Siszyd32.exe, tm47, "utrata" połączenia, zawieszanie kompa

[huzar]

Witam, więc tak:
1. Od kilku dni na dzień dobry wyskakuje mi takie okienko:http://img705.imageshack.us/img705/9206/tm47.jpg
2. Co kilka minut komp porządnie się zawiesza, po czym zaczyna normalnie pracować
3. Zauważyłem proces o nazwie siszyd32.exe, wcześniej na pewno go nie miałem.
4. Podczas przeglądania stron WWW, co około 5 minut pojawia się komunikat, że strona nie może być wyświetlona, jakby nie było połączenia, choć ono cały czas jest aktywne. Po około minucie znowu wszystko wraca do normy.
Na dłuższą metę jest to porządnie wkurzające, więc proszę o pomoc.

Hijack:

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Użytkownik at 2009-12-22 22:49:59
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 28 GB (56%) free of 50 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:12, on 2009-12-22
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
E:\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Użytkownik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Użytkownik\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM47.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: siszyd32.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{84360280-D5E7-459D-A1DC-E5AD1569C82A}: NameServer = 83.238.255.76 213.241.79.37
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Menedżer Google Desktop 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8510 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]
CPrintEnhancer Object - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll [2006-12-15 599472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\Użytkownik\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll [2009-12-02 37376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2007-11-10 249856]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-11-06 917504]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"sysgif32"=C:\WINDOWS\TEMP\~TM47.tmp [2009-12-22 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"AutoConnect"=C:\Program Files\AutoConnect\AutoConnect.exe [2004-08-28 295424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2007-04-12 1661304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2009-12-03 289584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\NEOSTR~1\CnxMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\NEOSTR~1\Watch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Picture Package Menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Picture Package VCD Maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2004-07-08 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Użytkownik^Menu Start^Programy^Autostart^FIFA 10 Registration.lnk]
D:\PROGRA~1\EASPOR~1\FIFA10~1\Support\EAREGI~1.EXE [2009-09-09 4374800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2
"PnkBstrA"=2
"Apple Mobile Device"=2

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\Użytkownik\Menu Start\Programy\Autostart
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe
siszyd32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoVisualStyleChoice"=0
"NoColorChoice"=0
"NoSizeChoice"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000
"NoSMConfigurePrograms"=1
"NoChangeKeyboardNavigationIndicators"=0
"NoSharedDocuments"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\Program Files\EA SPORTS\FIFA 07\fifa07.exe"="C:\Program Files\EA SPORTS\FIFA 07\fifa07.exe:*:Enabled:fifa07"
"D:\Program Files\UT2004\System\UT2004.exe"="D:\Program Files\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"D:\dysk D\Wolfenstein - Enemy Territory\ET.exe"="D:\dysk D\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"D:\dysk e marlena\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\dysk e marlena\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\The All-Seeing Eye\eye.exe"="C:\Program Files\The All-Seeing Eye\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"D:\dysk c\Program Files\eMule\emule.exe"="D:\dysk c\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\Użytkownik\Pulpit\worms\WWP\wwp.exe"="C:\Documents and Settings\Użytkownik\Pulpit\worms\WWP\wwp.exe:*:Enabled:Worms World Party"
"D:\Program Files\Codemasters\DiRT Demo\DiRTDemo.exe"="D:\Program Files\Codemasters\DiRT Demo\DiRTDemo.exe:*:Enabled:DiRT Demo Executable"
"D:\dysk c\Program Files\BitComet\BitComet.exe"="D:\dysk c\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"D:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="D:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\QuakeIIIArena 1.32 + OSP\quake3.exe"="E:\QuakeIIIArena 1.32 + OSP\quake3.exe:*:Enabled:quake3"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"E:\Program Files\eMule\emule.exe"="E:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Program Files\TmUnitedForever\TmForever.exe"="D:\Program Files\TmUnitedForever\TmForever.exe:*:Enabled:TmForever"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"D:\Program Files\EA SPORTS\FIFA 09\FIFA09.exe"="D:\Program Files\EA SPORTS\FIFA 09\FIFA09.exe:*:Enabled:FIFA09"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Użytkownik\Ustawienia lokalne\Temp\init.exe"="C:\Documents and Settings\Użytkownik\Ustawienia lokalne\Temp\init.exe:*:Enabled:ENABLE"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"D:\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"E:\Call of Duty 2\CoD2MP_s.exe"="E:\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Documents and Settings\Użytkownik\Ustawienia lokalne\Temp\Rar$EX00.250\µTorrent v1.7.2\utorrent.exe"="C:\Documents and Settings\Użytkownik\Ustawienia lokalne\Temp\Rar$EX00.250\µTorrent v1.7.2\utorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="D:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"E:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="E:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Disabled:Football Manager 2010"
"D:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="D:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\WINDOWS\Temp\~TM47.tmp"="C:\WINDOWS\Temp\~TM47.tmp:*:Enabled:services"
"G:\Setup\Data\WolfMP.exe"="G:\Setup\Data\WolfMP.exe:*:Enabled:WolfMP"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30e1d436-a5d2-11dc-9668-4d6564696130}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{536a34f9-7b74-11dd-a15e-4d6564696130}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684e83c3-8e0c-11dc-95fd-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe
shell\Open(&O)\command - H:\Recycled\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684e83c4-8e0c-11dc-95fd-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(&0)\command - I:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684e83c5-8e0c-11dc-95fd-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(&0)\command - J:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{902736d0-12e6-11dd-97fa-4d6564696130}]
shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd38d476-713e-11de-8772-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL secgut.exe
shell\infected\command - H:\secgut.exe


======List of files/folders created in the last 1 months======

2009-12-22 22:49:59 ----D---- C:\rsit
2009-12-22 22:49:59 ----D---- C:\Program Files\trend micro
2009-12-21 16:44:17 ----A---- C:\WINDOWS\Rtcwplat.INI
2009-12-20 23:36:19 ----A---- C:\WINDOWS\rtcwgoty.INI
2009-12-19 19:45:26 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Norton
2009-12-19 19:45:24 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller
2009-12-13 21:26:11 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-11 15:15:28 ----D---- C:\Documents and Settings\Użytkownik\Dane aplikacji\Qrix
2009-12-11 14:58:29 ----D---- C:\Documents and Settings\Użytkownik\Dane aplikacji\.purple
2009-12-11 14:45:06 ----D---- C:\Program Files\Common Files\GTK
2009-12-11 14:17:24 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
2009-12-11 14:17:05 ----D---- C:\Documents and Settings\Użytkownik\Dane aplikacji\OpenFM
2009-12-11 14:11:15 ----D---- C:\Program Files\Gadu-Gadu 10
2009-12-11 14:09:06 ----D---- C:\WINDOWS\SxsCaPendDel
2009-12-11 14:08:31 ----D---- C:\Documents and Settings\Użytkownik\Dane aplikacji\Gadu-Gadu 10
2009-12-07 17:21:49 ----D---- C:\Program Files\English Translator 3
2009-12-07 16:46:05 ----A---- C:\WINDOWS\wininit.ini
2009-12-05 21:15:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive
2009-12-05 21:15:12 ----D---- C:\Documents and Settings\Użytkownik\Dane aplikacji\Sports Interactive
2009-12-05 21:06:08 ----HD---- C:\Program Files\Zero G Registry
2009-12-05 21:06:08 ----D---- C:\Program Files\Sports Interactive
2009-12-05 14:52:36 ----A---- C:\WINDOWS\kit.ini
2009-12-03 17:30:53 ----D---- C:\Program Files\uTorrent

