Komputer się zawiesza

[Mike]

Witam

Kilka dni temu na pewnej stronie (jest to znana mi stronka, która zawsze była czysta) Comodo zaczął szaleć. Wyskoczyła reklama jakiejś aplikacji od skanowania systemu on-line.
Wszystko zablokowałem, także Comodo nie powinien nic przepuścić, jednak od tego czasu komp zaczął zamulać. Przez ostatnie dwa dni, to nawet potrafi całkowicie się zawiesić - dysk mieli non stop.
Zerknijcie, czy nie ma czegoś w logach.

RIST:

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mike at 2010-01-20 18:18:34
Microsoft® Windows Vista™ Ultimate  Service Pack 1
System drive C: has 6 GB (15%) free of 41 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:27, on 2010-01-20
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\MC-907 Mouse\ADOGMOU.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\AQQ\AQQ.exe
C:\Windows\ehome\ehtray.exe
G:\Edgecam85\Cam\edgecls.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mike\Downloads\RSIT.exe
C:\Program Files\trend micro\Mike.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ADOGMOUSE] "C:\Program Files\MC-907 Mouse\ADOGMOU.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\AQQ\AQQ.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: EdgeCLS10.75.lnk = G:\Edgecam85\Cam\edgecls.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 5688 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-26 5369856]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-10 13785632]
"COMODO Internet Security"=C:\Program Files\Comodo\COMODO Internet Security\cfp.exe [2009-12-12 1800464]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"ADOGMOUSE"=C:\Program Files\MC-907 Mouse\ADOGMOU.exe [2006-11-15 475136]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-12 663552]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AQQ"=C:\PROGRA~1\AQQ\AQQ.exe [2009-11-17 6807552]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuruIII]
C:\Program Files\U-ABIT\uGuru\LaunchuGuru.exe [2007-02-09 22528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol 52\axcmd.exe [2009-04-24 203416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
EdgeCLS10.75.lnk - G:\Edgecam85\Cam\edgecls.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=177

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25289084-6685-11de-93fd-806e6f6e6963}]
shell\AutoRun\command - H:\swlauncher.exe


======List of files/folders created in the last 1 months======

2010-01-20 18:18:40 ----D---- C:\Program Files\trend micro
2010-01-20 18:18:34 ----D---- C:\rsit
2010-01-19 21:30:38 ----D---- C:\Windows\Minidump
2010-01-16 12:17:42 ----D---- C:\Program Files\Adobe
2010-01-16 00:05:39 ----D---- C:\Program Files\Simpli Software
2010-01-11 20:37:12 ----D---- C:\Program Files\pdfsam
2010-01-11 10:13:53 ----R---- C:\Windows\system32\BrDctF2S.dll
2010-01-11 10:13:53 ----R---- C:\Windows\system32\BrDctF2L.dll
2010-01-11 10:13:53 ----R---- C:\Windows\system32\BrDctF2.dll
2010-01-11 10:13:49 ----N---- C:\Windows\system32\BroSNMP.dll
2010-01-11 10:13:32 ----D---- C:\Program Files\Brother
2010-01-11 10:13:32 ----D---- C:\Brother
2010-01-10 15:21:32 ----D---- C:\Users\Mike\AppData\Roaming\SolidWorksNewsReader
2010-01-10 15:19:34 ----D---- C:\Users\Mike\AppData\Roaming\SolidWorks
2010-01-10 15:14:40 ----D---- C:\Users\Mike\AppData\Roaming\DWGeditor
2010-01-10 15:13:55 ----D---- C:\Program Files\SolidWorks Installation Manager
2010-01-10 15:13:34 ----A---- C:\Windows\eDrawingOfficeAutomator.INI
2010-01-10 15:08:14 ----D---- C:\Program Files\Common Files\eDrawings2007
2010-01-09 13:34:33 ----N---- C:\Windows\system32\MSVCR70.DLL
2010-01-09 13:34:33 ----N---- C:\Windows\system32\MSVCP70.DLL
2010-01-09 13:34:33 ----N---- C:\Windows\system32\MSVCI70.DLL
2010-01-09 13:34:32 ----N---- C:\Windows\system32\MFC70.DLL
2010-01-09 13:34:32 ----N---- C:\Windows\system32\Atl70.dll
2010-01-09 13:34:20 ----A---- C:\Windows\system32\echelp.exe
2010-01-09 13:05:03 ----D---- C:\Program Files\DjVuZone
2010-01-09 12:40:57 ----D---- C:\Users\Mike\AppData\Roaming\XnView
2010-01-09 12:40:32 ----D---- C:\Program Files\XnView
2010-01-05 22:36:51 ----D---- C:\Users\Mike\AppData\Roaming\PhotoFiltre
2010-01-05 22:36:48 ----D---- C:\Program Files\PhotoFiltre
2010-01-03 23:37:16 ----H---- C:\Windows\system32\sdlshgb.dll
2010-01-03 23:37:16 ----H---- C:\Windows\system32\emh727q.dll
2010-01-03 23:37:14 ----H---- C:\Windows\system32\gjzlq9s.dll
2010-01-03 23:37:13 ----H---- C:\Windows\system32\kv52taf.dll
2010-01-03 23:37:11 ----H---- C:\Windows\system32\qpb68k8.dll
2010-01-03 23:37:10 ----H---- C:\Windows\system32\vzyqvfh.dll
2010-01-03 23:37:08 ----H---- C:\Windows\system32\qve7xvr.dll
2010-01-03 23:37:07 ----H---- C:\Windows\system32\m67s30d.dll
2010-01-03 23:37:06 ----H---- C:\Windows\system32\fhtjs5w.dll
2010-01-03 23:37:05 ----H---- C:\Windows\system32\w3jddga.dll
2010-01-03 23:37:05 ----H---- C:\Windows\system32\moicoqy.dll
2010-01-03 23:37:03 ----H---- C:\Windows\system32\r3504cn.dll
2010-01-03 23:37:01 ----H---- C:\Windows\system32\og2yv47.dll
2010-01-03 23:36:59 ----H---- C:\Windows\system32\qppohzo.dll
2010-01-03 23:36:58 ----H---- C:\Windows\system32\b0oarjz.dll
2010-01-03 23:36:56 ----H---- C:\Windows\system32\khspd1x.dll
2010-01-03 23:36:54 ----H---- C:\Windows\system32\sbwr5w6.dll
2010-01-03 23:36:53 ----H---- C:\Windows\system32\eqzz7q3.dll
2010-01-03 23:36:51 ----H---- C:\Windows\system32\r1z1qrc.dll
2010-01-03 23:36:50 ----H---- C:\Windows\system32\qi4kmbt.dll
2010-01-03 23:36:48 ----H---- C:\Windows\system32\o68o3jr.dll
2010-01-03 23:36:47 ----H---- C:\Windows\system32\qf47url.dll
2010-01-03 23:36:45 ----H---- C:\Windows\system32\teict2z.dll
2010-01-03 23:36:45 ----H---- C:\Windows\system32\b3luwtz.dll
2010-01-03 23:36:44 ----H---- C:\Windows\system32\ugsg9ee.dll
2010-01-03 23:36:42 ----H---- C:\Windows\system32\vj5ccqi.dll
2010-01-03 23:36:42 ----H---- C:\Windows\system32\unk0vr0.dll
2010-01-03 23:36:41 ----H---- C:\Windows\system32\we91eyj.dll
2010-01-03 23:36:40 ----H---- C:\Windows\system32\rm61sy8.dll
2010-01-03 23:36:39 ----H---- C:\Windows\system32\l6u303w.dll
2010-01-03 23:36:38 ----H---- C:\Windows\system32\dek2q0s.dll
2010-01-03 23:36:37 ----H---- C:\Windows\system32\btzwjoc.dll
2010-01-03 23:36:36 ----H---- C:\Windows\system32\u9nid94.dll
2010-01-03 23:36:35 ----H---- C:\Windows\system32\xzcqzxr.dll
2010-01-03 23:36:34 ----H---- C:\Windows\system32\hja4s58.dll
2010-01-03 23:36:33 ----H---- C:\Windows\system32\sm0vy36.dll
2010-01-03 23:36:31 ----H---- C:\Windows\system32\i2u1rpp.dll
2010-01-03 23:36:30 ----H---- C:\Windows\system32\mbsr8x5.dll
2010-01-03 23:36:28 ----H---- C:\Windows\system32\lgnkaeh.dll
2010-01-03 23:36:27 ----H---- C:\Windows\system32\sgroq5m.dll
2010-01-03 23:36:25 ----H---- C:\Windows\system32\ny7pthn.dll
2010-01-03 23:36:22 ----H---- C:\Windows\system32\t3oikx3.dll
2010-01-03 23:36:22 ----H---- C:\Windows\system32\r3wnok3.dll
2010-01-03 23:36:21 ----H---- C:\Windows\system32\whrvi8j.dll
2010-01-03 23:36:19 ----H---- C:\Windows\system32\psu07oo.dll
2010-01-03 23:36:18 ----H---- C:\Windows\system32\gsg9rhw.dll
2010-01-03 23:36:17 ----H---- C:\Windows\system32\svgd18j.dll
2010-01-03 23:36:17 ----H---- C:\Windows\system32\d523tik.dll
2010-01-03 23:36:16 ----H---- C:\Windows\system32\d1ucoul.dll
2010-01-03 23:36:15 ----H---- C:\Windows\system32\qxifzao.dll
2010-01-03 23:36:14 ----H---- C:\Windows\system32\xkdp0he.dll
2010-01-03 23:36:13 ----H---- C:\Windows\system32\j82dy4z.dll
2010-01-03 23:36:12 ----H---- C:\Windows\system32\zfatp2b.dll
2010-01-03 23:36:11 ----H---- C:\Windows\system32\puebqjh.dll
2010-01-03 23:36:10 ----H---- C:\Windows\system32\p1gti3g.dll
2010-01-03 23:36:10 ----H---- C:\Windows\system32\ilexiq0.dll
2010-01-03 23:36:09 ----H---- C:\Windows\system32\yg51rnp.dll
2010-01-03 23:36:09 ----H---- C:\Windows\system32\rvxeh2g.dll
2010-01-03 23:36:08 ----H---- C:\Windows\system32\klu37si.dll
2010-01-03 23:36:07 ----H---- C:\Windows\system32\kevl7am.dll
2010-01-03 23:36:05 ----H---- C:\Windows\system32\yhdfh9b.dll
2010-01-03 23:36:05 ----H---- C:\Windows\system32\edau9f2.dll
2010-01-03 23:36:04 ----H---- C:\Windows\system32\gdb26uj.dll
2010-01-03 23:36:02 ----H---- C:\Windows\system32\mtf8ftp.dll
2010-01-03 23:36:02 ----H---- C:\Windows\system32\dicb9cc.dll
2010-01-03 23:35:59 ----H---- C:\Windows\system32\ycu9glx.dll
2010-01-03 23:35:59 ----H---- C:\Windows\system32\u16iw4k.dll
2010-01-03 23:35:56 ----H---- C:\Windows\system32\fmz6ipk.dll
2010-01-03 23:35:54 ----H---- C:\Windows\system32\wcgl2ka.dll
2010-01-03 23:35:52 ----H---- C:\Windows\system32\vkg44zc.dll
2010-01-03 23:35:51 ----H---- C:\Windows\system32\x6a6jd1.dll
2010-01-03 23:35:50 ----H---- C:\Windows\system32\am3ota9.dll
2010-01-03 23:35:49 ----H---- C:\Windows\system32\jg3uvk8.dll
2010-01-03 23:35:49 ----H---- C:\Windows\system32\daxyr8e.dll
2010-01-03 23:35:47 ----H---- C:\Windows\system32\cg8a9oj.dll
2010-01-03 23:35:46 ----H---- C:\Windows\system32\dntbhlb.dll
2010-01-03 23:35:42 ----H---- C:\Windows\system32\q8dghnn.dll
2010-01-03 23:35:42 ----A---- C:\Windows\system32\op1ofix.dll
2010-01-03 23:35:42 ----A---- C:\Windows\system32\fmivbcp.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\ssprs.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\prsgrc.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\grcauth2.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\grcauth1.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\clauth2.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\clauth1.dll
2010-01-03 23:35:38 ----H---- C:\Windows\system32\a8c741v.dll
2010-01-03 23:35:34 ----D---- C:\Users\Mike\AppData\Roaming\DassaultSystemes
2010-01-03 23:35:34 ----D---- C:\ProgramData\DassaultSystemes
2010-01-03 23:35:24 ----A---- C:\Windows\system32\hlvdd.dll
2010-01-03 23:35:24 ----A---- C:\Windows\system32\haspvdd.dll
2010-01-03 23:34:16 ----N---- C:\Windows\system32\gdiplus.dll
2010-01-03 20:07:26 ----D---- C:\Program Files\Common Files\Bcgsoft

