a--c--- C:\WINDOWS\system32\msxml3a.dll
2008-04-30 17:55 . 2008-04-30 17:55 <DIR> d----c--- C:\Program Files\InterVideo
2008-04-30 17:55 . 2008-04-30 17:55 <DIR> d----c--- C:\Program Files\Common Files\Protexis
2008-04-30 17:55 . 2008-04-30 17:55 <DIR> d----c--- C:\Program Files\Common Files\InterVideo
2008-04-30 17:55 . 2008-04-30 17:55 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-04-30 17:55 . 2005-09-20 17:27 10,368 --a--c--- C:\WINDOWS\system32\drivers\iviaspi.sys
2008-04-30 17:54 . 2008-04-30 17:54 <DIR> d----c--- C:\Program Files\Corel
2008-04-30 17:43 . 2008-04-30 17:43 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\Corel
2008-04-30 17:43 . 2008-04-30 17:58 5,642 --ahsc--- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys
2008-04-30 17:43 . 2008-04-30 17:55 168 -r-hsc--- C:\Documents and Settings\All Users\Dane aplikacji\4844DB46C6.sys
2008-04-30 17:42 . 2008-04-30 21:11 <DIR> d--h-c--- C:\Program Files\InstallShield Installation Information
2008-04-30 17:37 . 2008-04-30 17:37 <DIR> d----c--- C:\Program Files\Webteh
2008-04-30 17:37 . 2008-04-30 17:39 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\BSplayer PRO
2008-04-30 17:28 . 2008-04-30 17:28 <DIR> d----c--- C:\Program Files\K-Lite Codec Pack
2008-04-30 17:28 . 2008-03-21 22:30 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
2008-04-30 17:14 . 2008-04-30 17:14 <DIR> d----c--- C:\Program Files\Opera
2008-04-30 17:06 . 2008-04-30 21:13 <DIR> d----c--- C:\Program Files\AutoConnect
2008-04-30 17:05 . 2008-04-30 17:05 <DIR> d----c--- C:\WINDOWS\system32\InsFiles
2008-04-25 16:09 . 2008-04-25 16:09 1,571,840 --a--c--- C:\WINDOWS\system32\sfcfiles.dll
2008-04-25 16:09 . 2008-04-25 16:09 999,936 --a--c--- C:\WINDOWS\system32\syssetup.dll
2008-04-25 16:07 . 2008-04-25 16:07 2,603,008 --a------ C:\WINDOWS\system32\wpdshext.dll
2008-04-15 01:16 . 2008-04-15 01:16 1,804 --a--c--- C:\WINDOWS\system32\Dcache.bin
2008-04-15 00:56 . 2008-04-15 00:56 332,288 --a--c--- C:\WINDOWS\system32\netsetup.exe
2008-04-15 00:56 . 2008-04-15 00:56 332,288 --a--c--- C:\WINDOWS\system32\dllcache\netsetup.exe
2008-04-15 00:55 . 2008-04-15 00:55 1,202,774 --a--c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-15 00:55 . 2008-04-15 00:55 785,972 --a--c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-15 00:55 . 2008-04-15 00:55 204,396 --a--c--- C:\WINDOWS\system32\dllcache\msimain.sdb
2008-04-15 00:55 . 2008-04-15 00:55 85,628 --a--c--- C:\WINDOWS\system32\dllcache\apps.chm
2008-04-15 00:55 . 2008-04-15 00:55 9,424 --a--c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-04-15 00:54 . 2008-04-15 00:54 237,870 --a--c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-15 00:52 . 2008-04-15 00:52 4,190,352 --a--c--- C:\WINDOWS\system32\dllcache\luna.mst
2008-04-15 00:52 . 2008-04-15 00:52 299,520 --a--c--- C:\WINDOWS\system32\drmclien.dll
2008-04-15 00:52 . 2008-04-15 00:52 299,520 --a--c--- C:\WINDOWS\system32\dllcache\drmclien.dll
2008-04-15 00:52 . 2008-04-15 00:52 92,424 --a--c--- C:\WINDOWS\system32\rdpdd.dll
2008-04-15 00:52 . 2008-04-15 00:52 92,424 --a--c--- C:\WINDOWS\system32\dllcache\rdpdd.dll
2008-04-15 00:52 . 2008-04-15 00:52 12,168 --a--c--- C:\WINDOWS\system32\tsddd.dll
2008-04-15 00:52 . 2008-04-15 00:52 12,168 --a--c--- C:\WINDOWS\system32\dllcache\tsddd.dll