======List of files/folders modified in the last 1 months======

2009-12-22 22:50:05 ----D---- C:\WINDOWS\Temp
2009-12-22 22:50:04 ----D---- C:\WINDOWS\Prefetch
2009-12-22 22:49:59 ----AD---- C:\Program Files
2009-12-22 22:19:37 ----D---- C:\Program Files\Mozilla Firefox
2009-12-22 22:05:15 ----D---- C:\Program Files\lg_fwupdate
2009-12-22 22:05:15 ----D---- C:\Program Files\AutoConnect
2009-12-22 22:05:14 ----A---- C:\WINDOWS\lgfwup.ini
2009-12-21 22:42:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-21 22:22:04 ----D---- C:\Documents and Settings\Użytkownik\Dane aplikacji\uTorrent
2009-12-21 20:52:50 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-21 17:05:56 ----D---- C:\WINDOWS
2009-12-21 17:04:18 ----D---- C:\WINDOWS\system32
2009-12-20 18:05:19 ----D---- C:\USDownloader
2009-12-20 13:49:02 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-12-19 19:46:49 ----D---- C:\WINDOWS\system32\drivers
2009-12-19 19:46:47 ----SD---- C:\WINDOWS\Tasks
2009-12-19 19:45:26 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2009-12-18 22:03:31 ----D---- C:\WINDOWS\system32\Adobe
2009-12-18 21:59:29 ----D---- C:\WINDOWS\system32\Macromed
2009-12-18 21:41:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-12 00:14:48 ----D---- C:\WINDOWS\system32\config
2009-12-11 22:55:44 ----SHD---- C:\WINDOWS\Installer
2009-12-11 22:55:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-11 22:55:40 ----D---- C:\Program Files\Lavasoft
2009-12-11 16:05:41 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-12-11 16:05:40 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-11 15:53:42 ----HD---- C:\WINDOWS\inf
2009-12-11 14:45:06 ----D---- C:\Program Files\Common Files
2009-12-11 14:09:17 ----D---- C:\WINDOWS\WinSxS
2009-12-11 14:09:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-08 21:39:50 ----SD---- C:\Documents and Settings\Użytkownik\Dane aplikacji\Microsoft
2009-12-07 18:35:04 ----D---- C:\WINDOWS\system32\DirectX
2009-12-07 18:34:35 ----RSD---- C:\WINDOWS\assembly
2009-12-07 17:34:41 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-12-07 17:34:40 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-12-07 17:28:35 ----D---- C:\WINDOWS\Debug
2009-12-06 14:04:16 ----SH---- C:\boot.ini
2009-12-06 14:04:16 ----A---- C:\WINDOWS\win.ini
2009-12-06 14:04:16 ----A---- C:\WINDOWS\system.ini
2009-11-26 15:48:55 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-11 5632]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 rspndr;Responder odnajdywania topologii warstwy łącza; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2004-03-02 127065]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-04 4258496]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S1 8730d070;8730d070; C:\WINDOWS\System32\drivers\8730d070.sys []
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 awm8t2jm;awm8t2jm; C:\WINDOWS\system32\drivers\awm8t2jm.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-05-06 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-05-06 24616]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 MSICPL;MSICPL; \??\F:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys []
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\UYTKOW~1\USTAWI~1\Temp\sony_ssm.sys []
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2003-03-25 13920]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-11-06 495616]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-07 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-20 214520]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-02-20 217088]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 GoogleDesktopManager-090808-172447;Menedżer Google Desktop 5.8.809.8522; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-01 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Usługa Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


OTL: http://wklej.org/id/243989/

[NieWiem]

W podanej kolejności:

Ortówrz systemowy notatnik i wklej do niego następującą zawartość:

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-602162358-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik => zapisz jako => wszystkie pliki => nazwa: fix.reg, ale zapisz bezpośrednio na dysku C:\ (ścieżka dostępu ma być C:\fix.reg).

• Pobierz narzędzie The Avenger:
  • wersja. *.exe
  • wersja *.zip
• Jeśli pobrałeś wersję *.zip, wypakuj ją na pulpicie.
• Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
• W głównym okienku programu wklej to, co poniżej w ramce:
  

  Files to delete:
  C:\WINDOWS\TEMP\~TM47.tmp
  C:\Documents and Settings\Użytkownik\Menu Start\Programy\Autostart\siszyd32.exe
  Registry values to delete:
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sysgif32
  HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list | C:\WINDOWS\Temp\~TM47.tmp
  Registry keys to delete:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}
  Programs to launch on reboot:
  regedit.exe /s C:\fix.reg
  C:\fix.reg

• Kliknij Execute.
• Komputer poprosi o potwierdzenie, wciśnij Yes.
• Pojawi się jeszcze jedno okienko z zapytaniem o restart komputera: zgódź się, ponieważ część operacji będzie wykonywana dopiero po restarcie.
• Komputer automatycznie wyświetli raport z wykonania podanych czynności. Należy go zapisać i wkleić w poście w tagach [code] lub na stronie http://www.wklej.org, a w poście podać odnośnik do niego.

Poszukaj w katalogu C:\WINDOWS\system32\drivers pliku o nazwie svchost.exe, przy czym interesuje mnie tylko w tym katalogu. Jeśli go znajdziesz, to wrzuć go na www.virscan.org i pokaż wyniki.

Wracasz z raportem z Avengera i nowym logiem z OTL.

[huzar]

Pojawia się błąd: "Error: Could not open RunOnce key to register cleanup. Aborting execution! (error 0: operacja ukończona pomyślnie.)"
I żaden raport się nie wyświetla, ani nie prosi o restart

[NieWiem]

• Przeczytaj uważnie instrukcję programu ComboFix, po czym wyłącz swój program antywirusowy, firewall i inne programy, które mogą zakłócać nawet pobieranie ComboFixa twierdząc, że jest wirusem. Nie jest! Spokojnie go ściągnij i zapisz na pulpicie.
• Pobierz:
  • LINK #1
  • LINK #2
• Pozamykaj wszystkie otwarte okna, komunikatory, programy. ComboFixowi nie powinno sie przeszkadzać.
• Uruchom program z dwukliku (VISTA: prawoklik i 'uruchom jako administrator').
• Pozwól mu spokojnie działać, nie klikaj ani nie stukaj w klawiaturę - to może spwodować zawieszenie się komputera.
• Zalecane jest też instalowanie konsoli odzyskiwania, jeśli ComboFix o nią poprosi. Dzięki niej można odrolować zmiany w przypadku pomyłki narzędzia.
• Jeśli będzie potrzeba - zgódź się na restart.
• Kiedy program skończy, wytworzy loga (będzie on także w pliku C:\ComboFix.txt), którego wklej w odpowiedzi, pamiętając o tagach [code] lub na http://www.wklej.org.

Autor postu otrzymał pochwałę

[huzar]

Kod: Zaznacz wszystko

ComboFix 09-12-25.02 - Użytkownik 2009-12-25  20:07:13.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1684 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Użytkownik\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Użytkownik\Pulpit\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: System Antywirusowy NOD32 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezydentny antywirus jest aktywny

.

(((((((((((((((((((((((((   Pliki utworzone od 2009-11-25 do 2009-12-25  )))))))))))))))))))))))))))))))
.