======List of files/folders modified in the last 1 months======

2010-01-20 18:18:40 ----RD---- C:\Program Files
2010-01-20 18:05:43 ----D---- C:\Program Files\Mozilla Firefox
2010-01-20 18:04:57 ----D---- C:\Windows\System32
2010-01-20 18:04:57 ----D---- C:\Windows\inf
2010-01-20 18:04:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-20 17:57:54 ----D---- C:\Windows\Temp
2010-01-20 17:57:42 ----D---- C:\ProgramData\VMware
2010-01-20 17:57:40 ----D---- C:\ProgramData\NVIDIA
2010-01-20 17:10:59 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-20 16:45:55 ----D---- C:\Windows\Prefetch
2010-01-19 21:30:38 ----D---- C:\Windows
2010-01-19 12:55:13 ----D---- C:\Windows\system32\catroot2
2010-01-19 12:55:12 ----SHD---- C:\System Volume Information
2010-01-16 12:19:03 ----D---- C:\ProgramData\Adobe
2010-01-16 12:18:18 ----SHD---- C:\Windows\Installer
2010-01-16 12:17:53 ----D---- C:\Program Files\Common Files\Adobe
2010-01-16 00:28:32 ----D---- C:\Users\Mike\AppData\Roaming\uTorrent
2010-01-15 23:52:37 ----D---- C:\Program Files\Reader 9.0
2010-01-15 17:11:58 ----D---- C:\Users\Mike\AppData\Roaming\foobar2000
2010-01-13 23:58:46 ----D---- C:\Users\Mike\AppData\Roaming\FileZilla
2010-01-12 23:57:34 ----D---- C:\Users\Mike\AppData\Roaming\Thunderbird
2010-01-11 10:16:06 ----A---- C:\Windows\BRWMARK.INI
2010-01-11 10:16:06 ----A---- C:\Windows\BRPP2KA.INI
2010-01-11 10:14:39 ----D---- C:\Windows\system32\catroot
2010-01-11 10:13:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-10 15:15:25 ----D---- C:\Program Files\Common Files\SolidWorks Shared
2010-01-10 15:13:59 ----SD---- C:\Users\Mike\AppData\Roaming\Microsoft
2010-01-10 15:08:40 ----D---- C:\Windows\winsxs
2010-01-10 15:08:15 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-10 15:08:14 ----D---- C:\Program Files\Common Files
2010-01-10 15:08:10 ----D---- C:\Program Files\Microsoft Office
2010-01-10 15:06:44 ----RSD---- C:\Windows\Fonts
2010-01-10 15:06:13 ----HD---- C:\Windows\system32\GroupPolicy
2010-01-09 16:41:11 ----HD---- C:\ProgramData
2010-01-09 16:35:42 ----D---- C:\Users\Mike\AppData\Roaming\VMware
2010-01-09 13:32:04 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-04 09:49:29 ----D---- C:\Users\Mike\AppData\Roaming\BESTplayer
2010-01-03 23:35:24 ----D---- C:\Windows\system32\drivers
2010-01-01 11:10:34 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-12-12 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-12-12 29520]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-12-12 74328]
R1 UGURU;UGURU; C:\Windows\system32\drivers\uGuru.sys [2006-10-02 21048]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-11-05 670208]
R2 Haspnt;Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [2010-01-03 47616]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2009-10-22 32304]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2009-10-22 70704]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2009-10-22 36400]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2009-10-22 26288]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2009-10-22 853936]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2009-10-12 22448]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-26 2103512]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-10 9899296]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-06-16 122368]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2009-10-22 23216]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2009-10-22 16560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2008-04-02 76288]
S3 ax6ngqrt;ax6ngqrt; C:\Windows\system32\drivers\ax6ngqrt.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 Memctl;Memctl; \??\C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 4047]
S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192]
S3 RTL8023xp;Sterownik Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-07-31 76800]
S3 usb_rndisx;Karta USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-21 15872]
S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2009-10-22 31280]
S3 Winflash;WINFLASH; \??\C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys [2006-04-18 3548]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [2009-12-12 723632]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$ECSQLEXPRESS;SQL Server (ECSQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-10 211488]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 SQLBrowser;SQLBrowser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Windows\System32\nvSCPAPISvr.exe [2009-06-10 232960]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2009-10-22 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2009-10-22 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2009-10-22 395824]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server; C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [2009-10-20 54272]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-01-10 72704]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2009-10-12 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-21 917504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

-----------------EOF-----------------


OTL:
http://wklej.org/hash/fec1fa1c70e/
http://wklej.org/hash/fc2ba3bfe75/

[wojtas]

mamy Vundo...

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

Autor postu otrzymał pochwałę

[Mike]

Skan z Combofix'a:

Kod: Zaznacz wszystko

ComboFix 10-01-19.08 - Mike 2010-01-20  21:32:09.2.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1250.48.1045.18.2046.1501 [GMT 1:00]
Uruchomiony z: c:\users\Mike\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Mike\AppData\Roaming\EurekaLog
c:\windows\system32\op1ofix.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll

----- BITS: Możliwe zainfekowane strony -----

hxxp://armmf.adobe.com
.
(((((((((((((((((((((((((   Pliki utworzone od 2009-12-20 do 2010-01-20  )))))))))))))))))))))))))))))))
.

2010-01-20 20:40 . 2010-01-20 20:41   --------   d-----w-   c:\users\Mike\AppData\Local\temp
2010-01-20 20:40 . 2010-01-20 20:40   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-01-20 17:18 . 2010-01-20 17:21   --------   d-----w-   c:\program files\trend micro
2010-01-20 17:18 . 2010-01-20 17:21   --------   d-----w-   C:\rsit
2010-01-15 23:05 . 2010-01-15 23:05   --------   d-----w-   c:\program files\Simpli Software
2010-01-15 22:47 . 2010-01-19 11:12   --------   d-----w-   c:\users\Mike\AppData\Local\Adobe
2010-01-11 19:43 . 2010-01-11 19:43   --------   d-----w-   c:\users\Mike\.pdfsam
2010-01-11 19:37 . 2010-01-11 19:37   --------   d-----w-   c:\program files\pdfsam
2010-01-11 09:13 . 2007-01-25 16:16   94208   ------r-   c:\windows\system32\BrDctF2.dll
2010-01-11 09:13 . 2007-01-15 20:54   12288   ------r-   c:\windows\system32\BrDctF2S.dll
2010-01-11 09:13 . 2007-01-15 17:56   12288   ------r-   c:\windows\system32\BrDctF2L.dll
2010-01-11 09:13 . 2006-12-28 12:39   176128   ------w-   c:\windows\system32\BroSNMP.dll
2010-01-11 09:13 . 2010-01-11 09:14   --------   d-----w-   c:\program files\Brother
2010-01-11 09:13 . 2010-01-11 09:13   --------   d-----w-   C:\Brother
2010-01-10 14:21 . 2010-01-10 14:21   --------   d-----w-   c:\users\Mike\AppData\Roaming\SolidWorksNewsReader
2010-01-10 14:19 . 2010-01-10 15:43   --------   d-----w-   c:\users\Mike\AppData\Roaming\SolidWorks
2010-01-10 14:14 . 2010-01-10 14:14   --------   d-----w-   c:\users\Mike\AppData\Roaming\DWGeditor
2010-01-10 14:13 . 2010-01-10 14:13   61440   ----a-r-   c:\users\Mike\AppData\Roaming\Microsoft\Installer\{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}\NewShortcut1_3668F00AED454A6E8105AD5B99FD99C6.exe
2010-01-10 14:13 . 2010-01-10 14:13   61440   ----a-r-   c:\users\Mike\AppData\Roaming\Microsoft\Installer\{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}\ARPPRODUCTICON.exe
2010-01-10 14:13 . 2010-01-10 14:13   --------   d-----w-   c:\program files\SolidWorks Installation Manager
2010-01-10 14:08 . 2010-01-10 14:13   --------   d-----w-   c:\program files\Common Files\eDrawings2007
2010-01-09 12:34 . 2003-05-09 08:20   344064   ------w-   c:\windows\system32\MSVCR70.DLL
2010-01-09 12:34 . 2003-05-09 08:20   487424   ------w-   c:\windows\system32\MSVCP70.DLL
2010-01-09 12:34 . 2003-05-09 08:20   54784   ------w-   c:\windows\system32\MSVCI70.DLL
2010-01-09 12:34 . 2003-10-21 15:05   84992   ------w-   c:\windows\system32\Atl70.dll
2010-01-09 12:34 . 2003-05-09 08:20   974848   ------w-   c:\windows\system32\MFC70.DLL
2010-01-09 12:34 . 2006-06-19 11:46   23040   ----a-w-   c:\windows\system32\echelp.exe
2010-01-09 12:05 . 2010-01-09 12:05   --------   d-----w-   c:\program files\DjVuZone
2010-01-09 11:40 . 2010-01-09 11:58   --------   d-----w-   c:\users\Mike\AppData\Roaming\XnView
2010-01-09 11:40 . 2010-01-09 11:40   --------   d-----w-   c:\program files\XnView
2010-01-05 21:36 . 2010-01-05 21:43   --------   d-----w-   c:\users\Mike\AppData\Roaming\PhotoFiltre
2010-01-05 21:36 . 2010-01-05 21:36   --------   d-----w-   c:\program files\PhotoFiltre
2010-01-03 22:36 . 2008-01-21 02:22   16   ---h--w-   c:\windows\system32\qppohzo.dll
2010-01-03 22:35 . 2008-01-21 02:22   16   ---h--w-   c:\windows\system32\ycu9glx.dll
2010-01-03 22:34 . 2006-06-12 16:07   1700352   ------w-   c:\windows\system32\gdiplus.dll
2010-01-03 19:07 . 2010-01-03 19:07   --------   d-----w-   c:\program files\Common Files\Bcgsoft

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 20:32 . 2009-07-03 10:25   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-01-20 20:31 . 2008-01-21 06:26   714482   ----a-w-   c:\windows\system32\perfh015.dat
2010-01-20 20:31 . 2008-01-21 06:26   146930   ----a-w-   c:\windows\system32\perfc015.dat
2010-01-20 20:26 . 2009-12-04 18:00   --------   d-----w-   c:\programdata\VMware
2010-01-20 20:26 . 2009-07-01 22:11   --------   d-----w-   c:\programdata\NVIDIA
2010-01-20 20:26 . 2009-07-01 22:11   115702   ----a-w-   c:\programdata\nvModes.dat
2010-01-20 19:27 . 2009-07-05 18:21   12   ----a-w-   c:\windows\bthservsdp.dat
2010-01-16 11:17 . 2009-07-02 15:48   --------   d-----w-   c:\program files\Common Files\Adobe
2010-01-15 23:28 . 2009-07-03 14:33   --------   d-----w-   c:\users\Mike\AppData\Roaming\uTorrent
2010-01-15 22:52 . 2009-07-02 15:48   --------   d-----w-   c:\program files\Reader 9.0
2010-01-15 16:11 . 2009-07-03 15:14   --------   d-----w-   c:\users\Mike\AppData\Roaming\foobar2000
2010-01-13 22:58 . 2009-12-19 11:15   --------   d-----w-   c:\users\Mike\AppData\Roaming\FileZilla
2010-01-12 22:57 . 2009-07-03 10:25   --------   d-----w-   c:\users\Mike\AppData\Roaming\Thunderbird
2010-01-11 09:15 . 2009-07-06 10:27   50   ----a-w-   c:\windows\system32\bridf07a.dat
2010-01-11 09:13 . 2009-07-01 21:48   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-01-10 14:19 . 2009-07-01 21:37   119032   ----a-w-   c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-10 14:15 . 2009-12-17 21:56   --------   d-----w-   c:\program files\Common Files\SolidWorks Shared
2010-01-09 15:41 . 2010-01-03 22:35   --------   d-----w-   c:\programdata\DassaultSystemes
2010-01-09 15:35 . 2009-12-04 18:11   --------   d-----w-   c:\users\Mike\AppData\Roaming\VMware
2010-01-09 12:32 . 2009-07-01 21:48   --------   d-----w-   c:\program files\Common Files\InstallShield
2010-01-04 08:49 . 2009-07-02 08:47   --------   d-----w-   c:\users\Mike\AppData\Roaming\BESTplayer
2010-01-03 22:35 . 2010-01-03 22:35   1025   ----a-w-   c:\windows\system32\fmivbcp.dll
2010-01-03 22:35 . 2010-01-03 22:35   1025   ----a-w-   c:\windows\system32\clauth2.dll
2010-01-03 22:35 . 2010-01-03 22:35   1025   ----a-w-   c:\windows\system32\clauth1.dll
2010-01-03 22:35 . 2010-01-03 22:35   1024   ----a-w-   c:\windows\system32\grcauth2.dll
2010-01-03 22:35 . 2010-01-03 22:35   1024   ----a-w-   c:\windows\system32\grcauth1.dll
2010-01-03 22:35 . 2010-01-03 22:35   --------   d-----w-   c:\users\Mike\AppData\Roaming\DassaultSystemes
2010-01-03 22:35 . 2010-01-03 22:35   6656   ----a-w-   c:\windows\system32\haspvdd.dll
2010-01-03 22:35 . 2010-01-03 22:35   47616   ----a-w-   c:\windows\system32\drivers\Haspnt.sys
2010-01-03 22:35 . 2010-01-03 22:35   383   ----a-w-   c:\windows\system32\haspdos.sys
2010-01-03 22:35 . 2010-01-03 22:35   304640   ----a-w-   c:\windows\system32\hlvdd.dll
2010-01-03 19:46 . 2009-12-17 22:13   148   ----a-w-   c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-12-19 11:15 . 2009-12-19 11:15   --------   d-----w-   c:\program files\FileZilla FTP Client
2009-12-17 22:13 . 2009-12-17 22:13   16   ---h--w-   c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\svgd18j.dll
2009-12-17 22:09 . 2009-07-02 20:57   --------   d-----w-   c:\program files\Microsoft.NET
2009-12-17 12:07 . 2009-12-02 21:08   --------   d-----w-   c:\users\Mike\AppData\Roaming\gtk-2.0
2009-12-12 22:56 . 2009-07-01 23:08   74328   ----a-w-   c:\windows\system32\drivers\inspect.sys
2009-12-12 22:54 . 2009-07-01 23:08   171552   ----a-w-   c:\windows\system32\guard32.dll
2009-12-12 22:54 . 2009-07-01 23:08   29520   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2009-12-12 22:54 . 2009-07-01 23:08   128376   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2009-12-07 17:11 . 2009-12-07 17:11   --------   d-----w-   c:\programdata\SolarWinds
2009-12-07 17:11 . 2009-12-07 17:11   --------   d-----w-   c:\program files\SolarWinds
2009-12-04 18:04 . 2009-12-04 18:04   909320   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2009-12-04 18:04 . 2009-12-04 18:04   625200   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2009-12-04 18:01 . 2009-12-04 18:01   --------   d-----w-   c:\program files\Common Files\VMware
2009-12-04 18:00 . 2009-12-04 18:00   --------   d-----w-   c:\program files\VMware
2009-12-04 17:57 . 2009-12-04 18:04   569344   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2009-12-04 17:57 . 2009-12-04 18:04   360448   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2009-12-04 17:57 . 2009-12-04 18:04   331776   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2009-12-04 17:57 . 2009-12-04 18:04   922672   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2009-12-04 17:57 . 2009-12-04 18:04   958000   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2009-12-04 17:57 . 2009-12-04 18:04   760368   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2009-12-04 17:57 . 2009-12-04 18:04   731696   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2009-12-04 17:57 . 2009-12-04 18:04   703024   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2009-12-01 20:54 . 2009-10-11 19:12   --------   d-----w-   c:\program files\Magiczne Bloczki
2009-12-01 20:39 . 2009-07-03 21:07   --------   d-----w-   c:\program files\Java
2009-09-15 14:32 . 2009-10-06 18:35   1963679   ----a-w-   c:\program files\z.JPG
2009-09-15 14:32 . 2009-09-15 14:29   1963679   ----a-w-   c:\program files\IMG_0127.JPG
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="c:\progra~1\AQQ\AQQ.exe" [2009-11-17 6807552]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-12-12 1800464]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ADOGMOUSE"="c:\program files\MC-907 Mouse\ADOGMOU.exe" [2006-11-15 475136]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EdgeCLS10.75.lnk - g:\edgecam85\Cam\edgecls.exe [2010-1-9 704512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuruIII]
2007-02-09 14:05   22528   ----a-w-   c:\program files\U-ABIT\uGuru\LaunchuGuru.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05   203416   ----a-w-   c:\program files\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 12:36   36864   ----a-w-   c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17   149280   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:21   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2418636661-16594485-1138279367-1000]
"EnableNotificationsRef"=dword:00000002