2008-04-15 00:49 . 2008-04-15 00:49 1,852,928 --a--c--- C:\WINDOWS\system32\dllcache\acgenral.dll
2008-04-15 00:48 . 2008-04-15 00:48 1,449,472 --a--c--- C:\WINDOWS\system32\winntbbu.dll
2008-04-15 00:48 . 2008-04-15 00:48 1,449,472 --a--c--- C:\WINDOWS\system32\dllcache\winntbbu.dll
2008-04-15 00:48 . 2008-04-15 00:48 219,648 --a--c--- C:\WINDOWS\system32\sysmon.ocx
2008-04-15 00:48 . 2008-04-15 00:48 219,648 --a--c--- C:\WINDOWS\system32\dllcache\sysmon.ocx
2008-04-15 00:48 . 2008-04-15 00:48 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2008-04-15 00:48 . 2008-04-15 00:48 5,632 --a--c--- C:\WINDOWS\system32\dllcache\wmi.dll
2008-04-15 00:47 . 2008-04-15 00:47 103,424 --a--c--- C:\WINDOWS\system32\dpcdll.dll
2008-04-15 00:47 . 2008-04-15 00:47 103,424 --a--c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-04-15 00:47 . 2008-04-15 00:47 86,016 --a--c--- C:\WINDOWS\system32\sl_anet.acm
2008-04-15 00:47 . 2008-04-15 00:47 81,920 --a--c--- C:\WINDOWS\system32\proctexe.ocx
2008-04-15 00:47 . 2008-04-15 00:47 81,920 --a--c--- C:\WINDOWS\system32\dllcache\proctexe.ocx
2008-04-15 00:47 . 2008-04-15 00:47 57,375 --a--c--- C:\WINDOWS\system32\odbcji32.dll
2008-04-15 00:47 . 2008-04-15 00:47 57,375 --a--c--- C:\WINDOWS\system32\dllcache\odbcji32.dll
2008-04-15 00:46 . 2008-04-15 00:46 110,592 --a--c--- C:\WINDOWS\system32\msscript.ocx
2008-04-15 00:46 . 2008-04-15 00:46 110,592 --a--c--- C:\WINDOWS\system32\dllcache\msscript.ocx
2008-04-15 00:43 . 2008-04-15 00:43 847,386 --a--c--- C:\WINDOWS\system32\msdxm.ocx
2008-04-15 00:43 . 2008-04-15 00:43 847,386 --a--c--- C:\WINDOWS\system32\dllcache\msdxm.ocx
2008-04-15 00:43 . 2008-04-15 00:43 177,152 --a------ C:\WINDOWS\system32\MSCTFIME.IME
2008-04-15 00:43 . 2008-04-15 00:43 177,152 --a--c--- C:\WINDOWS\system32\dllcache\msctfime.ime
2008-04-15 00:43 . 2008-04-15 00:43 4,126 --a--c--- C:\WINDOWS\system32\msdxmlc.dll
2008-04-15 00:43 . 2008-04-15 00:43 4,126 --a--c--- C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-15 00:42 . 2008-04-15 00:42 294,912 --a--c--- C:\WINDOWS\system32\msaud32.acm
2008-04-15 00:42 . 2008-04-15 00:42 14,848 --a--c--- C:\WINDOWS\system32\msadp32.acm
2008-04-15 00:42 . 2008-04-15 00:42 3,584 --a--c--- C:\WINDOWS\system32\msafd.dll
2008-04-15 00:42 . 2008-04-15 00:42 3,584 --a--c--- C:\WINDOWS\system32\dllcache\msafd.dll
2008-04-15 00:40 . 2008-04-15 00:40 290,816 --a--c--- C:\WINDOWS\system32\l3codeca.acm
2008-04-15 00:36 . 2008-04-15 00:36 16,384 --a--c--- C:\WINDOWS\system32\imaadp32.acm
2008-04-15 00:36 . 2008-04-15 00:36 3,584 --a--c--- C:\WINDOWS\system32\icmp.dll
2008-04-15 00:36 . 2008-04-15 00:36 3,584 --a--c--- C:\WINDOWS\system32\dllcache\icmp.dll
2008-04-15 00:35 . 2008-04-15 00:35 569,856 --a--c--- C:\WINDOWS\system32\gpedit.dll
2008-04-15 00:35 . 2008-04-15 00:35 569,856 --a--c--- C:\WINDOWS\system32\dllcache\gpedit.dll
2008-04-15 00:35 . 2008-04-15 00:35 545,280 --a--c--- C:\WINDOWS\system32\hhctrl.ocx
2008-04-15 00:35 . 2008-04-15 00:35 545,280 --a--c--- C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-04-15 00:35 . 2008-04-15 00:35 9,344 --a------ C:\WINDOWS\system32\framebuf.dll
2008-04-15 00:35 . 2008-04-15 00:35 9,344 --a--c--- C:\WINDOWS\system32\dllcache\framebuf.dll
2008-04-15 00:33 . 2008-04-15 00:33 24,064 --a--c--- C:\WINDOWS\system32\pidgen.dll