2009-12-25 18:51 . 2008-04-14 17:21   39424   -c--a-w-   c:\windows\system32\dllcache\grpconv.exe
2009-12-25 18:51 . 2008-04-14 17:21   39424   ----a-w-   c:\windows\system32\grpconv.exe
2009-12-22 21:49 . 2009-12-22 21:50   --------   d-----w-   C:\rsit
2009-12-22 21:49 . 2009-12-22 21:50   --------   d-----w-   c:\program files\trend micro
2009-12-19 18:45 . 2009-12-19 18:46   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Norton
2009-12-19 18:45 . 2009-12-19 18:45   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\NortonInstaller
2009-12-13 20:26 . 2009-12-25 19:09   704512   ----a-w-   c:\windows\system32\drivers\iyiovry.sys
2009-12-13 20:26 . 2009-12-19 18:40   142   ----a-w-   c:\windows\system32\fjhdyfhsn.bat
2009-12-11 13:45 . 2009-12-11 13:45   --------   d-----w-   c:\program files\Common Files\GTK
2009-12-11 13:17 . 2009-12-11 13:17   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-12-11 13:11 . 2009-12-11 14:30   --------   d-----w-   c:\program files\Gadu-Gadu 10
2009-12-11 13:09 . 2009-12-11 15:05   --------   d-----w-   c:\windows\SxsCaPendDel
2009-12-07 16:21 . 2009-12-21 16:09   --------   d-----w-   c:\program files\English Translator 3
2009-12-05 20:15 . 2009-12-05 20:15   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Sports Interactive
2009-12-05 20:06 . 2009-12-05 20:06   --------   d--h--w-   c:\program files\Zero G Registry
2009-12-05 20:06 . 2009-12-05 20:06   --------   d-----w-   c:\program files\Sports Interactive
2009-12-03 16:30 . 2009-12-03 16:30   --------   d-----w-   c:\program files\uTorrent

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 18:53 . 2008-01-12 11:45   --------   d-----w-   c:\program files\AutoConnect
2009-12-25 18:53 . 2007-11-06 15:58   --------   d-----w-   c:\program files\lg_fwupdate
2009-12-23 21:40 . 2007-11-15 18:15   137464   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2009-12-23 21:39 . 2007-11-15 18:15   214520   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-12-19 18:45 . 2007-11-06 10:04   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Symantec
2009-12-19 18:40 . 2009-12-19 18:40   16   ----a-w-   c:\documents and settings\LocalService\Dane aplikacji\fvgqad.dat
2009-12-14 17:53 . 2009-12-13 20:26   20   ----a-w-   c:\windows\system32\config\systemprofile\Dane aplikacji\fvgqad.dat
2009-12-11 21:55 . 2007-11-06 11:53   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-12-11 21:55 . 2009-08-10 10:54   --------   d-----w-   c:\program files\Lavasoft
2009-12-11 15:05 . 2007-11-06 15:51   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-12-07 16:34 . 2007-11-15 18:15   75064   ----a-w-   c:\windows\system32\PnkBstrA.exe
2009-12-07 16:34 . 2008-01-14 16:47   794408   ----a-w-   c:\windows\system32\pbsvc.exe
2009-11-21 14:07 . 2001-10-26 18:15   87386   ----a-w-   c:\windows\system32\perfc015.dat
2009-11-21 14:07 . 2001-10-26 18:15   494204   ----a-w-   c:\windows\system32\perfh015.dat
2009-11-15 21:27 . 2009-11-15 21:27   --------   d-----w-   c:\program files\Blender Foundation
2009-11-15 21:08 . 2008-10-01 16:05   --------   d-----w-   c:\program files\Google
2009-11-14 14:54 . 2008-01-14 18:00   --------   d-----w-   c:\program files\AGEIA Technologies
2009-11-14 14:54 . 2009-11-14 14:54   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-11-14 14:53 . 2009-11-14 14:53   --------   d-----w-   c:\program files\NVIDIA Corporation
2009-11-09 18:10 . 2009-11-09 18:09   --------   d-----w-   c:\program files\SystemRequirementsLab
2009-11-09 17:45 . 2007-11-28 19:02   --------   d-----w-   c:\program files\Sony Ericsson
2009-11-09 17:43 . 2009-08-11 12:56   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\PCStitch Pro
2009-10-21 12:56 . 2009-10-21 12:56   2232   ----a-w-   c:\windows\Java\Packages\Data\9NDFJ7LF.DAT
2009-10-21 12:56 . 2009-10-21 12:56   155995   ----a-w-   c:\windows\Java\Packages\QIK6Q1RV.ZIP
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\OLB3PZJT.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\E9BHBBHR.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\BZ53DB37.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\8XBVBNNX.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\3ZJRFX73.DAT
2009-10-21 12:50 . 2009-10-21 12:50   72704   ----a-w-   c:\windows\cadkasdeinst01e.exe
2009-09-27 17:19 . 2009-09-27 17:19   3674112   ----a-w-   c:\windows\system32\nvwssr.dll
2009-09-27 15:12 . 2009-09-27 15:12   2194024   ----a-w-   c:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12   1714792   ----a-w-   c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12   1604482   ----a-w-   c:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2008-10-29 11:26   490088   ----a-w-   c:\windows\system32\nvudisp.exe
2009-09-27 15:12 . 2008-10-07 12:33   888832   ----a-w-   c:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2008-10-07 12:33   2007040   ----a-w-   c:\windows\system32\nvcuda.dll
2009-09-27 15:12 . 2008-10-07 12:33   170600   ----a-w-   c:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2008-10-07 12:33   170600   ----a-w-   c:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2008-10-07 12:33   10756096   ----a-w-   c:\windows\system32\nvoglnt.dll
2009-09-27 15:12 . 2007-06-28 16:43   7655872   ----a-w-   c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2007-06-28 16:43   5900416   ----a-w-   c:\windows\system32\nv4_disp.dll
2008-10-01 16:05 . 2008-10-01 16:05   122880   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-12-25_18.53.14   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-25 19:05 . 2009-12-25 19:05   16384              c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2007-11-06 12:39 . 2009-08-06 18:24   44768              c:\windows\system32\wups2.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   35552              c:\windows\system32\wups.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   53472              c:\windows\system32\wuauclt.exe
+ 2009-12-25 18:54 . 2009-08-06 18:24   44768              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-12-25 18:54 . 2009-08-06 18:24   35552              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   35552              c:\windows\system32\dllcache\wups.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   53472              c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 00:43 . 2009-08-06 18:24   96480              c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 00:43 . 2009-08-06 18:24   96480              c:\windows\system32\cdm.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   209632              c:\windows\system32\wuweb.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   327896              c:\windows\system32\wucltui.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   575704              c:\windows\system32\wuapi.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   209632              c:\windows\system32\dllcache\wuweb.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   327896              c:\windows\system32\dllcache\wucltui.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   575704              c:\windows\system32\dllcache\wuapi.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   1929952              c:\windows\system32\wuaueng.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   1929952              c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2004-08-28 295424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-11-10 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-11-13 962661]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-13 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42   72208   ----a-w-   c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Użytkownik^Menu Start^Programy^Autostart^FIFA 10 Registration.lnk]
path=c:\documents and settings\Użytkownik\Menu Start\Programy\Autostart\FIFA 10 Registration.lnk
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 14:55   1057328   ----a-w-   c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-04-12 00:44   1661304   ----a-w-   c:\program files\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
2007-11-06 11:38   917504   ----a-w-   c:\program files\ESET\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-03 16:30   289584   ----a-w-   c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Użytkownik\\Pulpit\\worms\\WWP\\wwp.exe"=
"d:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"d:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9281:TCP"= 9281:TCP:BitComet 9281 TCP
"9281:UDP"= 9281:UDP:BitComet 9281 UDP
"8669:TCP"= 8669:TCP:BitComet 8669 TCP
"8669:UDP"= 8669:UDP:BitComet 8669 UDP

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-11-08 717296]
S1 8730d070;8730d070;c:\windows\system32\drivers\8730d070.sys --> c:\windows\system32\drivers\8730d070.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-05-06 13224]
S3 GoogleDesktopManager-090808-172447;Menedżer Google Desktop 5.8.809.8522;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-01 30192]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-11-28 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-11-28 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-11-28 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-11-28 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-11-28 98568]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - iyiovry