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2009-07-02 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2009-07-02 29520]
R1 UGURU;UGURU;c:\windows\System32\drivers\uGuru.sys [2009-07-01 21048]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [2009-06-10 232960]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [2009-10-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-07-02 721904]
S2 MSSQL$ECSQLEXPRESS;SQL Server (ECSQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [2009-10-20 54272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kb3f9jly.default\
FF - prefs.js: browser.startup.homepage - google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 21:41
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2010-01-20  21:44:40
ComboFix-quarantined-files.txt  2010-01-20 20:44

Przed: 6 017 437 696 bajtów wolnych
Po: 5 680 750 592 bajtów wolnych

- - End Of File - - BB6C619314C6A665B00A879CF8B8F70F


[NieWiem]

Ja wiem, że to wygląda na jakieś sterowniki od Sentinela, ale dla bezpieczeństwa zabierz je na spacerek na jakiś virscan:

c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\svgd18j.dll

Ten pierwszy plik to najczęściej występuje w Qooboxach, o tym drugim to google milczy. Na 99% jakiś bullshit.

Te też do sprawdzenia. Przy Vundo wszystko jest losowe, a te są kolejno ponumerowane:

2010-01-03 23:35:41 ----A---- C:\Windows\system32\grcauth2.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\grcauth1.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\clauth2.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\clauth1.dll

Chociaż w sumie to te akurat powinny być poprawne.

Zmontuj sobie skrypta:

File::
c:\windows\system32\ycu9glx.dll
c:\windows\system32\qppohzo.dll
C:\Windows\system32\sdlshgb.dll
C:\Windows\system32\emh727q.dll
C:\Windows\system32\gjzlq9s.dll
C:\Windows\system32\kv52taf.dll
C:\Windows\system32\qpb68k8.dll
C:\Windows\system32\vzyqvfh.dll
C:\Windows\system32\qve7xvr.dll
C:\Windows\system32\m67s30d.dll
C:\Windows\system32\fhtjs5w.dll
C:\Windows\system32\w3jddga.dll
C:\Windows\system32\moicoqy.dll
C:\Windows\system32\r3504cn.dll
C:\Windows\system32\og2yv47.dll
C:\Windows\system32\qppohzo.dll
C:\Windows\system32\b0oarjz.dll
C:\Windows\system32\khspd1x.dll
C:\Windows\system32\sbwr5w6.dll
C:\Windows\system32\eqzz7q3.dll
C:\Windows\system32\r1z1qrc.dll
C:\Windows\system32\qi4kmbt.dll
C:\Windows\system32\o68o3jr.dll
C:\Windows\system32\qf47url.dll
C:\Windows\system32\teict2z.dll
C:\Windows\system32\b3luwtz.dll
C:\Windows\system32\ugsg9ee.dll
C:\Windows\system32\vj5ccqi.dll
C:\Windows\system32\unk0vr0.dll
C:\Windows\system32\we91eyj.dll
C:\Windows\system32\rm61sy8.dll
C:\Windows\system32\l6u303w.dll
C:\Windows\system32\dek2q0s.dll
C:\Windows\system32\btzwjoc.dll
C:\Windows\system32\u9nid94.dll
C:\Windows\system32\xzcqzxr.dll
C:\Windows\system32\hja4s58.dll
C:\Windows\system32\sm0vy36.dll
C:\Windows\system32\i2u1rpp.dll
C:\Windows\system32\mbsr8x5.dll
C:\Windows\system32\lgnkaeh.dll
C:\Windows\system32\sgroq5m.dll
C:\Windows\system32\ny7pthn.dll
C:\Windows\system32\t3oikx3.dll
C:\Windows\system32\r3wnok3.dll
C:\Windows\system32\whrvi8j.dll
C:\Windows\system32\psu07oo.dll
C:\Windows\system32\gsg9rhw.dll
C:\Windows\system32\svgd18j.dll
C:\Windows\system32\d523tik.dll
C:\Windows\system32\d1ucoul.dll
C:\Windows\system32\qxifzao.dll
C:\Windows\system32\xkdp0he.dll
C:\Windows\system32\j82dy4z.dll
C:\Windows\system32\zfatp2b.dll
C:\Windows\system32\puebqjh.dll
C:\Windows\system32\p1gti3g.dll
C:\Windows\system32\ilexiq0.dll
C:\Windows\system32\yg51rnp.dll
C:\Windows\system32\rvxeh2g.dll
C:\Windows\system32\klu37si.dll
C:\Windows\system32\kevl7am.dll
C:\Windows\system32\yhdfh9b.dll
C:\Windows\system32\edau9f2.dll
C:\Windows\system32\gdb26uj.dll
C:\Windows\system32\mtf8ftp.dll
C:\Windows\system32\dicb9cc.dll
C:\Windows\system32\ycu9glx.dll
C:\Windows\system32\u16iw4k.dll
C:\Windows\system32\fmz6ipk.dll
C:\Windows\system32\wcgl2ka.dll
C:\Windows\system32\vkg44zc.dll
C:\Windows\system32\x6a6jd1.dll
C:\Windows\system32\am3ota9.dll
C:\Windows\system32\jg3uvk8.dll
C:\Windows\system32\daxyr8e.dll
C:\Windows\system32\cg8a9oj.dll
C:\Windows\system32\dntbhlb.dll
C:\Windows\system32\q8dghnn.dll
C:\Windows\system32\op1ofix.dll
C:\Windows\system32\fmivbcp.dll
C:\Windows\system32\ssprs.dll
C:\Windows\system32\prsgrc.dll
C:\Windows\system32\a8c741v.dll

Zapisujesz jako CFScript.txt, przeciągasz na ikonę ComboFixa. Wracasz z logiem z CF oraz z logami z DDS (najpierw wynikowy CF, potem pobierasz i odpalasz DDS).

Plus dobrze by było odpalić Malwarebytes' i też pokazać loga.

[Mike]

c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\svgd18j.dll

Nie ma go nawet w tym katalogu już
Co do prsgrc.dll, to jest czysty.

2010-01-03 23:35:41 ----A---- C:\Windows\system32\grcauth2.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\grcauth1.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\clauth2.dll
2010-01-03 23:35:41 ----A---- C:\Windows\system32\clauth1.dll

Wszystkie są czyste.

Log z CF:

Kod: Zaznacz wszystko

ComboFix 10-01-20.07 - Mike 2010-01-21  20:21:24.3.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1250.48.1045.18.2046.980 [GMT 1:00]
Uruchomiony z: c:\users\Mike\Desktop\ComboFix.exe
Użyto następujących komend :: c:\users\Mike\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\a8c741v.dll"
"c:\windows\system32\am3ota9.dll"
"c:\windows\system32\b0oarjz.dll"
"c:\windows\system32\b3luwtz.dll"
"c:\windows\system32\btzwjoc.dll"
"c:\windows\system32\cg8a9oj.dll"
"c:\windows\system32\d1ucoul.dll"
"c:\windows\system32\d523tik.dll"
"c:\windows\system32\daxyr8e.dll"
"c:\windows\system32\dek2q0s.dll"
"c:\windows\system32\dicb9cc.dll"
"c:\windows\system32\dntbhlb.dll"
"c:\windows\system32\edau9f2.dll"
"c:\windows\system32\emh727q.dll"
"c:\windows\system32\eqzz7q3.dll"
"c:\windows\system32\fhtjs5w.dll"
"c:\windows\system32\fmivbcp.dll"
"c:\windows\system32\fmz6ipk.dll"
"c:\windows\system32\gdb26uj.dll"
"c:\windows\system32\gjzlq9s.dll"
"c:\windows\system32\gsg9rhw.dll"
"c:\windows\system32\hja4s58.dll"
"c:\windows\system32\i2u1rpp.dll"
"c:\windows\system32\ilexiq0.dll"
"c:\windows\system32\j82dy4z.dll"
"c:\windows\system32\jg3uvk8.dll"
"c:\windows\system32\kevl7am.dll"
"c:\windows\system32\khspd1x.dll"
"c:\windows\system32\klu37si.dll"
"c:\windows\system32\kv52taf.dll"
"c:\windows\system32\l6u303w.dll"
"c:\windows\system32\lgnkaeh.dll"
"c:\windows\system32\m67s30d.dll"
"c:\windows\system32\mbsr8x5.dll"
"c:\windows\system32\moicoqy.dll"
"c:\windows\system32\mtf8ftp.dll"
"c:\windows\system32\ny7pthn.dll"
"c:\windows\system32\o68o3jr.dll"
"c:\windows\system32\og2yv47.dll"
"c:\windows\system32\op1ofix.dll"
"c:\windows\system32\p1gti3g.dll"
"c:\windows\system32\prsgrc.dll"
"c:\windows\system32\psu07oo.dll"
"c:\windows\system32\puebqjh.dll"
"c:\windows\system32\q8dghnn.dll"
"c:\windows\system32\qf47url.dll"
"c:\windows\system32\qi4kmbt.dll"
"c:\windows\system32\qpb68k8.dll"
"c:\windows\system32\qppohzo.dll"
"c:\windows\system32\qve7xvr.dll"
"c:\windows\system32\qxifzao.dll"
"c:\windows\system32\r1z1qrc.dll"
"c:\windows\system32\r3504cn.dll"
"c:\windows\system32\r3wnok3.dll"
"c:\windows\system32\rm61sy8.dll"
"c:\windows\system32\rvxeh2g.dll"
"c:\windows\system32\sbwr5w6.dll"
"c:\windows\system32\sdlshgb.dll"
"c:\windows\system32\sgroq5m.dll"
"c:\windows\system32\sm0vy36.dll"
"c:\windows\system32\ssprs.dll"
"c:\windows\system32\svgd18j.dll"
"c:\windows\system32\t3oikx3.dll"
"c:\windows\system32\teict2z.dll"
"c:\windows\system32\u16iw4k.dll"
"c:\windows\system32\u9nid94.dll"
"c:\windows\system32\ugsg9ee.dll"
"c:\windows\system32\unk0vr0.dll"
"c:\windows\system32\vj5ccqi.dll"
"c:\windows\system32\vkg44zc.dll"
"c:\windows\system32\vzyqvfh.dll"
"c:\windows\system32\w3jddga.dll"
"c:\windows\system32\wcgl2ka.dll"
"c:\windows\system32\we91eyj.dll"
"c:\windows\system32\whrvi8j.dll"
"c:\windows\system32\x6a6jd1.dll"
"c:\windows\system32\xkdp0he.dll"
"c:\windows\system32\xzcqzxr.dll"
"c:\windows\system32\ycu9glx.dll"
"c:\windows\system32\yg51rnp.dll"
"c:\windows\system32\yhdfh9b.dll"
"c:\windows\system32\zfatp2b.dll"
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\a8c741v.dll
c:\windows\system32\am3ota9.dll
c:\windows\system32\b0oarjz.dll
c:\windows\system32\b3luwtz.dll
c:\windows\system32\btzwjoc.dll
c:\windows\system32\cg8a9oj.dll
c:\windows\system32\d1ucoul.dll
c:\windows\system32\d523tik.dll
c:\windows\system32\daxyr8e.dll
c:\windows\system32\dek2q0s.dll
c:\windows\system32\dicb9cc.dll
c:\windows\system32\dntbhlb.dll
c:\windows\system32\edau9f2.dll
c:\windows\system32\emh727q.dll
c:\windows\system32\eqzz7q3.dll
c:\windows\system32\fhtjs5w.dll
c:\windows\system32\fmivbcp.dll
c:\windows\system32\fmz6ipk.dll
c:\windows\system32\gdb26uj.dll
c:\windows\system32\gjzlq9s.dll
c:\windows\system32\gsg9rhw.dll
c:\windows\system32\hja4s58.dll
c:\windows\system32\i2u1rpp.dll
c:\windows\system32\ilexiq0.dll
c:\windows\system32\j82dy4z.dll
c:\windows\system32\jg3uvk8.dll
c:\windows\system32\kevl7am.dll
c:\windows\system32\khspd1x.dll
c:\windows\system32\klu37si.dll
c:\windows\system32\kv52taf.dll
c:\windows\system32\l6u303w.dll
c:\windows\system32\lgnkaeh.dll
c:\windows\system32\m67s30d.dll
c:\windows\system32\mbsr8x5.dll
c:\windows\system32\moicoqy.dll
c:\windows\system32\mtf8ftp.dll
c:\windows\system32\ny7pthn.dll
c:\windows\system32\o68o3jr.dll
c:\windows\system32\og2yv47.dll
c:\windows\system32\p1gti3g.dll
c:\windows\system32\psu07oo.dll
c:\windows\system32\puebqjh.dll
c:\windows\system32\q8dghnn.dll
c:\windows\system32\qf47url.dll
c:\windows\system32\qi4kmbt.dll
c:\windows\system32\qpb68k8.dll
c:\windows\system32\qppohzo.dll
c:\windows\system32\qve7xvr.dll
c:\windows\system32\qxifzao.dll
c:\windows\system32\r1z1qrc.dll
c:\windows\system32\r3504cn.dll
c:\windows\system32\r3wnok3.dll
c:\windows\system32\rm61sy8.dll
c:\windows\system32\rvxeh2g.dll
c:\windows\system32\sbwr5w6.dll
c:\windows\system32\sdlshgb.dll
c:\windows\system32\sgroq5m.dll
c:\windows\system32\sm0vy36.dll
c:\windows\system32\svgd18j.dll
c:\windows\system32\t3oikx3.dll
c:\windows\system32\teict2z.dll
c:\windows\system32\u16iw4k.dll
c:\windows\system32\u9nid94.dll
c:\windows\system32\ugsg9ee.dll
c:\windows\system32\unk0vr0.dll
c:\windows\system32\vj5ccqi.dll
c:\windows\system32\vkg44zc.dll
c:\windows\system32\vzyqvfh.dll
c:\windows\system32\w3jddga.dll
c:\windows\system32\wcgl2ka.dll
c:\windows\system32\we91eyj.dll
c:\windows\system32\whrvi8j.dll
c:\windows\system32\x6a6jd1.dll
c:\windows\system32\xkdp0he.dll
c:\windows\system32\xzcqzxr.dll
c:\windows\system32\ycu9glx.dll
c:\windows\system32\yg51rnp.dll
c:\windows\system32\yhdfh9b.dll
c:\windows\system32\zfatp2b.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-12-21 do 2010-01-21  )))))))))))))))))))))))))))))))
.