2008-04-15 00:33 . 2008-04-15 00:33 24,064 --a--c--- C:\WINDOWS\system32\dllcache\pidgen.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a--c--- C:\WINDOWS\system32\dpnlobby.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a--c--- C:\WINDOWS\system32\dpnaddr.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a--c--- C:\WINDOWS\system32\dllcache\dpnlobby.dll
2008-04-15 00:33 . 2008-04-15 00:33 3,072 --a--c--- C:\WINDOWS\system32\dllcache\dpnaddr.dll
2008-04-15 00:32 . 2008-04-15 00:32 153,088 --a--c--- C:\WINDOWS\system32\dllcache\daxctle.ocx
2008-04-15 00:32 . 2008-04-15 00:32 153,088 --a--c--- C:\WINDOWS\system32\daxctle.ocx
2008-04-15 00:31 . 2008-04-15 00:31 16,896 --a--c--- C:\WINDOWS\system32\dllcache\cfgmgr32.dll
2008-04-15 00:31 . 2008-04-15 00:31 16,896 --a--c--- C:\WINDOWS\system32\cfgmgr32.dll
2008-04-15 00:30 . 2008-04-15 00:30 285,696 --a--c--- C:\WINDOWS\system32\dllcache\atmfd.dll
2008-04-15 00:30 . 2008-04-15 00:30 285,696 --a--c--- C:\WINDOWS\system32\atmfd.dll
2008-04-15 00:29 . 2008-04-15 00:29 115,200 --a--c--- C:\WINDOWS\system32\dllcache\asctrls.ocx
2008-04-15 00:29 . 2008-04-15 00:29 115,200 --a--c--- C:\WINDOWS\system32\asctrls.ocx
2008-04-15 00:05 . 2008-04-15 00:05 144,776 --a--c--- C:\WINDOWS\system32\dllcache\archvapp.inf
2008-04-15 00:05 . 2008-04-15 00:05 1,950 --a--c--- C:\WINDOWS\system32\pid.inf
2008-04-15 00:05 . 2008-04-15 00:05 1,950 --a--c--- C:\WINDOWS\system32\dllcache\pid.inf
2008-04-15 00:03 . 2008-04-15 00:03 120,320 --a--c--- C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-15 00:03 . 2008-04-15 00:03 120,320 --a--c--- C:\WINDOWS\system32\dllcache\pcmcia.sys
2008-04-15 00:03 . 2008-04-15 01:09 80,256 --a--c--- C:\WINDOWS\system32\drivers\parport.sys
2008-04-15 00:03 . 2008-04-15 01:09 80,256 --a--c--- C:\WINDOWS\system32\dllcache\parport.sys
2008-04-15 00:03 . 2008-04-15 00:03 68,608 --a--c--- C:\WINDOWS\system32\drivers\pci.sys
2008-04-15 00:03 . 2008-04-15 00:03 68,608 --a--c--- C:\WINDOWS\system32\dllcache\pci.sys
2008-04-15 00:03 . 2008-04-15 01:09 46,848 --a--c--- C:\WINDOWS\system32\drivers\p3.sys
2008-04-15 00:03 . 2008-04-15 01:09 46,848 --a--c--- C:\WINDOWS\system32\dllcache\p3.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 06:47 --------- dc----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-04-30 20:37 --------- dc----w C:\Program Files\NAPI-PROJEKT
2008-04-30 19:00 --------- dc----w C:\Program Files\MSBuild
2008-04-30 16:49 --------- dc----w C:\Program Files\Reference Assemblies
2008-04-30 16:24 --------- dc----w C:\Program Files\BitComet
2008-04-30 16:23 --------- dc----w C:\Program Files\uTorrent
2008-04-30 16:18 --------- dc----w C:\Program Files\jv16 PowerTools 2008
2008-04-30 16:16 --------- dc----w C:\Program Files\Java
2008-04-30 16:16 --------- dc----w C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-04-30 16:15 --------- dc----w C:\Program Files\Common Files\Java
2008-04-30 16:14 --------- dc----w C:\Program Files\Gadu-Gadu
2008-04-30 16:14 --------- dc----w C:\Program Files\eMule
2008-04-30 16:13 --------- dc----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-04-30 16:11 --------- dc----w C:\Program Files\Winamp
2008-04-30 16:10 --------- dc----w C:\Program Files\NeroInstall.bak
2008-04-30 16:09 --------- dc----w C:\Documents and Settings\Administrator\Dane aplikacji\Nero
2008-04-30 16:08 --------- dc----w C:\Program Files\Common Files\Nero