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
------- Skan uzupełniający -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\cykq99fa.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDARTS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dll
.
.
------- Skojarzenia plików -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************
skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iyiovry]

.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-2052111302-113007714-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95D4977A-C5A8-597B-7C6A-C01A1E2676B5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eabjdehbgd"=hex:66,61,6c,69,67,68,61,70,64,65,6f,61,00,31
"dakfelni"=hex:64,62,6e,68,65,69,64,63,67,64,6a,70,64,70,6c,6c,6b,70,68,67,6f,
   68,6a,63,66,69,61,65,68,67,67,6e,64,61,6e,6e,62,68,68,66,00,00
"iajhbnffehhcjhhfdl"=hex:69,61,6c,6d,63,6e,6a,66,67,65,65,6b,6d,6d,62,6b,65,62,
   00,00
"haddeokjklbaolcm"=hex:69,61,6c,6d,63,6e,6a,66,67,65,65,6b,6d,6d,62,6b,65,62,
   00,00

[HKEY_USERS\S-1-5-21-2052111302-113007714-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ae,90,71,f6,38,13,e8,86,cc,cb,eb,24,9a,5e,8a,76,c3,8e,7d,40,52,
   c5,60,97,7f,03,90,21,7f,36,a1,0c,fe,2d,47,09,55,1d,cb,ce,9f,b5,9f,77,c0,88,\
"rkeysecu"=hex:60,5c,c1,b6,db,0a,94,e7,8d,6c,4d,61,6a,30,2d,74

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C809C6A8AB77FBB94D5D813782A0B696766780DEAC91AF0EA6E842D40053181C2E28CA85C4F0AF68632F60672E00A02C812195E5A840309962971D54F23DBF5E019D737511949FAF4EA7DB9101B4ADEAD330A19DCE4044442C5237F3EB72FC02C3801B14DB1D404F6DC88F80343227954B1FA6A3E6DEAAF17ECA9840DCB4A3AB2C4FEA8066E41B4B55766B07760CED31775CF817AA89B8C6859798CC2FEC1C4225E8E1DD676FCC6C4C7AB3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA9C6AECB7A5D1407EB4985B4142B169143063CC17B65CAA55982BE12B322AD626FECCA2B78DFA6D505C0751934A06F289C7C26855276D8D3969BA19499EA162B165E9F951FB82BB2776CFD86BFC7D14C553FF1E0B10787ACA1DA59BBA31098A0496390BDE79B452E6E6EE0DA374276F52A38F8E57C197A6BE71CF7F2320FDCE5C76185035422496D97D8800CDD68F7ECDAC937405460B422D92B32B76A95F36E52338ED92B996D6B27B5E5A13942D750A9C8CF2C23C12232EC4B641CB40B4E042FA9DDC674054F74D37F3CB69611F9955EFD05FA135B8E5418B20BC73F06C342A806CA687F986BAA5626537E0444A80147A7C092967B2C94D90AC7737BD48D998B01516C5FBD2605EE0E9F3B54850D2F307511EADFA68FD23170626E9D764AD0A8C28E156993C8CB5F10B8451E2DBA8DEF8CA4126813B24124F8C11B1F9FFC7E58EC463B37E9FC1DEE775A893E4AA3DEDC86D1296BACF26A3B2875EE3D390B91F092DF49A8C6516AE705E507532022B951701266E91391A782F7AF7479DFBFC8D238E53F5DE43B7B19EADC54BF24F08A2F4A8192289AB3A90BD646CA1964493A5DDB06AFBDAF1067D4D2E797AB81328ED98ADF892DC9E273682732A2244B3A4DF86B94C172C98D1EF2D8D48D0116E859B79914BD465C0E5E353E9243674B89C00DC888B2EA8951DF4D8B918770F5FD5135D32635824204150C662887F5548FA3074C7C4F59F6DFC3C170B1686BE5BD31C18B4308379E7C970F5ED9DBA4030DDB5AC0AD7B32509F333400EE2AAA62D887D005BB64FA498EB9E2D631450B2FA222FB6502AF3086DC6A8AA32457291863B85B78058BABCD3AA32FF65B57085ED782E46C7E755340C5FC30BD5011A4E955F85B14B751E86B5ED0A0572BBDBCD016DE937D4F6E5B56EECF93A1988B226E0CD45079902096154290690896B68C732DE90A33C1CB50D6509DA618458F6771472BBF3CF075DBF30F083C0A371321ECCEAECB1D49557B02C3F3DFDB417800EFACAC3066DD62A762512DD3D3CA3CE8169188653EFCE5E94E8833BA1D1DB6BA9CC263AC73800B276FF9CBEACE332915F8ED29E18C186E6F664412B6000CCEAB"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Czas ukończenia: 2009-12-25  20:10:02
ComboFix-quarantined-files.txt  2009-12-25 19:10
ComboFix2.txt  2009-12-25 18:55

Przed: 29 299 044 352 bajtów wolnych
Po: 29 262 831 616 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6B0BE632B1F55B2F7A2782CE1D127D41


[wojtas]

jest rookit

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\drivers\iyiovry.sys
c:\windows\system32\fjhdyfhsn.bat
c:\documents and settings\LocalService\Dane aplikacji\fvgqad.dat
c:\windows\system32\config\systemprofile\Dane aplikacji\fvgqad.dat
c:\windows\system32\drivers\8730d070.sys

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iyiovry]

Driver::
iyiovry
8730d070

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Rozpocznie się usuwanie i powstanie log daj go.

[huzar]

Kod: Zaznacz wszystko

ComboFix 09-12-25.02 - Użytkownik 2009-12-26  22:48:03.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1688 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Użytkownik\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Użytkownik\Pulpit\CFScript.txt
AV: System Antywirusowy NOD32 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezydentny antywirus jest aktywny


FILE ::
"c:\documents and settings\LocalService\Dane aplikacji\fvgqad.dat"
"c:\windows\system32\config\systemprofile\Dane aplikacji\fvgqad.dat"
"c:\windows\system32\drivers\8730d070.sys"
"c:\windows\system32\drivers\iyiovry.sys"
"c:\windows\system32\fjhdyfhsn.bat"
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Dane aplikacji\fvgqad.dat
c:\windows\system32\config\systemprofile\Dane aplikacji\fvgqad.dat
c:\windows\system32\drivers\iyiovry.sys
c:\windows\system32\fjhdyfhsn.bat

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IYIOVRY
-------\Service_8730d070
-------\Service_iyiovry


(((((((((((((((((((((((((   Pliki utworzone od 2009-11-26 do 2009-12-26  )))))))))))))))))))))))))))))))
.