2010-01-21 19:29 . 2010-01-21 19:30   --------   d-----w-   c:\users\Mike\AppData\Local\temp
2010-01-21 19:29 . 2010-01-21 19:29   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-01-21 19:29 . 2010-01-21 19:29   --------   d-----w-   c:\users\Lilith\AppData\Local\temp
2010-01-21 19:29 . 2010-01-21 19:29   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-01-20 22:28 . 2010-01-20 22:28   --------   d-----w-   c:\users\Mike\AppData\Local\COMODO
2010-01-20 17:18 . 2010-01-20 17:21   --------   d-----w-   c:\program files\trend micro
2010-01-20 17:18 . 2010-01-20 17:21   --------   d-----w-   C:\rsit
2010-01-15 23:05 . 2010-01-15 23:05   --------   d-----w-   c:\program files\Simpli Software
2010-01-15 22:47 . 2010-01-19 11:12   --------   d-----w-   c:\users\Mike\AppData\Local\Adobe
2010-01-11 19:43 . 2010-01-11 19:43   --------   d-----w-   c:\users\Mike\.pdfsam
2010-01-11 19:37 . 2010-01-11 19:37   --------   d-----w-   c:\program files\pdfsam
2010-01-11 09:13 . 2007-01-25 16:16   94208   ------r-   c:\windows\system32\BrDctF2.dll
2010-01-11 09:13 . 2007-01-15 20:54   12288   ------r-   c:\windows\system32\BrDctF2S.dll
2010-01-11 09:13 . 2007-01-15 17:56   12288   ------r-   c:\windows\system32\BrDctF2L.dll
2010-01-11 09:13 . 2006-12-28 12:39   176128   ------w-   c:\windows\system32\BroSNMP.dll
2010-01-11 09:13 . 2010-01-11 09:14   --------   d-----w-   c:\program files\Brother
2010-01-11 09:13 . 2010-01-11 09:13   --------   d-----w-   C:\Brother
2010-01-10 14:21 . 2010-01-10 14:21   --------   d-----w-   c:\users\Mike\AppData\Roaming\SolidWorksNewsReader
2010-01-10 14:19 . 2010-01-10 15:43   --------   d-----w-   c:\users\Mike\AppData\Roaming\SolidWorks
2010-01-10 14:14 . 2010-01-10 14:14   --------   d-----w-   c:\users\Mike\AppData\Roaming\DWGeditor
2010-01-10 14:13 . 2010-01-10 14:13   61440   ----a-r-   c:\users\Mike\AppData\Roaming\Microsoft\Installer\{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}\NewShortcut1_3668F00AED454A6E8105AD5B99FD99C6.exe
2010-01-10 14:13 . 2010-01-10 14:13   61440   ----a-r-   c:\users\Mike\AppData\Roaming\Microsoft\Installer\{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}\ARPPRODUCTICON.exe
2010-01-10 14:13 . 2010-01-10 14:13   --------   d-----w-   c:\program files\SolidWorks Installation Manager
2010-01-10 14:08 . 2010-01-10 14:13   --------   d-----w-   c:\program files\Common Files\eDrawings2007
2010-01-09 12:34 . 2003-05-09 08:20   344064   ------w-   c:\windows\system32\MSVCR70.DLL
2010-01-09 12:34 . 2003-05-09 08:20   487424   ------w-   c:\windows\system32\MSVCP70.DLL
2010-01-09 12:34 . 2003-05-09 08:20   54784   ------w-   c:\windows\system32\MSVCI70.DLL
2010-01-09 12:34 . 2003-10-21 15:05   84992   ------w-   c:\windows\system32\Atl70.dll
2010-01-09 12:34 . 2003-05-09 08:20   974848   ------w-   c:\windows\system32\MFC70.DLL
2010-01-09 12:34 . 2006-06-19 11:46   23040   ----a-w-   c:\windows\system32\echelp.exe
2010-01-09 12:05 . 2010-01-09 12:05   --------   d-----w-   c:\program files\DjVuZone
2010-01-09 11:40 . 2010-01-09 11:58   --------   d-----w-   c:\users\Mike\AppData\Roaming\XnView
2010-01-09 11:40 . 2010-01-09 11:40   --------   d-----w-   c:\program files\XnView
2010-01-05 21:36 . 2010-01-05 21:43   --------   d-----w-   c:\users\Mike\AppData\Roaming\PhotoFiltre
2010-01-05 21:36 . 2010-01-05 21:36   --------   d-----w-   c:\program files\PhotoFiltre
2010-01-03 22:35 . 2010-01-03 22:35   1025   ----a-w-   c:\windows\system32\clauth2.dll
2010-01-03 22:35 . 2010-01-03 22:35   1025   ----a-w-   c:\windows\system32\clauth1.dll
2010-01-03 22:35 . 2010-01-03 22:35   1024   ----a-w-   c:\windows\system32\grcauth2.dll
2010-01-03 22:35 . 2010-01-03 22:35   1024   ----a-w-   c:\windows\system32\grcauth1.dll
2010-01-03 22:35 . 2010-01-09 15:41   --------   d-----w-   c:\programdata\DassaultSystemes
2010-01-03 22:35 . 2010-01-03 22:35   --------   d-----w-   c:\users\Mike\AppData\Roaming\DassaultSystemes
2010-01-03 22:35 . 2010-01-03 22:35   --------   d-----w-   c:\users\Mike\AppData\Local\DassaultSystemes
2010-01-03 22:35 . 2010-01-03 22:35   6656   ----a-w-   c:\windows\system32\haspvdd.dll
2010-01-03 22:35 . 2010-01-03 22:35   47616   ----a-w-   c:\windows\system32\drivers\Haspnt.sys
2010-01-03 22:35 . 2010-01-03 22:35   383   ----a-w-   c:\windows\system32\haspdos.sys
2010-01-03 22:35 . 2010-01-03 22:35   304640   ----a-w-   c:\windows\system32\hlvdd.dll
2010-01-03 22:34 . 2006-06-12 16:07   1700352   ------w-   c:\windows\system32\gdiplus.dll
2010-01-03 19:07 . 2010-01-03 19:07   --------   d-----w-   c:\program files\Common Files\Bcgsoft

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 19:25 . 2008-01-21 06:26   714482   ----a-w-   c:\windows\system32\perfh015.dat
2010-01-21 19:25 . 2008-01-21 06:26   146930   ----a-w-   c:\windows\system32\perfc015.dat
2010-01-21 19:19 . 2009-12-04 18:00   --------   d-----w-   c:\programdata\VMware
2010-01-21 19:19 . 2009-07-01 22:11   --------   d-----w-   c:\programdata\NVIDIA
2010-01-21 19:19 . 2009-07-01 22:11   115702   ----a-w-   c:\programdata\nvModes.dat
2010-01-21 19:17 . 2009-07-05 18:21   12   ----a-w-   c:\windows\bthservsdp.dat
2010-01-21 18:37 . 2009-07-03 10:25   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-01-16 11:17 . 2009-07-02 15:48   --------   d-----w-   c:\program files\Common Files\Adobe
2010-01-15 23:28 . 2009-07-03 14:33   --------   d-----w-   c:\users\Mike\AppData\Roaming\uTorrent
2010-01-15 22:52 . 2009-07-02 15:48   --------   d-----w-   c:\program files\Reader 9.0
2010-01-15 16:11 . 2009-07-03 15:14   --------   d-----w-   c:\users\Mike\AppData\Roaming\foobar2000
2010-01-13 22:58 . 2009-12-19 11:15   --------   d-----w-   c:\users\Mike\AppData\Roaming\FileZilla
2010-01-12 22:57 . 2009-07-03 10:25   --------   d-----w-   c:\users\Mike\AppData\Roaming\Thunderbird
2010-01-11 09:15 . 2009-07-06 10:27   50   ----a-w-   c:\windows\system32\bridf07a.dat
2010-01-11 09:13 . 2009-07-01 21:48   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-01-10 14:19 . 2009-07-01 21:37   119032   ----a-w-   c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-10 14:15 . 2009-12-17 21:56   --------   d-----w-   c:\program files\Common Files\SolidWorks Shared
2010-01-09 15:35 . 2009-12-04 18:11   --------   d-----w-   c:\users\Mike\AppData\Roaming\VMware
2010-01-09 12:32 . 2009-07-01 21:48   --------   d-----w-   c:\program files\Common Files\InstallShield
2010-01-04 08:49 . 2009-07-02 08:47   --------   d-----w-   c:\users\Mike\AppData\Roaming\BESTplayer
2010-01-03 19:46 . 2009-12-17 22:13   148   ----a-w-   c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-12-19 11:15 . 2009-12-19 11:15   --------   d-----w-   c:\program files\FileZilla FTP Client
2009-12-17 22:13 . 2009-12-17 22:13   16   ---h--w-   c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\svgd18j.dll
2009-12-17 22:09 . 2009-07-02 20:57   --------   d-----w-   c:\program files\Microsoft.NET
2009-12-17 12:07 . 2009-12-02 21:08   --------   d-----w-   c:\users\Mike\AppData\Roaming\gtk-2.0
2009-12-12 22:56 . 2009-07-01 23:08   74328   ----a-w-   c:\windows\system32\drivers\inspect.sys
2009-12-12 22:54 . 2009-07-01 23:08   171552   ----a-w-   c:\windows\system32\guard32.dll
2009-12-12 22:54 . 2009-07-01 23:08   29520   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2009-12-12 22:54 . 2009-07-01 23:08   128376   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2009-12-07 17:11 . 2009-12-07 17:11   --------   d-----w-   c:\programdata\SolarWinds
2009-12-07 17:11 . 2009-12-07 17:11   --------   d-----w-   c:\program files\SolarWinds
2009-12-04 18:04 . 2009-12-04 18:04   909320   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2009-12-04 18:04 . 2009-12-04 18:04   625200   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2009-12-04 18:01 . 2009-12-04 18:01   --------   d-----w-   c:\program files\Common Files\VMware
2009-12-04 18:00 . 2009-12-04 18:00   --------   d-----w-   c:\program files\VMware
2009-12-04 17:57 . 2009-12-04 18:04   569344   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2009-12-04 17:57 . 2009-12-04 18:04   360448   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2009-12-04 17:57 . 2009-12-04 18:04   331776   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2009-12-04 17:57 . 2009-12-04 18:04   922672   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2009-12-04 17:57 . 2009-12-04 18:04   958000   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2009-12-04 17:57 . 2009-12-04 18:04   760368   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2009-12-04 17:57 . 2009-12-04 18:04   731696   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2009-12-04 17:57 . 2009-12-04 18:04   703024   ----a-w-   c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2009-12-01 20:54 . 2009-10-11 19:12   --------   d-----w-   c:\program files\Magiczne Bloczki
2009-12-01 20:39 . 2009-07-03 21:07   --------   d-----w-   c:\program files\Java
2009-09-15 14:32 . 2009-10-06 18:35   1963679   ----a-w-   c:\program files\z.JPG
2009-09-15 14:32 . 2009-09-15 14:29   1963679   ----a-w-   c:\program files\IMG_0127.JPG
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="c:\progra~1\AQQ\AQQ.exe" [2009-11-17 6807552]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-12-12 1800464]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ADOGMOUSE"="c:\program files\MC-907 Mouse\ADOGMOU.exe" [2006-11-15 475136]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EdgeCLS10.75.lnk - g:\edgecam85\Cam\edgecls.exe [2010-1-9 704512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuruIII]
2007-02-09 14:05   22528   ----a-w-   c:\program files\U-ABIT\uGuru\LaunchuGuru.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57   948672   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57   35760   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05   203416   ----a-w-   c:\program files\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-01-26 14:58   65536   ------w-   c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 12:36   36864   ----a-w-   c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17   149280   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:21   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2418636661-16594485-1138279367-1000]
"EnableNotificationsRef"=dword:00000002