2008-04-30 16:07 --------- dc----w C:\Program Files\Nero
2008-04-30 16:07 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-30 16:03 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-04-30 16:01 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-04-30 16:00 --------- dc----w C:\Program Files\CyberLink
2008-04-30 16:00 --------- dc----w C:\Program Files\Common Files\CyberLink
2008-04-30 16:00 --------- dc----w C:\Documents and Settings\Administrator\Dane aplikacji\CyberLink
2008-04-30 15:59 353,576 -c--a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-30 14:38 --------- dc----w C:\Program Files\microsoft frontpage
2008-04-30 14:36 --------- dc----w C:\Program Files\Usługi online
2008-04-30 14:34 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-04-25 14:07 991,744 -c--a-w C:\WINDOWS\system32\drmv2clt.dll
2008-04-15 01:04 1,246,357 -c--a-r C:\WINDOWS\SET3.tmp
2008-04-15 00:56 16,825 -c--a-r C:\WINDOWS\SET8.tmp
2008-04-15 00:56 1,088,840 -c--a-r C:\WINDOWS\SET4.tmp
2008-04-14 22:52 87,176 -c--a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 22:52 21,896 -c--a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 22:52 139,656 -c--a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 22:52 12,040 -c--a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 22:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 22:49 98,304 -c--a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 22:39 7,680 -c--a-w C:\WINDOWS\system32\kbdsmsno.dll
2008-04-14 22:04 73,472 -c--a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 21:46 5,504 -c--a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 21:45 49,664 -c--a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 21:35 58,880 -c--a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 20:52 40,840 -c--a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:51 294,912 -c--a-w C:\WINDOWS\system32\msh263.drv
2008-04-14 20:51 23,552 -c--a-w C:\WINDOWS\system32\wdmaud.drv
2008-04-14 20:50 4,096 -c--a-w C:\WINDOWS\system32\ksuser.dll
2008-04-14 00:27 41,472 -c--a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 00:27 40,576 -c--a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 00:27 34,560 -c--a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 00:27 20,864 -c--a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 00:27 152,832 -c--a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 00:27 14,336 -c--a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 00:27 10,112 -c--a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 00:26 69,120 -c--a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 00:26 35,072 -c--a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 00:26 34,688 -c--a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 00:26 30,592 -c--a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 00:26 12,800 -c--a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 00:24 11,264 -c--a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 00:15 59,520 -c--a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-14 00:15 36,864 -c--a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-04-14 00:15 30,208 -c--a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-04-14 00:15 24,960 -c--a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-04-14 00:15 20,608 -c--a-w C:\WINDOWS\system32\drivers\usbuhci.sys