2009-12-25 18:51 . 2008-04-14 17:21   39424   -c--a-w-   c:\windows\system32\dllcache\grpconv.exe
2009-12-25 18:51 . 2008-04-14 17:21   39424   ----a-w-   c:\windows\system32\grpconv.exe
2009-12-22 21:49 . 2009-12-22 21:50   --------   d-----w-   C:\rsit
2009-12-22 21:49 . 2009-12-22 21:50   --------   d-----w-   c:\program files\trend micro
2009-12-19 18:45 . 2009-12-19 18:46   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Norton
2009-12-19 18:45 . 2009-12-19 18:45   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\NortonInstaller
2009-12-11 13:45 . 2009-12-11 13:45   --------   d-----w-   c:\program files\Common Files\GTK
2009-12-11 13:17 . 2009-12-11 13:17   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-12-11 13:11 . 2009-12-11 14:30   --------   d-----w-   c:\program files\Gadu-Gadu 10
2009-12-11 13:09 . 2009-12-11 15:05   --------   d-----w-   c:\windows\SxsCaPendDel
2009-12-07 16:21 . 2009-12-21 16:09   --------   d-----w-   c:\program files\English Translator 3
2009-12-05 20:15 . 2009-12-05 20:15   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Sports Interactive
2009-12-05 20:06 . 2009-12-05 20:06   --------   d--h--w-   c:\program files\Zero G Registry
2009-12-05 20:06 . 2009-12-05 20:06   --------   d-----w-   c:\program files\Sports Interactive
2009-12-03 16:30 . 2009-12-03 16:30   --------   d-----w-   c:\program files\uTorrent

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 21:52 . 2008-01-12 11:45   --------   d-----w-   c:\program files\AutoConnect
2009-12-26 21:52 . 2007-11-06 15:58   --------   d-----w-   c:\program files\lg_fwupdate
2009-12-25 19:17 . 2007-11-15 18:15   137464   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2009-12-25 19:17 . 2007-11-15 18:15   214520   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-12-19 18:45 . 2007-11-06 10:04   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Symantec
2009-12-11 21:55 . 2007-11-06 11:53   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-12-11 21:55 . 2009-08-10 10:54   --------   d-----w-   c:\program files\Lavasoft
2009-12-11 15:05 . 2007-11-06 15:51   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-12-07 16:34 . 2007-11-15 18:15   75064   ----a-w-   c:\windows\system32\PnkBstrA.exe
2009-12-07 16:34 . 2008-01-14 16:47   794408   ----a-w-   c:\windows\system32\pbsvc.exe
2009-11-21 14:07 . 2001-10-26 18:15   87386   ----a-w-   c:\windows\system32\perfc015.dat
2009-11-21 14:07 . 2001-10-26 18:15   494204   ----a-w-   c:\windows\system32\perfh015.dat
2009-11-15 21:27 . 2009-11-15 21:27   --------   d-----w-   c:\program files\Blender Foundation
2009-11-15 21:08 . 2008-10-01 16:05   --------   d-----w-   c:\program files\Google
2009-11-14 14:54 . 2008-01-14 18:00   --------   d-----w-   c:\program files\AGEIA Technologies
2009-11-14 14:54 . 2009-11-14 14:54   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-11-14 14:53 . 2009-11-14 14:53   --------   d-----w-   c:\program files\NVIDIA Corporation
2009-11-09 18:10 . 2009-11-09 18:09   --------   d-----w-   c:\program files\SystemRequirementsLab
2009-11-09 17:45 . 2007-11-28 19:02   --------   d-----w-   c:\program files\Sony Ericsson
2009-11-09 17:43 . 2009-08-11 12:56   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\PCStitch Pro
2009-10-21 12:56 . 2009-10-21 12:56   2232   ----a-w-   c:\windows\Java\Packages\Data\9NDFJ7LF.DAT
2009-10-21 12:56 . 2009-10-21 12:56   155995   ----a-w-   c:\windows\Java\Packages\QIK6Q1RV.ZIP
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\OLB3PZJT.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\E9BHBBHR.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\BZ53DB37.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\8XBVBNNX.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\3ZJRFX73.DAT
2009-10-21 12:50 . 2009-10-21 12:50   72704   ----a-w-   c:\windows\cadkasdeinst01e.exe
2008-10-01 16:05 . 2008-10-01 16:05   122880   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-12-25_18.53.14   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-26 21:52 . 2009-12-26 21:52   16384              c:\windows\Temp\Perflib_Perfdata_174.dat
+ 2007-11-06 12:39 . 2009-08-06 18:24   44768              c:\windows\system32\wups2.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   35552              c:\windows\system32\wups.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   53472              c:\windows\system32\wuauclt.exe
+ 2009-12-25 18:54 . 2009-08-06 18:24   44768              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-12-25 18:54 . 2009-08-06 18:24   35552              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   35552              c:\windows\system32\dllcache\wups.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   53472              c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 00:43 . 2009-08-06 18:24   96480              c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 00:43 . 2009-08-06 18:24   96480              c:\windows\system32\cdm.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   209632              c:\windows\system32\wuweb.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   327896              c:\windows\system32\wucltui.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   575704              c:\windows\system32\wuapi.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   209632              c:\windows\system32\dllcache\wuweb.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   327896              c:\windows\system32\dllcache\wucltui.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   575704              c:\windows\system32\dllcache\wuapi.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   1929952              c:\windows\system32\wuaueng.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   1929952              c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2004-08-28 295424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-11-10 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-11-13 962661]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-13 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42   72208   ----a-w-   c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Użytkownik^Menu Start^Programy^Autostart^FIFA 10 Registration.lnk]
path=c:\documents and settings\Użytkownik\Menu Start\Programy\Autostart\FIFA 10 Registration.lnk
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 14:55   1057328   ----a-w-   c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-04-12 00:44   1661304   ----a-w-   c:\program files\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
2007-11-06 11:38   917504   ----a-w-   c:\program files\ESET\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-03 16:30   289584   ----a-w-   c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Użytkownik\\Pulpit\\worms\\WWP\\wwp.exe"=
"d:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"d:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9281:TCP"= 9281:TCP:BitComet 9281 TCP
"9281:UDP"= 9281:UDP:BitComet 9281 UDP
"8669:TCP"= 8669:TCP:BitComet 8669 TCP
"8669:UDP"= 8669:UDP:BitComet 8669 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-11-08 717296]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-05-06 13224]
S3 GoogleDesktopManager-090808-172447;Menedżer Google Desktop 5.8.809.8522;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-01 30192]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-11-28 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-11-28 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-11-28 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-11-28 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-11-28 98568]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
------- Skan uzupełniający -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {84360280-D5E7-459D-A1DC-E5AD1569C82A} = 83.238.255.76 213.241.79.37
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\cykq99fa.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDARTS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 22:52
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 


c:\documents and settings\Użytkownik\Menu Start\Programy\Autostart\siszyd32.exe 23040 bytes executable

skanowanie pomyślnie ukończone
ukryte pliki: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spsp.sys >>UNKNOWN [0x8A04D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf766bf28
\Driver\ACPI -> ACPI.sys @ 0xf7495cb8
\Driver\atapi -> sfsync02.sys @ 0xf76388b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb8672bb0
PacketIndicateHandler -> NDIS.sys @ 0xb8661a0d
SendHandler -> NDIS.sys @ 0xb8675b40
user & kernel MBR OK
malicious code @ sector 0x2e937cc1 size 0x1e4 !
copy of MBR has been found in sector 62 !
PE file found in sector at 0x02E937CC1 !