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2009-07-02 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2009-07-02 29520]
R1 UGURU;UGURU;c:\windows\System32\drivers\uGuru.sys [2009-07-01 21048]
R2 MSSQL$ECSQLEXPRESS;SQL Server (ECSQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [2009-06-10 232960]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [2009-10-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-07-02 721904]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [2009-10-20 54272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\kb3f9jly.default\
FF - prefs.js: browser.startup.homepage - google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 20:29
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2010-01-21  20:32:57
ComboFix-quarantined-files.txt  2010-01-21 19:32
ComboFix2.txt  2010-01-20 20:44

Przed: 5 700 325 376 bajtów wolnych
Po: 5 643 034 624 bajtów wolnych

- - End Of File - - 59344064D9518855A3BF1AE08CD5F023


DDS.txt:
http://wklej.org/hash/33ad1482984/


Attach.txt:
http://wklej.org/hash/6d081d4c5d9/


Co do Anti-Malware, to jest czysto (same '0').

[wojtas]

wg, mnie jest ok

[Mike]

Też wydaje mi się, że jest ok - system pracuje bez zarzutu.

Jeszcze jedna sprawa... - po podłączeniu pendriva ten śmieć mógł też go zarazić? Podobnie z drugim kompem, który korzysta z moich plików (dysk sieciowy)?

[MUTOPOMPKA]

po podłączeniu pendriva ten śmieć mógł też go zarazić

Ależ oczywiście. wszystkie peny a raczej syfy na nich korzystają ze zmodyfikowanego pliczku autorun.inf podmieniając oyginalny na swój. Wtedy wpinając pena po wykryciu przez system automatycznie odpalany jest liczek autorun.inf (status systemowy, ukryty i tylko do odczytu). Potem już wiadomo -> infekcja.

Rozwiązaniem byłby zastosowanie softu blokującego wykonywanie autoruna np. poprzez Panda USB Vaccine lub podobnego programiku.

Autor postu otrzymał pochwałę

[Mike]

Mam wyłączoną funkcję autoodtwarzania - co za tym idzie... nie mam na pendrive pliku autorun.inf
Jednak wrzucałem jakieś pliki na niego - i tu kwestia pozostaje otwarta. Jak śmieć, którego miałem rozprzestrzenia się.
Dla pewności wrzucę jeszcze log z drugiego kompa.

DSS:

Kod: Zaznacz wszystko

DDS (Ver_09-12-01.01) - NTFSx86 
Run by user at 11:26:08,38 on 2010-01-23
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.48.1045.18.2045.1311 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AQQ\AQQ.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
D:\xampp-win32-1.7.1\xampp\apache\bin\httpd.exe
D:\xampp-win32-1.7.1\xampp\xampp-control.exe
D:\xampp-win32-1.7.1\xampp\mysql\bin\mysqld.exe
D:\xampp-win32-1.7.1\xampp\apache\bin\httpd.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\user\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 10.1.3.200:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [AQQ] c:\progra~1\aqq\AQQ.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\edgecl~1.lnk - d:\edgecam\cam\edgecls.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
AppInit_DLLs:    c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\wfcvxxip.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\reader 9.0\reader\browser\nppdf32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-7-3 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-7-3 29520]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-8 25896]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-13 234888]

=============== Created Last 30 ================

2010-01-16 17:37:59   0   d-----w-   c:\program files\common files\Bcgsoft
2010-01-15 15:12:42   0   d-----w-   c:\users\user\appdata\roaming\Softland
2010-01-15 15:12:41   7549   ----a-w-   c:\windows\system32\dopdf7.ctm
2010-01-15 15:12:41   21704   ----a-w-   c:\windows\system32\dopdfmn7.dll
2010-01-15 15:12:41   18632   ----a-w-   c:\windows\system32\dopdfmi7.dll
2010-01-15 15:12:39   0   d-----w-   c:\program files\Softland
2010-01-14 15:35:58   16   ---h--w-   c:\windows\system32\sgroq5m.dll
2010-01-14 15:35:16   0   d-----w-   c:\users\user\appdata\roaming\DassaultSystemes
2010-01-14 15:35:16   0   d-----w-   c:\programdata\DassaultSystemes
2010-01-14 15:34:09   676864   ----a-w-   c:\windows\system32\drivers\hardlock.sys
2010-01-14 15:28:49   0   d-----w-   c:\program files\common files\SolidWorks Shared
2010-01-14 15:20:44   9949   ------w-   c:\windows\system32\SENTINEL.HLP
2010-01-14 15:20:44   76288   ----a-w-   c:\windows\system32\drivers\SENTINEL.SYS
2010-01-14 15:20:44   50176   ----a-w-   c:\windows\system32\SNTI386.DLL
2010-01-14 15:20:44   18432   ----a-w-   c:\windows\system32\RNBOVDD.DLL
2010-01-14 15:20:43   0   d-----w-   c:\windows\system32\RNBOSENT
2010-01-14 15:20:40   2624   ----a-w-   c:\windows\system32\config.hsp
2010-01-10 20:32:59   0   d-----w-   c:\program files\DjVuZone
2010-01-09 23:55:15   120238   ----a-w-   C:\obraz_idealny.tif
2009-12-30 11:43:40   249223611   ----a-w-   c:\windows\MEMORY.DMP

==================== Find3M  ====================

2010-01-23 10:08:35   3946612   ----a-w-   c:\windows\system32\perfh015.dat
2010-01-23 10:08:35   1302938   ----a-w-   c:\windows\system32\perfc015.dat
2010-01-20 06:45:37   171552   ----a-w-   c:\windows\system32\guard32.dll
2010-01-20 06:45:36   29520   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2010-01-20 06:45:36   128376   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2010-01-14 15:35:21   86016   ----a-w-   c:\windows\system32\kysysu5.dll
2010-01-14 15:34:54   51200   ----a-w-   c:\windows\inf\infpub.dat
2010-01-14 15:34:54   143360   ----a-w-   c:\windows\inf\infstrng.dat
2010-01-14 15:34:53   86016   ----a-w-   c:\windows\inf\infstor.dat
2010-01-05 08:29:49   1474832   ----a-w-   c:\windows\system32\drivers\sfi.dat
2009-12-27 11:46:21   111928   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-11-07 11:22:31   1530728   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-03 18:34:38   85504   ----a-w-   c:\windows\system32\ff_vfw.dll
2008-01-21 06:23:01   37468   ----a-w-   c:\windows\inf\perflib\0415\perfd.dat
2008-01-21 06:23:01   37468   ----a-w-   c:\windows\inf\perflib\0415\perfc.dat
2008-01-21 06:23:01   332832   ----a-w-   c:\windows\inf\perflib\0415\perfi.dat
2008-01-21 06:23:01   332832   ----a-w-   c:\windows\inf\perflib\0415\perfh.dat
2008-01-21 02:43:21   174   --sha-w-   c:\program files\desktop.ini
2008-01-21 02:32:28   665600   ----a-w-   c:\windows\inf\drvindex.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfc.dat
2009-09-29 15:07:44   16384   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-09-29 15:07:44   32768   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-09-29 15:07:44   16384   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-06 21:07:54   16384   --sha-w-   c:\windows\temp\cookies\index.dat
2009-07-06 21:07:54   16384   --sha-w-   c:\windows\temp\history\history.ie5\index.dat
2009-07-06 21:07:54   16384   --sha-w-   c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 11:26:29,33 ===============


OTL:
http://wklej.org/hash/0f1365aa4a4/

Extras.txt

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2010-01-23 11:30:21 - Run 1
OTL by OldTimer - Version 3.1.26.0     Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,23 Gb Total Space | 6,01 Gb Free Space | 17,55% Space Free | Partition Type: NTFS
Drive D: | 51,00 Gb Total Space | 24,91 Gb Free Space | 48,83% Space Free | Partition Type: NTFS
Drive E: | 47,26 Gb Total Space | 4,38 Gb Free Space | 9,28% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 49,75 Gb Total Space | 30,51 Gb Free Space | 61,33% Space Free | Partition Type: NTFS