2008-04-14 00:15 17,664 -c--a-w C:\WINDOWS\system32\watchdog.sys
2008-04-14 00:15 143,872 -c--a-w C:\WINDOWS\system32\drivers\usbport.sys
2008-04-14 00:15 10,368 -c--a-w C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-14 00:06 42,368 -c--a-w C:\WINDOWS\system32\drivers\AGP440.SYS
2008-04-14 00:03 129,792 -c--a-w C:\WINDOWS\system32\drivers\fltMgr.sys
2008-04-13 22:49 146,048 -c--a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:47 83,072 -c--a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:45 60,800 -c--a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:15 60,160 -c--a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 22:15 6,272 -c--a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 22:15 56,576 -c--a-w C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-13 22:15 52,864 -c--a-w C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-13 22:15 49,408 -c--a-w C:\WINDOWS\system32\drivers\stream.sys
2008-04-13 22:15 2,944 -c--a-w C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-13 22:15 172,416 -c--a-w C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-13 22:09 7,552 -c--a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-13 22:09 5,376 -c--a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-13 22:09 4,992 -c--a-w C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-13 22:02 196,224 -c--a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-13 20:09 142,592 -c--a-w C:\WINDOWS\system32\drivers\aec.sys
2008-03-31 21:25 682,496 -c--a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 -c--a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 20:28 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-02-28 15:38 972,072 -c--a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 -c--a-w C:\WINDOWS\UNRecode.exe
2008-02-18 14:04 95,600 -c--a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-08 16:37 219,664 -c--a-w C:\WINDOWS\system32\klogon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27 295424]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 00:51 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 15:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 15:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 15:07 86016]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 11:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 00:51 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24]
R2 PSI_SVC_2;Protexis Licensing V2;"C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 14:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 15:28]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 08:53:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2008-05-01 8:55:38
ComboFix-quarantined-files.txt 2008-05-01 06:55:36

Pre-Run: 4,780,310,528 bajtów wolnych
Post-Run: 4,759,691,264 bajtów wolnych

300

[wojtas]

C:\WINDOWS\SET3.tmp
C:\WINDOWS\SET8.tmp
C:\WINDOWS\SET4.tmp

skasuj te pliki w awaryjnym

byc moze byly juz na dysku te wirusy

[serenity15]

skasuj te pliki w awaryjnym

zaraz skasuje

byc moze byly juz na dysku te wirusy

Jak miałem wczoraj jeszcze Windowsa XP z SP2 były te same pliki zawirusowane
i jak stawiałem Windowsa SP3 to o dziwo juz tam były wiec mnie to zaszokowało.

[Okocza]

widocznie były na innej partycji i się same przekopiowały na tą partycję ;]