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-2052111302-113007714-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95D4977A-C5A8-597B-7C6A-C01A1E2676B5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eabjdehbgd"=hex:66,61,6c,69,67,68,61,70,64,65,6f,61,00,31
"dakfelni"=hex:64,62,6e,68,65,69,64,63,67,64,6a,70,64,70,6c,6c,6b,70,68,67,6f,
   68,6a,63,66,69,61,65,68,67,67,6e,64,61,6e,6e,62,68,68,66,00,00
"iajhbnffehhcjhhfdl"=hex:69,61,6c,6d,63,6e,6a,66,67,65,65,6b,6d,6d,62,6b,65,62,
   00,00
"haddeokjklbaolcm"=hex:69,61,6c,6d,63,6e,6a,66,67,65,65,6b,6d,6d,62,6b,65,62,
   00,00

[HKEY_USERS\S-1-5-21-2052111302-113007714-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ae,90,71,f6,38,13,e8,86,cc,cb,eb,24,9a,5e,8a,76,c3,8e,7d,40,52,
   c5,60,97,7f,03,90,21,7f,36,a1,0c,fe,2d,47,09,55,1d,cb,ce,9f,b5,9f,77,c0,88,\
"rkeysecu"=hex:60,5c,c1,b6,db,0a,94,e7,8d,6c,4d,61,6a,30,2d,74

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C809C6A8AB77FBB94D5D813782A0B696766780DEAC91AF0EA6E842D40053181C2E28CA85C4F0AF68632F60672E00A02C812195E5A840309962971D54F23DBF5E019D737511949FAF4EA7DB9101B4ADEAD330A19DCE4044442C5237F3EB72FC02C3801B14DB1D404F6DC88F80343227954B1FA6A3E6DEAAF17ECA9840DCB4A3AB2C4FEA8066E41B4B55766B07760CED31775CF817AA89B8C6859798CC2FEC1C4225E8E1DD676FCC6C4C7AB3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA9C6AECB7A5D1407EB4985B4142B169143063CC17B65CAA55982BE12B322AD626FECCA2B78DFA6D505C0751934A06F289C7C26855276D8D3969BA19499EA162B165E9F951FB82BB2776CFD86BFC7D14C553FF1E0B10787ACA1DA59BBA31098A0496390BDE79B452E6E6EE0DA374276F52A38F8E57C197A6BE71CF7F2320FDCE5C76185035422496D97D8800CDD68F7ECDAC937405460B422D92B32B76A95F36E52338ED92B996D6B27B5E5A13942D750A9C8CF2C23C12232EC4B641CB40B4E042FA9DDC674054F74D37F3CB69611F9955EFD05FA135B8E5418B20BC73F06C342A806CA687F986BAA5626537E0444A80147A7C092967B2C94D90AC7737BD48D998B01516C5FBD2605EE0E9F3B54850D2F307511EADFA68FD23170626E9D764AD0A8C28E156993C8CB5F10B8451E2DBA8DEF8CA4126813B24124F8C11B1F9FFC7E58EC463B37E9FC1DEE775A893E4AA3DEDC86D1296BACF26A3B2875EE3D390B91F092DF49A8C6516AE705E507532022B951701266E91391A782F7AF7479DFBFC8D238E53F5DE43B7B19EADC54BF24F08A2F4A8192289AB3A90BD646CA1964493A5DDB06AFBDAF1067D4D2E797AB81328ED98ADF892DC9E273682732A2244B3A4DF86B94C172C98D1EF2D8D48D0116E859B79914BD465C0E5E353E9243674B89C00DC888B2EA8951DF4D8B918770F5FD5135D32635824204150C662887F5548FA3074C7C4F59F6DFC3C170B1686BE5BD31C18B4308379E7C970F5ED9DBA4030DDB5AC0AD7B32509F333400EE2AAA62D887D005BB64FA498EB9E2D631450B2FA222FB6502AF3086DC6A8AA32457291863B85B78058BABCD3AA32FF65B57085ED782E46C7E755340C5FC30BD5011A4E955F85B14B751E86B5ED0A0572BBDBCD016DE937D4F6E5B56EECF93A1988B226E0CD45079902096154290690896B68C732DE90A33C1CB50D6509DA618458F6771472BBF3CF075DBF30F083C0A371321ECCEAECB1D49557B02C3F3DFDB417800EFACAC3066DD62A762512DD3D3CA3CE8169188653EFCE5E94E8833BA1D1DB6BA9CC263AC73800B276FF9CBEACE332915F8ED29E18C186E6F664412B6000CCEAB"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(488)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\UAService7.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Czas ukończenia: 2009-12-26  22:54:21 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-12-26 21:54
ComboFix2.txt  2009-12-25 19:10
ComboFix3.txt  2009-12-25 18:55

Przed: 29 281 742 848 bajtów wolnych
Po: 29 242 482 688 bajtów wolnych

- - End Of File - - EA33776EC36BA030DB91403AD8CE80EF


Edit: System pyta czy nadal ma blokować "TM2D" ?

[wojtas]

usuń wszystkie programy od wirtualnych napędów wg tego i potem wklej do notatnika:

File::
c:\documents and settings\Użytkownik\Menu Start\Programy\Autostart\siszyd32.exe

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Rozpocznie się usuwanie i powstanie log daj go.

[huzar]

Kod: Zaznacz wszystko

ComboFix 09-12-25.02 - Użytkownik 2009-12-27  20:54:05.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1629 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Użytkownik\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Użytkownik\Pulpit\CFScript.txt
AV: System Antywirusowy NOD32 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezydentny antywirus jest aktywny


FILE ::
"c:\documents and settings\Użytkownik\Menu Start\Programy\Autostart\siszyd32.exe"
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Użytkownik\Menu Start\Programy\Autostart\siszyd32.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-11-27 do 2009-12-27  )))))))))))))))))))))))))))))))
.

2009-12-26 21:56 . 2008-04-13 19:40   34688   -c--a-w-   c:\windows\system32\dllcache\lbrtfdc.sys
2009-12-26 21:56 . 2008-04-13 19:40   34688   ----a-w-   c:\windows\system32\drivers\lbrtfdc.sys
2009-12-26 21:56 . 2008-04-13 19:41   8576   -c--a-w-   c:\windows\system32\dllcache\i2omgmt.sys
2009-12-26 21:56 . 2008-04-13 19:41   8576   ----a-w-   c:\windows\system32\drivers\i2omgmt.sys
2009-12-26 21:56 . 2008-04-13 19:40   8192   -c--a-w-   c:\windows\system32\dllcache\changer.sys
2009-12-26 21:56 . 2008-04-13 19:40   8192   ----a-w-   c:\windows\system32\drivers\changer.sys
2009-12-26 21:55 . 2009-12-26 21:55   116   ----a-w-   c:\windows\system32\fjhdyfhsn.bat
2009-12-25 18:51 . 2008-04-14 17:21   39424   -c--a-w-   c:\windows\system32\dllcache\grpconv.exe
2009-12-25 18:51 . 2008-04-14 17:21   39424   ----a-w-   c:\windows\system32\grpconv.exe
2009-12-22 21:49 . 2009-12-22 21:50   --------   d-----w-   C:\rsit
2009-12-22 21:49 . 2009-12-22 21:50   --------   d-----w-   c:\program files\trend micro
2009-12-19 18:45 . 2009-12-19 18:46   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Norton
2009-12-19 18:45 . 2009-12-19 18:45   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\NortonInstaller
2009-12-11 13:45 . 2009-12-11 13:45   --------   d-----w-   c:\program files\Common Files\GTK
2009-12-11 13:17 . 2009-12-11 13:17   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-12-11 13:11 . 2009-12-11 14:30   --------   d-----w-   c:\program files\Gadu-Gadu 10
2009-12-11 13:09 . 2009-12-11 15:05   --------   d-----w-   c:\windows\SxsCaPendDel
2009-12-07 16:21 . 2009-12-21 16:09   --------   d-----w-   c:\program files\English Translator 3
2009-12-05 20:15 . 2009-12-05 20:15   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Sports Interactive
2009-12-05 20:06 . 2009-12-05 20:06   --------   d--h--w-   c:\program files\Zero G Registry
2009-12-05 20:06 . 2009-12-05 20:06   --------   d-----w-   c:\program files\Sports Interactive
2009-12-03 16:30 . 2009-12-03 16:30   --------   d-----w-   c:\program files\uTorrent