Computer Name: user-LAPIK
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4280630662-3622509087-211913346-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4280630662-3622509087-211913346-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DF238C-362A-4927-BB16-5A636DDA8885}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0A4F9E6B-FF9B-4BC1-B5A2-DB6DE34C24E7}" = rport=445 | protocol=6 | dir=out | app=system |
"{17E4CE15-DC26-4C35-B83D-6C405E9BF5C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{29D2CFCF-3232-4449-A012-74F0D1D2DCEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{364811A7-B149-4F1A-91E2-14E8DE797884}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43D04AD8-EA8A-4732-B4AC-B1ECCD43B6A9}" = rport=137 | protocol=17 | dir=out | app=system |
"{5EB57223-FF77-4760-B80E-A78C3505A1D9}" = lport=138 | protocol=17 | dir=in | app=system |
"{6C5A1B88-1C04-4E35-8920-969270CF2F71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72D4C19F-5B62-441E-81C8-878671A7DD03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73163BC5-E34D-436C-BE85-B6BC70C3F998}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{82585298-3E6D-4150-84B1-442278686B7F}" = lport=137 | protocol=17 | dir=in | app=system |
"{99BC17C1-67EF-4265-9B2B-869D912E2B0D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A028EB5B-1440-4A06-A984-1F7613EB8CD4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ABEBC64D-B204-4610-A77D-1D6947731C9D}" = rport=139 | protocol=6 | dir=out | app=system |
"{BB795BD3-32CA-4640-9F67-E1CC591CB6DC}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFEF1628-997B-4B1F-8447-53043F27E629}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C297D43C-0865-48A7-8EDF-D3D0965935C2}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{F1B80652-6C96-42B4-AC57-301E8F68FDFB}" = lport=445 | protocol=6 | dir=in | app=system |
"{F46AB93C-30D3-45D1-8261-0AAB57D8A672}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1403C4D1-9D94-4FC3-8C46-71C63B1BAA68}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{29EDF361-8129-405C-96AB-7F917A71A0D1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4E9D9E16-393E-4523-9B25-E83A588A1152}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{57D68980-5228-4690-8313-81287342DB64}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5EF33C9E-00C1-44C6-A8B1-BABBAA268FFF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{61707A0C-2495-4856-984C-BE3E25C9B527}" = protocol=17 | dir=in | app=d:\gry\cod5\codwaw.exe |
"{7FE5911D-5630-4AEB-9043-C4AA9C792A48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8CA2659C-EE77-447F-841C-97C42BCF65E5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{98A80411-E787-4449-BF3F-2C03914C9528}" = protocol=17 | dir=in | app=d:\gry\cod5\codwawmp.exe |
"{ADD0EB0D-2E13-44F1-9686-5084B9525C67}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0470C78-AF14-4D30-B94A-721E59CF288D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B9D9ECB9-AA08-4FCB-AF6B-B7533EFE6BFA}" = protocol=6 | dir=in | app=d:\gry\cod5\codwaw.exe |
"{BABF9644-E4E6-4CA4-8486-F96D6B7C4662}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C35D5717-FC29-40A2-B0EC-538B9A0AED51}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C3E0D284-F04C-4722-BD1C-E4964F91DABF}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D2001F42-6A63-4DFE-8DD8-C031479ED540}" = protocol=6 | dir=in | app=d:\gry\cod5\codwawmp.exe |
"{E959AF1B-144D-44BA-AD7F-BFCC48177FC7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{3283F02E-C57F-48CF-B6AE-BDD766B66485}D:\xampp-win32-1.7.1\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp-win32-1.7.1\xampp\apache\bin\httpd.exe |
"TCP Query User{4DA218C1-9529-41B5-A864-669B5CA4A781}C:\program files\webserv\mysql\bin\webserv(mysqld).exe" = protocol=6 | dir=in | app=c:\program files\webserv\mysql\bin\webserv(mysqld).exe |
"TCP Query User{6FBCA545-01AB-4178-BF88-E407B008BA70}D:\xampp-win32-1.7.1\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp-win32-1.7.1\xampp\mysql\bin\mysqld.exe |
"TCP Query User{94D2E05E-8850-47E1-A22D-3EE3781BA424}C:\program files\aqq\aqq.exe" = protocol=6 | dir=in | app=c:\program files\aqq\aqq.exe |
"TCP Query User{A212BA18-F010-4C9E-9219-1A497514542D}D:\xampp-win32-1.7.1\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp-win32-1.7.1\xampp\apache\bin\httpd.exe |
"TCP Query User{A469CA71-A659-4498-BD71-7460802BAC5F}C:\program files\webserv\mysql\bin\webserv(mysqld).exe" = protocol=6 | dir=in | app=c:\program files\webserv\mysql\bin\webserv(mysqld).exe |
"TCP Query User{A4D62CFB-0605-4A2F-9134-CE4AE65FD0B8}D:\gry\cod5\codwaw.exe" = protocol=6 | dir=in | app=d:\gry\cod5\codwaw.exe |
"TCP Query User{A7ECCDDD-15CA-4D4F-B12C-30D496CEC153}C:\program files\aqq\aqq.exe" = protocol=6 | dir=in | app=c:\program files\aqq\aqq.exe |
"TCP Query User{D31410CD-1BF3-47E5-8274-5DE9996F2F12}C:\program files\webserv\apache2\bin\webserv(apache).exe" = protocol=6 | dir=in | app=c:\program files\webserv\apache2\bin\webserv(apache).exe |
"TCP Query User{D32A193F-7D56-4433-9291-4ED416F58774}D:\xampp-win32-1.7.1\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp-win32-1.7.1\xampp\mysql\bin\mysqld.exe |
"TCP Query User{ECE3215E-3E39-44FF-9FE5-BB0CC587C35F}C:\program files\webserv\apache2\bin\webserv(apache).exe" = protocol=6 | dir=in | app=c:\program files\webserv\apache2\bin\webserv(apache).exe |
"TCP Query User{F04F7881-1AEE-4197-810A-F87425B96E95}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F46B0890-28CE-4977-9634-157434EE0B90}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{12B52B1F-AE76-4628-8B23-FA144A3F6735}C:\program files\webserv\mysql\bin\webserv(mysqld).exe" = protocol=17 | dir=in | app=c:\program files\webserv\mysql\bin\webserv(mysqld).exe |
"UDP Query User{267120D4-EF22-48DC-962D-B13C895BC1DB}C:\program files\webserv\mysql\bin\webserv(mysqld).exe" = protocol=17 | dir=in | app=c:\program files\webserv\mysql\bin\webserv(mysqld).exe |
"UDP Query User{2983C77C-D119-46A3-BA40-27A053DD8777}D:\xampp-win32-1.7.1\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp-win32-1.7.1\xampp\mysql\bin\mysqld.exe |
"UDP Query User{4FD9AAD1-76D9-48D5-BC03-AF246B3F768C}D:\gry\cod5\codwaw.exe" = protocol=17 | dir=in | app=d:\gry\cod5\codwaw.exe |
"UDP Query User{6869CC9F-AAF1-4DE1-B68C-885A15E4BF0D}D:\xampp-win32-1.7.1\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp-win32-1.7.1\xampp\mysql\bin\mysqld.exe |
"UDP Query User{689FD43E-FD5C-4151-826D-2A52EAECD82A}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{7E283C16-0610-4830-BBC5-66DF442D9CF9}C:\program files\webserv\apache2\bin\webserv(apache).exe" = protocol=17 | dir=in | app=c:\program files\webserv\apache2\bin\webserv(apache).exe |
"UDP Query User{85BFC3CC-C187-483A-BCC5-0C865AAD30ED}D:\xampp-win32-1.7.1\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp-win32-1.7.1\xampp\apache\bin\httpd.exe |
"UDP Query User{BA837402-E1E7-4A4D-9581-A6BC32A53FF2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CE7198ED-A1F1-4AE7-9A0A-B10361BAE3F4}D:\xampp-win32-1.7.1\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp-win32-1.7.1\xampp\apache\bin\httpd.exe |
"UDP Query User{E3A0132C-84C0-446A-93CB-EC3C9346011A}C:\program files\aqq\aqq.exe" = protocol=17 | dir=in | app=c:\program files\aqq\aqq.exe |
"UDP Query User{EF1F30E9-D221-4771-9EDA-C2C788289CF5}C:\program files\aqq\aqq.exe" = protocol=17 | dir=in | app=c:\program files\aqq\aqq.exe |
"UDP Query User{FE31A06C-4113-47C2-87ED-DD44125B0F1D}C:\program files\webserv\apache2\bin\webserv(apache).exe" = protocol=17 | dir=in | app=c:\program files\webserv\apache2\bin\webserv(apache).exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}" = Corel Painter X
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{036EB57A-C65F-4EB8-9E85-30E2E9B01EEB}" = Adobe Flash CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0ACA85DC-4542-11D5-AF00-0010B5A02D6F}" = Kyocera Address Editor
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F5F5148-011D-1569-1721-DDD149335A43}" = Skins
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{108FAA6F-DEEE-48EA-B3A9-1C5EB2605A6B}" = PL
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B48DAD-25A7-4861-A6FB-58C237214353}" = MySQL Workbench 5.1 OSS
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{214804FC-7180-41ED-828C-1ADD2A214A07}" = EdgeCAM
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58AC7F59-BD8E-9BD0-ECC3-2EA14A7795E5}" = ATI Catalyst Install Manager
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{61C79AE1-5403-4687-AC68-28BFA5EF3895}" = KyoceraMita Scanner File Utility
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B84DA7C-D49E-0794-3F7F-AA25F99DA6EB}" = CCC Help Polish
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75324DDC-D7D8-4CA1-9E10-85C439948516}" = Adobe Setup
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EDFCB74-81C0-4FB6-9FDF-1BC7CD098638}" = Adobe InDesign CS3
"{7F0F5F58-0EE4-4DAB-B5C2-C047A250C696}" = Adobe Setup
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{835CBAF9-B897-1564-CEC2-457342DFF82B}" = Catalyst Control Center Graphics Previews Vista
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{871D8512-6B5E-A35C-A175-6133CF88219C}" = Catalyst Control Center Graphics Light
"{87C01F42-7CFE-C35C-3BE3-46A858290E66}" = ccc-core-static
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8B561EC5-E05B-1710-418E-9D2B4CCE074A}" = Catalyst Control Center Graphics Full New
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}" = Corel Painter X
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9B6754B3-8E30-46E2-AC63-42472970C40D}_is1" = WebHat Web Gallery 1.5
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1.2 - Polish
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC1ADEAD-99F1-4707-B31B-CDB222D5BB68}" = Catalyst Control Center - Branding
"{BC281424-2BA0-43A6-99CF-A458B5450FCF}" = Adobe Flash Video Encoder
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB3B7C24-30A1-4961-8039-94919F5ED2EE}" = Noiseware Community Edition
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF788831-2736-0D1C-96B3-12B645CD4FA5}" = Catalyst Control Center Localization Polish
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D3A225D8-B453-3104-F4DC-08716249C980}" = Catalyst Control Center Core Implementation
"{D7AC14D4-64C0-4FAD-ABA9-C1A52EBB163E}" = EdgeCAM
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FE974A-E5CE-6CB0-DE23-0C1114810436}" = Catalyst Control Center Graphics Full Existing
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F45810DD-FE54-243F-F9C5-BC7577F44F1F}" = ccc-utility
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_71a8bf4cec3050e55425a301eec8315" = Adobe Flash CS3 Professional
"Adobe_c6130331409d42b2f62a7cc73ec2c87" = Adobe InDesign CS3
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AQQ" = WapSter AQQ
"Ask Toolbar_is1" = Ask Toolbar
"Codec_is1" = Codec 8.3o
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Internet Security" = COMODO Internet Security
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Pakiet sterowników systemu Windows - Nokia Modem  (02/24/2009 4.0)
"Dia" = Dia (remove only)
"DjVuLibre+DjView" = DjVuLibre+DjView
"doPDF 7 printer_is1" = doPDF 7.0 printer
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Pakiet sterowników systemu Windows - Nokia Modem  (02/23/2009 7.01.0.2)
"Farm Frenzy - Pizza Party!" = Farm Frenzy - Pizza Party!
"Farm Frenzy 3 1.00" = Farm Frenzy 3 1.00
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"HTPE3" = HyperTerminal Private Edition v6.3
"ImgBurn" = ImgBurn
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Hasło administratora
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"MatlabR2007a" = MATLAB R2007a
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"Nokia PC Suite" = Nokia PC Suite
"Pajączek 5 NxG PRO_is1" = Pajączek 5 NxG PRO - Deinstalacja
"PhotoFiltre" = PhotoFiltre
"PunkBusterSvc" = PunkBuster Services
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealAlt_is1" = Real Alternative 1.9.0
"Realterm" = Realterm 2.0.0.57
"SubEdit-Player_is1" = SubEdit-Player
"TC PowerPack" = TC PowerPack 1.7
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Turbo Pascal 7.0" = Turbo Pascal 7.0
"WebServ_is1" = WebServ 2.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-4280630662-3622509087-211913346-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


[wojtas]

Podepnij dysk przenośny (pendrive, kara pamięci). Wejdź w Start >>> Uruchom >>> CMD i wpisz polecenie:

X:

(za X podstaw literę pod jaką jest widoczny dysk przenośny)

Następnie wpisz polecenie tworzenia raportu:

DIR /A:H >C:\LOG.TXT & start notepad C:\LOG.TXT

Wklejasz zawartość pliku log.txt na forum oraz log z combofixa z tego 2 kompa bo ta sama infekcja ..

[jarski185]

Mam wyłączoną funkcję autoodtwarzania - co za tym idzie... nie mam na pendrive pliku autorun.inf

to nie daje 100% pewności, że jesteś zabezpieczony-nalezy użyć czegoś w stylu tego programu, ktory polecil Mutopompka, wiecej tutaj-http://www.searchengines.pl/Infekcje-z-pendrive-mediow-przenosnych-t94761.html zwlaszcza post pt. Zapobieganie infekcji z pendrive

Autor postu otrzymał pochwałę

[Mike]

Pliki ukryte z pendriva:

Kod: Zaznacz wszystko

Wolumin w stacji H to MIKE013
Numer seryjny woluminu: 78ED-6435

Katalog: H:\

2009-10-18  21:56            13 639 ldlinux.sys
               1 plik(ów)             13 639 bajtów
               0 katalog(ów)     196 079 616 bajtów wolnych

Combofix:

Kod: Zaznacz wszystko

ComboFix 10-01-22.03 - user 2010-01-23  12:02:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.48.1045.18.2045.1128 [GMT 1:00]
Uruchomiony z: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
C:\LOG.TXT
c:\users\user\AppData\Roaming\EurekaLog
c:\windows\Help\help
c:\windows\Help\help\en-US\Help.h1c
c:\windows\Help\help\en-US\Help.H1T
c:\windows\Help\help\en-US\Help_AssetId.H1K
c:\windows\Help\help\en-US\Help_BestBet.H1K
c:\windows\Help\help\en-US\Help_LinkTerm.H1K
c:\windows\Help\help\en-US\Help_SubjectTerm.H1K
c:\windows\Help\help\en-US\stopwrds.stp
c:\windows\Help\help\pl-PL\Help.h1c
c:\windows\Help\help\pl-PL\Help.H1T
c:\windows\Help\help\pl-PL\Help_AssetId.H1K
c:\windows\Help\help\pl-PL\Help_BestBet.H1K
c:\windows\Help\help\pl-PL\Help_LinkTerm.H1K
c:\windows\Help\help\pl-PL\Help_SubjectTerm.H1K
c:\windows\Help\help\pl-PL\resources.H1S
c:\windows\Help\help\pl-PL\stopwrds.stp
c:\windows\Help\help\pl-PL\stylec.h1s
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\vz0nkba.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-12-23 do 2010-01-23  )))))))))))))))))))))))))))))))
.