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 19:58 . 2007-11-06 15:58   --------   d-----w-   c:\program files\lg_fwupdate
2009-12-27 19:58 . 2008-01-12 11:45   --------   d-----w-   c:\program files\AutoConnect
2009-12-27 19:42 . 2007-11-15 18:15   214520   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-12-27 19:35 . 2007-11-15 18:15   137464   ----a-w-   c:\windows\system32\drivers\pnkbstrk.sys
2009-12-26 23:48 . 2009-05-29 14:15   --------   d-----w-   c:\program files\QuickMediaConverter
2009-12-26 21:55 . 2009-12-26 21:55   16   ----a-w-   c:\windows\system32\config\systemprofile\Dane aplikacji\fvgqad.dat
2009-12-19 18:45 . 2007-11-06 10:04   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Symantec
2009-12-11 21:55 . 2007-11-06 11:53   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-12-11 21:55 . 2009-08-10 10:54   --------   d-----w-   c:\program files\Lavasoft
2009-12-11 15:05 . 2007-11-06 15:51   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-12-07 16:34 . 2007-11-15 18:15   75064   ----a-w-   c:\windows\system32\PnkBstrA.exe
2009-12-07 16:34 . 2008-01-14 16:47   794408   ----a-w-   c:\windows\system32\pbsvc.exe
2009-11-21 14:07 . 2001-10-26 18:15   87386   ----a-w-   c:\windows\system32\perfc015.dat
2009-11-21 14:07 . 2001-10-26 18:15   494204   ----a-w-   c:\windows\system32\perfh015.dat
2009-11-15 21:27 . 2009-11-15 21:27   --------   d-----w-   c:\program files\Blender Foundation
2009-11-15 21:08 . 2008-10-01 16:05   --------   d-----w-   c:\program files\Google
2009-11-14 14:54 . 2008-01-14 18:00   --------   d-----w-   c:\program files\AGEIA Technologies
2009-11-14 14:54 . 2009-11-14 14:54   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-11-14 14:53 . 2009-11-14 14:53   --------   d-----w-   c:\program files\NVIDIA Corporation
2009-11-09 18:10 . 2009-11-09 18:09   --------   d-----w-   c:\program files\SystemRequirementsLab
2009-11-09 17:45 . 2007-11-28 19:02   --------   d-----w-   c:\program files\Sony Ericsson
2009-11-09 17:43 . 2009-08-11 12:56   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\PCStitch Pro
2009-10-21 12:56 . 2009-10-21 12:56   2232   ----a-w-   c:\windows\Java\Packages\Data\9NDFJ7LF.DAT
2009-10-21 12:56 . 2009-10-21 12:56   155995   ----a-w-   c:\windows\Java\Packages\QIK6Q1RV.ZIP
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\OLB3PZJT.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\E9BHBBHR.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\BZ53DB37.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\8XBVBNNX.DAT
2009-10-21 12:56 . 2009-10-21 12:56   2678   ----a-w-   c:\windows\Java\Packages\Data\3ZJRFX73.DAT
2009-10-21 12:50 . 2009-10-21 12:50   72704   ----a-w-   c:\windows\cadkasdeinst01e.exe
2008-10-01 16:05 . 2008-10-01 16:05   122880   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-12-25_18.53.14   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-27 19:58 . 2009-12-27 19:58   16384              c:\windows\Temp\Perflib_Perfdata_214.dat
+ 2007-11-06 12:39 . 2009-08-06 18:24   44768              c:\windows\system32\wups2.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   35552              c:\windows\system32\wups.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   53472              c:\windows\system32\wuauclt.exe
+ 2009-12-25 18:54 . 2009-08-06 18:24   44768              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-12-25 18:54 . 2009-08-06 18:24   35552              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   35552              c:\windows\system32\dllcache\wups.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   53472              c:\windows\system32\dllcache\wuauclt.exe
+ 2007-11-06 14:46 . 2008-04-13 18:45   26368              c:\windows\system32\dllcache\usbstor.sys
+ 2007-12-09 17:47 . 2008-04-13 18:45   15104              c:\windows\system32\dllcache\usbscan.sys
+ 2007-12-08 15:20 . 2008-04-13 18:47   25856              c:\windows\system32\dllcache\usbprint.sys
+ 2007-11-06 14:09 . 2008-04-14 17:22   21896              c:\windows\system32\dllcache\tdtcp.sys
+ 2007-11-06 14:09 . 2008-04-14 17:22   12040              c:\windows\system32\dllcache\tdpipe.sys
+ 2007-11-06 15:52 . 2008-04-13 18:45   56576              c:\windows\system32\dllcache\swmidi.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40   11392              c:\windows\system32\dllcache\sfloppy.sys
+ 2004-08-04 00:34 . 2008-04-14 16:33   80256              c:\windows\system32\dllcache\parport.sys
+ 2004-08-04 00:34 . 2008-04-14 15:54   30208              c:\windows\system32\dllcache\modem.sys
+ 2007-11-06 15:04 . 2008-04-13 18:54   11264              c:\windows\system32\dllcache\irenum.sys
+ 2004-08-03 23:04 . 2008-04-13 18:57   20864              c:\windows\system32\dllcache\ipinip.sys
+ 2004-08-03 23:00 . 2008-04-13 18:53   36608              c:\windows\system32\dllcache\ip6fw.sys
+ 2004-08-04 00:36 . 2008-04-14 16:11   53248              c:\windows\system32\dllcache\i8042prt.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40   20480              c:\windows\system32\dllcache\flpydisk.sys
+ 2004-08-03 22:59 . 2008-04-13 18:40   27392              c:\windows\system32\dllcache\fdc.sys
+ 2007-11-06 15:52 . 2008-04-13 18:45   52864              c:\windows\system32\dllcache\dmusic.sys
+ 2004-08-04 00:43 . 2009-08-06 18:24   96480              c:\windows\system32\dllcache\cdm.dll
+ 2001-08-17 21:52 . 2001-10-26 20:03   18688              c:\windows\system32\dllcache\cdaudio.sys
+ 2004-08-03 22:58 . 2008-04-13 18:51   59904              c:\windows\system32\dllcache\atmarpc.sys
+ 2004-08-03 23:05 . 2008-04-13 18:57   14336              c:\windows\system32\dllcache\asyncmac.sys
- 2007-11-06 14:23 . 2009-12-13 20:26   32768              c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-06 14:23 . 2009-12-26 21:55   32768              c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-06 14:23 . 2009-12-13 20:26   32768              c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2007-11-06 14:23 . 2009-12-26 21:55   32768              c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2009-12-26 21:55 . 2009-12-26 21:55   16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-11-06 14:23 . 2009-12-13 20:26   16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 00:43 . 2009-08-06 18:24   96480              c:\windows\system32\cdm.dll
+ 2007-11-06 15:53 . 2008-04-13 18:45   6272              c:\windows\system32\dllcache\splitter.sys
+ 2007-11-06 15:52 . 2008-04-13 18:39   4992              c:\windows\system32\dllcache\mspqm.sys
+ 2007-11-06 15:52 . 2008-04-13 18:39   5376              c:\windows\system32\dllcache\mspclock.sys
+ 2007-11-06 15:52 . 2008-04-13 18:39   7552              c:\windows\system32\dllcache\mskssrv.sys
+ 2007-11-06 15:52 . 2008-04-13 18:45   2944              c:\windows\system32\dllcache\drmkaud.sys
+ 2007-11-06 14:11 . 2009-08-06 18:24   209632              c:\windows\system32\wuweb.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   327896              c:\windows\system32\wucltui.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   575704              c:\windows\system32\wuapi.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   209632              c:\windows\system32\dllcache\wuweb.dll
+ 2007-11-06 14:11 . 2009-08-06 18:24   327896              c:\windows\system32\dllcache\wucltui.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   575704              c:\windows\system32\dllcache\wuapi.dll
+ 2007-11-06 14:09 . 2008-04-14 17:22   139656              c:\windows\system32\dllcache\rdpwd.sys
+ 2007-11-06 15:52 . 2008-04-13 18:45   172416              c:\windows\system32\dllcache\kmixer.sys
+ 2004-08-03 23:00 . 2008-04-13 18:53   264832              c:\windows\system32\dllcache\http.sys
+ 2007-11-06 15:52 . 2008-04-13 16:39   142592              c:\windows\system32\dllcache\aec.sys
+ 2007-11-06 14:11 . 2009-08-06 18:23   1929952              c:\windows\system32\wuaueng.dll
+ 2007-11-06 14:11 . 2009-08-06 18:23   1929952              c:\windows\system32\dllcache\wuaueng.dll
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2004-08-28 295424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-11-10 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-11-13 962661]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-13 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42   72208   ----a-w-   c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Użytkownik^Menu Start^Programy^Autostart^FIFA 10 Registration.lnk]
path=c:\documents and settings\Użytkownik\Menu Start\Programy\Autostart\FIFA 10 Registration.lnk
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 14:55   1057328   ----a-w-   c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-04-12 00:44   1661304   ----a-w-   c:\program files\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
2007-11-06 11:38   917504   ----a-w-   c:\program files\ESET\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-03 16:30   289584   ----a-w-   c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Użytkownik\\Pulpit\\worms\\WWP\\wwp.exe"=
"d:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"d:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9281:TCP"= 9281:TCP:BitComet 9281 TCP
"9281:UDP"= 9281:UDP:BitComet 9281 UDP
"8669:TCP"= 8669:TCP:BitComet 8669 TCP
"8669:UDP"= 8669:UDP:BitComet 8669 UDP

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-05-06 13224]
S3 GoogleDesktopManager-090808-172447;Menedżer Google Desktop 5.8.809.8522;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-01 30192]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-11-28 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-11-28 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-11-28 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-11-28 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-11-28 98568]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
------- Skan uzupełniający -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {84360280-D5E7-459D-A1DC-E5AD1569C82A} = 83.238.255.76 213.241.79.37
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Użytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\cykq99fa.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDARTS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 20:58
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-2052111302-113007714-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95D4977A-C5A8-597B-7C6A-C01A1E2676B5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eabjdehbgd"=hex:66,61,6c,69,67,68,61,70,64,65,6f,61,00,31
"dakfelni"=hex:64,62,6e,68,65,69,64,63,67,64,6a,70,64,70,6c,6c,6b,70,68,67,6f,
   68,6a,63,66,69,61,65,68,67,67,6e,64,61,6e,6e,62,68,68,66,00,00
"iajhbnffehhcjhhfdl"=hex:69,61,6c,6d,63,6e,6a,66,67,65,65,6b,6d,6d,62,6b,65,62,
   00,00
"haddeokjklbaolcm"=hex:69,61,6c,6d,63,6e,6a,66,67,65,65,6b,6d,6d,62,6b,65,62,
   00,00

[HKEY_USERS\S-1-5-21-2052111302-113007714-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ae,90,71,f6,38,13,e8,86,cc,cb,eb,24,9a,5e,8a,76,c3,8e,7d,40,52,
   c5,60,97,7f,03,90,21,7f,36,a1,0c,fe,2d,47,09,55,1d,cb,ce,9f,b5,9f,77,c0,88,\
"rkeysecu"=hex:60,5c,c1,b6,db,0a,94,e7,8d,6c,4d,61,6a,30,2d,74

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C809C6A8AB77FBB94D5D813782A0B696766780DEAC91AF0EA6E842D40053181C2E28CA85C4F0AF68632F60672E00A02C812195E5A840309962971D54F23DBF5E019D737511949FAF4EA7DB9101B4ADEAD330A19DCE4044442C5237F3EB72FC02C3801B14DB1D404F6DC88F80343227954B1FA6A3E6DEAAF17ECA9840DCB4A3AB2C4FEA8066E41B4B55766B07760CED31775CF817AA89B8C6859798CC2FEC1C4225E8E1DD676FCC6C4C7AB3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA9C6AECB7A5D1407EB4985B4142B169143063CC17B65CAA55982BE12B322AD626FECCA2B78DFA6D505C0751934A06F289C7C26855276D8D3969BA19499EA162B165E9F951FB82BB2776CFD86BFC7D14C553FF1E0B10787ACA1DA59BBA31098A0496390BDE79B452E6E6EE0DA374276F52A38F8E57C197A6BE71CF7F2320FDCE5C76185035422496D97D8800CDD68F7ECDAC937405460B422D92B32B76A95F36E52338ED92B996D6B27B5E5A13942D750A9C8CF2C23C12232EC4B641CB40B4E042FA9DDC674054F74D37F3CB69611F9955EFD05FA135B8E5418B20BC73F06C342A806CA687F986BAA5626537E0444A80147A7C092967B2C94D90AC7737BD48D998B01516C5FBD2605EE0E9F3B54850D2F307511EADFA68FD23170626E9D764AD0A8C28E156993C8CB5F10B8451E2DBA8DEF8CA4126813B24124F8C11B1F9FFC7E58EC463B37E9FC1DEE775A893E4AA3DEDC86D1296BACF26A3B2875EE3D390B91F092DF49A8C6516AE705E507532022B951701266E91391A782F7AF7479DFBFC8D238E53F5DE43B7B19EADC54BF24F08A2F4A8192289AB3A90BD646CA1964493A5DDB06AFBDAF1067D4D2E797AB81328ED98ADF892DC9E273682732A2244B3A4DF86B94C172C98D1EF2D8D48D0116E859B79914BD465C0E5E353E9243674B89C00DC888B2EA8951DF4D8B918770F5FD5135D32635824204150C662887F5548FA3074C7C4F59F6DFC3C170B1686BE5BD31C18B4308379E7C970F5ED9DBA4030DDB5AC0AD7B32509F333400EE2AAA62D887D005BB64FA498EB9E2D631450B2FA222FB6502AF3086DC6A8AA32457291863B85B78058BABCD3AA32FF65B57085ED782E46C7E755340C5FC30BD5011A4E955F85B14B751E86B5ED0A0572BBDBCD016DE937D4F6E5B56EECF93A1988B226E0CD45079902096154290690896B68C732DE90A33C1CB50D6509DA618458F6771472BBF3CF075DBF30F083C0A371321ECCEAECB1D49557B02C3F3DFDB417800EFACAC3066DD62A762512DD3D3CA3CE8169188653EFCE5E94E8833BA1D1DB6BA9CC263AC73800B276FF9CBEACE332915F8ED29E18C186E6F664412B6000CCEAB"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3496)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Eset\nod32krn.exe
c:\windows\system32\oodag.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\UAService7.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Czas ukończenia: 2009-12-27  21:00:46 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-12-27 20:00
ComboFix2.txt  2009-12-26 21:54
ComboFix3.txt  2009-12-25 19:10
ComboFix4.txt  2009-12-25 18:55

Przed: 29 220 560 896 bajtów wolnych
Po: 29 183 148 032 bajtów wolnych

- - End Of File - - 8C4968C5D7E09340EC610C97D71F5413


[wojtas]

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

c:\windows\system32\fjhdyfhsn.bat

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)


2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie ) i daj raport ze skanu

[huzar]

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.42
Wersja bazy definicji: 3450
Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 6.0.2900.5512

2009-12-29 17:51:05
mbam-log-2009-12-29 (17-51-05).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)
Przeskanowane obiekty: 214135
Upłynęło: 25 minute(s), 10 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 3

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\iyiovry.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Użytkownik\DoctorWeb\Quarantine\winxp_simulator.exe (Trojan.Logger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Użytkownik\Dane aplikacji\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.


[wojtas]

powinno być ok

Autor postu otrzymał pochwałę

[huzar]

Dzięki Wam za fatygę Pomogło