2010-01-16 17:37 . 2010-01-16 17:37   --------   d-----w-   c:\program files\Common Files\Bcgsoft
2010-01-15 15:12 . 2010-01-15 15:12   --------   d-----w-   c:\users\user\AppData\Roaming\Softland
2010-01-15 15:12 . 2010-01-05 15:24   21704   ----a-w-   c:\windows\system32\dopdfmn7.dll
2010-01-15 15:12 . 2010-01-05 15:24   18632   ----a-w-   c:\windows\system32\dopdfmi7.dll
2010-01-15 15:12 . 2010-01-15 15:12   --------   d-----w-   c:\program files\Softland
2010-01-14 20:44 . 2010-01-14 20:44   --------   d-----w-   c:\users\user\AppData\Roaming\DivX
2010-01-14 15:35 . 2008-01-21 02:24   16   ---h--w-   c:\windows\system32\sgroq5m.dll
2010-01-14 15:34 . 2004-07-14 11:54   676864   ----a-w-   c:\windows\system32\drivers\hardlock.sys
2010-01-14 15:28 . 2010-01-14 15:29   --------   d-----w-   c:\program files\Common Files\SolidWorks Shared
2010-01-14 15:20 . 2003-04-17 09:02   50176   ----a-w-   c:\windows\system32\SNTI386.DLL
2010-01-14 15:20 . 2003-04-17 09:02   76288   ----a-w-   c:\windows\system32\drivers\SENTINEL.SYS
2010-01-14 15:20 . 2003-04-17 09:02   18432   ----a-w-   c:\windows\system32\RNBOVDD.DLL
2010-01-14 15:20 . 2010-01-14 15:20   --------   d-----w-   c:\windows\system32\RNBOSENT
2010-01-10 20:32 . 2010-01-10 20:32   --------   d-----w-   c:\program files\DjVuZone

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 11:08 . 2008-01-21 06:24   3973436   ----a-w-   c:\windows\system32\perfh015.dat
2010-01-23 11:08 . 2008-01-21 06:24   1312566   ----a-w-   c:\windows\system32\perfc015.dat
2010-01-23 10:59 . 2009-07-02 19:34   12   ----a-w-   c:\windows\bthservsdp.dat
2010-01-23 09:59 . 2009-07-02 19:10   1356   ----a-w-   c:\users\user\AppData\Local\d3d9caps.dat
2010-01-22 20:42 . 2009-07-02 21:35   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-01-22 17:04 . 2009-07-03 14:45   --------   d-----w-   c:\users\user\AppData\Roaming\uTorrent
2010-01-20 06:46 . 2009-07-02 23:01   74328   ----a-w-   c:\windows\system32\drivers\inspect.sys
2010-01-20 06:45 . 2009-07-02 23:01   171552   ----a-w-   c:\windows\system32\guard32.dll
2010-01-20 06:45 . 2009-07-02 23:01   29520   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2010-01-20 06:45 . 2009-07-02 23:01   128376   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2010-01-17 17:08 . 2009-07-02 20:57   --------   d-----w-   c:\users\user\AppData\Roaming\BESTplayer
2010-01-15 19:43 . 2009-10-19 09:44   --------   d-----w-   c:\users\user\AppData\Roaming\Corel
2010-01-15 19:43 . 2009-10-24 09:34   848   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-01-14 15:35 . 2010-01-14 15:35   86016   ----a-w-   c:\windows\system32\kysysu5.dll
2010-01-14 15:35 . 2010-01-14 15:35   1025   ----a-w-   c:\windows\system32\clauth2.dll
2010-01-14 15:35 . 2010-01-14 15:35   1025   ----a-w-   c:\windows\system32\clauth1.dll
2010-01-14 15:35 . 2010-01-14 15:35   1024   ----a-w-   c:\windows\system32\grcauth2.dll
2010-01-14 15:35 . 2010-01-14 15:35   1024   ----a-w-   c:\windows\system32\grcauth1.dll
2010-01-14 15:35 . 2010-01-14 15:35   --------   d-----w-   c:\users\user\AppData\Roaming\DassaultSystemes
2010-01-14 15:35 . 2010-01-14 15:35   --------   d-----w-   c:\programdata\DassaultSystemes
2010-01-14 15:28 . 2009-07-02 19:29   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-01-13 12:19 . 2009-07-02 21:35   --------   d-----w-   c:\users\user\AppData\Roaming\Thunderbird
2009-12-29 21:38 . 2009-08-13 11:52   --------   d-----w-   c:\programdata\FarmFrenzy-PizzaParty
2009-12-27 11:46 . 2009-07-31 11:12   111928   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-12-17 09:03 . 2009-10-28 15:17   --------   d-----w-   c:\users\user\AppData\Roaming\gtk-2.0
2009-11-29 18:52 . 2009-11-29 18:51   --------   d-----w-   c:\users\user\AppData\Roaming\Cream Software
2009-11-29 18:51 . 2009-11-29 18:51   --------   d-----w-   c:\program files\Cream Software
2009-11-07 11:22 . 2009-07-24 20:26   1530728   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-03 18:34 . 2009-11-08 19:17   85504   ----a-w-   c:\windows\system32\ff_vfw.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47   333192   ----a-w-   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="c:\progra~1\AQQ\AQQ.exe" [2009-11-17 6807552]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-09 4444160]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-20 1800464]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EdgeCLS10.75.lnk - d:\edgecam\Cam\edgecls.exe [2010-1-14 704512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner File Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk
backup=c:\windows\pss\Scanner File Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10   35696   ----a-w-   c:\program files\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58   611712   ----a-w-   c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-09 16:43   180224   ----a-w-   c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 14:40   413696   ----a-w-   c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-01-26 13:58   65536   ------w-   c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 14:15   221184   ----a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 14:15   81920   ----a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-12-19 15:12   83336   ----a-w-   c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-06 15:14   34352   ----a-w-   c:\program files\TOSHIBA\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-03-20 12:32   1312256   ----a-w-   c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-04 18:56   148888   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280630662-3622509087-211913346-1000]
"EnableNotificationsRef"=dword:00000001

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2009-07-03 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2009-07-03 29520]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2009-07-08 25896]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-07-02 721904]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-07-13 234888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 10.1.3.200:8080
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wfcvxxip.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Reader 9.0\Reader\browser\nppdf32.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -

AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} - c:\program files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 12:16
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\guard32.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\guard32.dll
.
Czas ukończenia: 2010-01-23  12:20:36
ComboFix-quarantined-files.txt  2010-01-23 11:20

Przed: 6 708 432 896 bajtów wolnych
Po: 6 841 188 352 bajtów wolnych

- - End Of File - - 3DD760E7B81470C92CCA6CAEA2DBA430


[wojtas]

odinstaluj ask toolbar

Otworz notatnik i wklej w nim to:

File::
C:\Windows\System32\emh727q.dll
C:\Windows\System32\sdlshgb.dll
C:\Windows\System32\kv52taf.dll
C:\Windows\System32\gjzlq9s.dll
C:\Windows\System32\vzyqvfh.dll
C:\Windows\System32\qpb68k8.dll
C:\Windows\System32\qve7xvr.dll
C:\Windows\System32\m67s30d.dll
C:\Windows\System32\fhtjs5w.dll
C:\Windows\System32\w3jddga.dll
C:\Windows\System32\moicoqy.dll
C:\Windows\System32\r3504cn.dll
C:\Windows\System32\og2yv47.dll
C:\Windows\System32\qppohzo.dll
C:\Windows\System32\b0oarjz.dll
C:\Windows\System32\sbwr5w6.dll
C:\Windows\System32\khspd1x.dll
C:\Windows\System32\r1z1qrc.dll
C:\Windows\System32\eqzz7q3.dll
C:\Windows\System32\qi4kmbt.dll
C:\Windows\System32\o68o3jr.dll
C:\Windows\System32\qf47url.dll
C:\Windows\System32\teict2z.dll
C:\Windows\System32\b3luwtz.dll
C:\Windows\System32\vj5ccqi.dll
C:\Windows\System32\ugsg9ee.dll
C:\Windows\System32\we91eyj.dll
C:\Windows\System32\unk0vr0.dll
C:\Windows\System32\rm61sy8.dll
C:\Windows\System32\l6u303w.dll
C:\Windows\System32\dek2q0s.dll
C:\Windows\System32\btzwjoc.dll
C:\Windows\System32\xzcqzxr.dll
C:\Windows\System32\u9nid94.dll
C:\Windows\System32\sm0vy36.dll
C:\Windows\System32\hja4s58.dll
C:\Windows\System32\i2u1rpp.dll
C:\Windows\System32\mbsr8x5.dll
C:\Windows\System32\sgroq5m.dll
C:\Windows\System32\ny7pthn.dll
C:\Windows\System32\lgnkaeh.dll
C:\Windows\System32\r3wnok3.dll
C:\Windows\System32\t3oikx3.dll
C:\Windows\System32\whrvi8j.dll
C:\Windows\System32\psu07oo.dll
C:\Windows\System32\svgd18j.dll
C:\Windows\System32\gsg9rhw.dll
C:\Windows\System32\d523tik.dll
C:\Windows\System32\d1ucoul.dll
C:\Windows\System32\xkdp0he.dll
C:\Windows\System32\qxifzao.dll
C:\Windows\System32\zfatp2b.dll
C:\Windows\System32\j82dy4z.dll
C:\Windows\System32\puebqjh.dll
C:\Windows\System32\p1gti3g.dll
C:\Windows\System32\ilexiq0.dll
C:\Windows\System32\yg51rnp.dll
C:\Windows\System32\rvxeh2g.dll
C:\Windows\System32\klu37si.dll
C:\Windows\System32\kevl7am.dll
C:\Windows\System32\edau9f2.dll
C:\Windows\System32\yhdfh9b.dll
C:\Windows\System32\gdb26uj.dll
C:\Windows\System32\mtf8ftp.dll
C:\Windows\System32\u16iw4k.dll
C:\Windows\System32\dicb9cc.dll
C:\Windows\System32\ycu9glx.dll
C:\Windows\System32\wcgl2ka.dll
C:\Windows\System32\fmz6ipk.dll
C:\Windows\System32\x6a6jd1.dll
C:\Windows\System32\vkg44zc.dll
C:\Windows\System32\am3ota9.dll
C:\Windows\System32\jg3uvk8.dll
C:\Windows\System32\daxyr8e.dll
C:\Windows\System32\cg8a9oj.dll
C:\Windows\System32\q8dghnn.dll
C:\Windows\System32\dntbhlb.dll
C:\Windows\System32\kysysu5.dll
C:\Windows\System32\kysysu5.tgz
C:\Windows\System32\clauth2.dll
C:\Windows\System32\clauth1.dll
C:\Windows\System32\grcauth2.dll
C:\Windows\System32\grcauth1.dll
C:\Windows\System32\vz0nkba.tgz
C:\Windows\System32\vz0nkba.dll
C:\Windows\System32\prsgrc.tgz
C:\Windows\System32\prsgrc.dll
C:\Windows\System32\ssprs.tgz
C:\Windows\System32\ssprs.dll
C:\Windows\System32\a8c741v.dll
Driver::
ASKUpgrade

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

zrób skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie ) i daj raport ze skanu oraz log z combo

[Mike]

Combofix:

Kod: Zaznacz wszystko

ComboFix 10-01-22.03 - user 2010-01-23  16:10:02.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.48.1045.18.2045.1192 [GMT 1:00]
Uruchomiony z: c:\users\user\Desktop\ComboFix.exe
Użyto następujących komend :: c:\users\user\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\System32\a8c741v.dll"
"c:\windows\System32\am3ota9.dll"
"c:\windows\System32\b0oarjz.dll"
"c:\windows\System32\b3luwtz.dll"
"c:\windows\System32\btzwjoc.dll"
"c:\windows\System32\cg8a9oj.dll"
"c:\windows\System32\clauth1.dll"
"c:\windows\System32\clauth2.dll"
"c:\windows\System32\d1ucoul.dll"
"c:\windows\System32\d523tik.dll"
"c:\windows\System32\daxyr8e.dll"
"c:\windows\System32\dek2q0s.dll"
"c:\windows\System32\dicb9cc.dll"
"c:\windows\System32\dntbhlb.dll"
"c:\windows\System32\edau9f2.dll"
"c:\windows\System32\emh727q.dll"
"c:\windows\System32\eqzz7q3.dll"
"c:\windows\System32\fhtjs5w.dll"
"c:\windows\System32\fmz6ipk.dll"
"c:\windows\System32\gdb26uj.dll"
"c:\windows\System32\gjzlq9s.dll"
"c:\windows\System32\grcauth1.dll"
"c:\windows\System32\grcauth2.dll"
"c:\windows\System32\gsg9rhw.dll"
"c:\windows\System32\hja4s58.dll"
"c:\windows\System32\i2u1rpp.dll"
"c:\windows\System32\ilexiq0.dll"
"c:\windows\System32\j82dy4z.dll"
"c:\windows\System32\jg3uvk8.dll"
"c:\windows\System32\kevl7am.dll"
"c:\windows\System32\khspd1x.dll"
"c:\windows\System32\klu37si.dll"
"c:\windows\System32\kv52taf.dll"
"c:\windows\System32\kysysu5.dll"
"c:\windows\System32\kysysu5.tgz"
"c:\windows\System32\l6u303w.dll"
"c:\windows\System32\lgnkaeh.dll"
"c:\windows\System32\m67s30d.dll"
"c:\windows\System32\mbsr8x5.dll"
"c:\windows\System32\moicoqy.dll"
"c:\windows\System32\mtf8ftp.dll"
"c:\windows\System32\ny7pthn.dll"
"c:\windows\System32\o68o3jr.dll"
"c:\windows\System32\og2yv47.dll"
"c:\windows\System32\p1gti3g.dll"
"c:\windows\System32\prsgrc.dll"
"c:\windows\System32\prsgrc.tgz"
"c:\windows\System32\psu07oo.dll"
"c:\windows\System32\puebqjh.dll"
"c:\windows\System32\q8dghnn.dll"
"c:\windows\System32\qf47url.dll"
"c:\windows\System32\qi4kmbt.dll"
"c:\windows\System32\qpb68k8.dll"
"c:\windows\System32\qppohzo.dll"
"c:\windows\System32\qve7xvr.dll"
"c:\windows\System32\qxifzao.dll"
"c:\windows\System32\r1z1qrc.dll"
"c:\windows\System32\r3504cn.dll"
"c:\windows\System32\r3wnok3.dll"
"c:\windows\System32\rm61sy8.dll"
"c:\windows\System32\rvxeh2g.dll"
"c:\windows\System32\sbwr5w6.dll"
"c:\windows\System32\sdlshgb.dll"
"c:\windows\System32\sgroq5m.dll"
"c:\windows\System32\sm0vy36.dll"
"c:\windows\System32\ssprs.dll"
"c:\windows\System32\ssprs.tgz"
"c:\windows\System32\svgd18j.dll"
"c:\windows\System32\t3oikx3.dll"
"c:\windows\System32\teict2z.dll"
"c:\windows\System32\u16iw4k.dll"
"c:\windows\System32\u9nid94.dll"
"c:\windows\System32\ugsg9ee.dll"
"c:\windows\System32\unk0vr0.dll"
"c:\windows\System32\vj5ccqi.dll"
"c:\windows\System32\vkg44zc.dll"
"c:\windows\System32\vz0nkba.dll"
"c:\windows\System32\vz0nkba.tgz"
"c:\windows\System32\vzyqvfh.dll"
"c:\windows\System32\w3jddga.dll"
"c:\windows\System32\wcgl2ka.dll"
"c:\windows\System32\we91eyj.dll"
"c:\windows\System32\whrvi8j.dll"
"c:\windows\System32\x6a6jd1.dll"
"c:\windows\System32\xkdp0he.dll"
"c:\windows\System32\xzcqzxr.dll"
"c:\windows\System32\ycu9glx.dll"
"c:\windows\System32\yg51rnp.dll"
"c:\windows\System32\yhdfh9b.dll"
"c:\windows\System32\zfatp2b.dll"
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG.TXT
c:\windows\System32\a8c741v.dll
c:\windows\System32\am3ota9.dll
c:\windows\System32\b0oarjz.dll
c:\windows\System32\b3luwtz.dll
c:\windows\System32\btzwjoc.dll
c:\windows\System32\cg8a9oj.dll
c:\windows\System32\clauth1.dll
c:\windows\System32\clauth2.dll
c:\windows\System32\d1ucoul.dll
c:\windows\System32\d523tik.dll
c:\windows\System32\daxyr8e.dll
c:\windows\System32\dek2q0s.dll
c:\windows\System32\dicb9cc.dll
c:\windows\System32\dntbhlb.dll
c:\windows\System32\edau9f2.dll
c:\windows\System32\emh727q.dll
c:\windows\System32\eqzz7q3.dll
c:\windows\System32\fhtjs5w.dll
c:\windows\System32\fmz6ipk.dll
c:\windows\System32\gdb26uj.dll
c:\windows\System32\gjzlq9s.dll
c:\windows\System32\grcauth1.dll
c:\windows\System32\grcauth2.dll
c:\windows\System32\gsg9rhw.dll
c:\windows\System32\hja4s58.dll
c:\windows\System32\i2u1rpp.dll
c:\windows\System32\ilexiq0.dll
c:\windows\System32\j82dy4z.dll
c:\windows\System32\jg3uvk8.dll
c:\windows\System32\kevl7am.dll
c:\windows\System32\khspd1x.dll
c:\windows\System32\klu37si.dll
c:\windows\System32\kv52taf.dll
c:\windows\System32\kysysu5.dll
c:\windows\System32\kysysu5.tgz
c:\windows\System32\l6u303w.dll
c:\windows\System32\lgnkaeh.dll
c:\windows\System32\m67s30d.dll
c:\windows\System32\mbsr8x5.dll
c:\windows\System32\moicoqy.dll
c:\windows\System32\mtf8ftp.dll
c:\windows\System32\ny7pthn.dll
c:\windows\System32\o68o3jr.dll
c:\windows\System32\og2yv47.dll
c:\windows\System32\p1gti3g.dll
c:\windows\System32\prsgrc.tgz
c:\windows\System32\psu07oo.dll
c:\windows\System32\puebqjh.dll
c:\windows\System32\q8dghnn.dll
c:\windows\System32\qf47url.dll
c:\windows\System32\qi4kmbt.dll
c:\windows\System32\qpb68k8.dll
c:\windows\System32\qppohzo.dll
c:\windows\System32\qve7xvr.dll
c:\windows\System32\qxifzao.dll
c:\windows\System32\r1z1qrc.dll
c:\windows\System32\r3504cn.dll
c:\windows\System32\r3wnok3.dll
c:\windows\System32\rm61sy8.dll
c:\windows\System32\rvxeh2g.dll
c:\windows\System32\sbwr5w6.dll
c:\windows\System32\sdlshgb.dll
c:\windows\System32\sgroq5m.dll
c:\windows\System32\sm0vy36.dll
c:\windows\System32\ssprs.tgz
c:\windows\System32\svgd18j.dll
c:\windows\System32\t3oikx3.dll
c:\windows\System32\teict2z.dll
c:\windows\System32\u16iw4k.dll
c:\windows\System32\u9nid94.dll
c:\windows\System32\ugsg9ee.dll
c:\windows\System32\unk0vr0.dll
c:\windows\System32\vj5ccqi.dll
c:\windows\System32\vkg44zc.dll
c:\windows\System32\vz0nkba.tgz
c:\windows\System32\vzyqvfh.dll
c:\windows\System32\w3jddga.dll
c:\windows\System32\wcgl2ka.dll
c:\windows\System32\we91eyj.dll
c:\windows\System32\whrvi8j.dll
c:\windows\System32\x6a6jd1.dll
c:\windows\System32\xkdp0he.dll
c:\windows\System32\xzcqzxr.dll
c:\windows\System32\ycu9glx.dll
c:\windows\System32\yg51rnp.dll
c:\windows\System32\yhdfh9b.dll
c:\windows\System32\zfatp2b.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-12-23 do 2010-01-23  )))))))))))))))))))))))))))))))
.

2010-01-23 15:22 . 2010-01-23 15:22   --------   d-----w-   c:\users\user\AppData\Local\temp
2010-01-23 15:22 . 2010-01-23 15:22   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-01-23 15:22 . 2010-01-23 15:22   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-01-16 17:37 . 2010-01-16 17:37   --------   d-----w-   c:\program files\Common Files\Bcgsoft
2010-01-15 15:12 . 2010-01-15 15:12   --------   d-----w-   c:\users\user\AppData\Roaming\Softland
2010-01-15 15:12 . 2010-01-05 15:24   21704   ----a-w-   c:\windows\system32\dopdfmn7.dll
2010-01-15 15:12 . 2010-01-05 15:24   18632   ----a-w-   c:\windows\system32\dopdfmi7.dll
2010-01-15 15:12 . 2010-01-15 15:12   --------   d-----w-   c:\program files\Softland
2010-01-14 20:44 . 2010-01-14 20:44   --------   d-----w-   c:\users\user\AppData\Roaming\DivX
2010-01-14 15:35 . 2000-10-31 01:11   98304   ----a-w-   c:\windows\system32\tsccvid.dll
2010-01-14 15:35 . 2010-01-14 15:35   --------   d-----w-   c:\users\user\AppData\Roaming\DassaultSystemes
2010-01-14 15:35 . 2010-01-14 15:35   --------   d-----w-   c:\users\user\AppData\Local\DassaultSystemes
2010-01-14 15:35 . 2010-01-14 15:35   --------   d-----w-   c:\programdata\DassaultSystemes
2010-01-14 15:34 . 2004-07-14 11:54   676864   ----a-w-   c:\windows\system32\drivers\hardlock.sys
2010-01-14 15:28 . 2010-01-14 15:29   --------   d-----w-   c:\program files\Common Files\SolidWorks Shared
2010-01-14 15:20 . 2003-04-17 09:02   50176   ----a-w-   c:\windows\system32\SNTI386.DLL
2010-01-14 15:20 . 2003-04-17 09:02   76288   ----a-w-   c:\windows\system32\drivers\SENTINEL.SYS
2010-01-14 15:20 . 2003-04-17 09:02   18432   ----a-w-   c:\windows\system32\RNBOVDD.DLL
2010-01-14 15:20 . 2010-01-14 15:20   --------   d-----w-   c:\windows\system32\RNBOSENT
2010-01-10 20:32 . 2010-01-10 20:32   --------   d-----w-   c:\program files\DjVuZone

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 15:13 . 2008-01-21 06:24   4027084   ----a-w-   c:\windows\system32\perfh015.dat
2010-01-23 15:13 . 2008-01-21 06:24   1331822   ----a-w-   c:\windows\system32\perfc015.dat
2010-01-23 15:04 . 2009-07-02 19:34   12   ----a-w-   c:\windows\bthservsdp.dat
2010-01-23 13:04 . 2009-07-02 21:35   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-01-23 09:59 . 2009-07-02 19:10   1356   ----a-w-   c:\users\user\AppData\Local\d3d9caps.dat
2010-01-22 17:04 . 2009-07-03 14:45   --------   d-----w-   c:\users\user\AppData\Roaming\uTorrent
2010-01-20 06:46 . 2009-07-02 23:01   74328   ----a-w-   c:\windows\system32\drivers\inspect.sys
2010-01-20 06:45 . 2009-07-02 23:01   171552   ----a-w-   c:\windows\system32\guard32.dll
2010-01-20 06:45 . 2009-07-02 23:01   29520   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2010-01-20 06:45 . 2009-07-02 23:01   128376   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2010-01-17 17:08 . 2009-07-02 20:57   --------   d-----w-   c:\users\user\AppData\Roaming\BESTplayer
2010-01-15 19:43 . 2009-10-19 09:44   --------   d-----w-   c:\users\user\AppData\Roaming\Corel
2010-01-15 19:43 . 2009-10-24 09:34   848   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-01-14 15:28 . 2009-07-02 19:29   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-01-13 12:19 . 2009-07-02 21:35   --------   d-----w-   c:\users\user\AppData\Roaming\Thunderbird
2009-12-29 21:38 . 2009-08-13 11:52   --------   d-----w-   c:\programdata\FarmFrenzy-PizzaParty
2009-12-27 11:46 . 2009-07-31 11:12   111928   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-12-17 09:03 . 2009-10-28 15:17   --------   d-----w-   c:\users\user\AppData\Roaming\gtk-2.0
2009-11-29 18:52 . 2009-11-29 18:51   --------   d-----w-   c:\users\user\AppData\Roaming\Cream Software
2009-11-29 18:51 . 2009-11-29 18:51   --------   d-----w-   c:\program files\Cream Software
2009-11-07 11:22 . 2009-07-24 20:26   1530728   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-03 18:34 . 2009-11-08 19:17   85504   ----a-w-   c:\windows\system32\ff_vfw.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="c:\progra~1\AQQ\AQQ.exe" [2009-11-17 6807552]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-09 4444160]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-20 1800464]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EdgeCLS10.75.lnk - d:\edgecam\Cam\edgecls.exe [2010-1-14 704512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner File Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk
backup=c:\windows\pss\Scanner File Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10   35696   ----a-w-   c:\program files\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58   611712   ----a-w-   c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-09 16:43   180224   ----a-w-   c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 14:40   413696   ----a-w-   c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-01-26 13:58   65536   ------w-   c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 14:15   221184   ----a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 14:15   81920   ----a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-12-19 15:12   83336   ----a-w-   c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-06 15:14   34352   ----a-w-   c:\program files\TOSHIBA\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-03-20 12:32   1312256   ----a-w-   c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-04 18:56   148888   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280630662-3622509087-211913346-1000]
"EnableNotificationsRef"=dword:00000001

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2009-07-03 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2009-07-03 29520]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2009-07-08 25896]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-07-02 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 10.1.3.200:8080
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wfcvxxip.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Reader 9.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 16:22
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Czas ukończenia: 2010-01-23  16:26:32
ComboFix-quarantined-files.txt  2010-01-23 15:26
ComboFix2.txt  2010-01-23 11:20

Przed: 7 713 574 912 bajtów wolnych
Po: 7 582 203 904 bajtów wolnych

- - End Of File - - 768906E7501662B2ADD646F037DB9A6B


Anti-Malware:

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.44
Wersja bazy definicji: 3619
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

2010-01-23 16:34:17
mbam-log-2010-01-23 (16-34-17).txt

Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 104764
Upłynęło: 4 minute(s), 59 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
(Nie wykryto groźnych plików)


Pliki z kolejnego pendriva:

Kod: Zaznacz wszystko

Wolumin w stacji G to KINGSTON
Numer seryjny woluminu: 3EFC-6529

Katalog: G:\

2010-01-23  10:49    <DIR>          .Trashes
2010-01-23  10:49             4 096 ._.Trashes
2010-01-23  10:52             6 148 .DS_Store
2009-12-15  23:38    <DIR>          FOUND.000
               2 plik(ów)             10 244 bajtów
               2 katalog(ów)   1 652 391 936 bajtów wolnych


[wojtas]

powinno być ook

[Mike]

Dzięki za Pomoc