Na każdym pendrivie podłączanym do kompa pojawia się wirus

[L_Devil]

Witam!

Ostatnio musiałem przenieść coś z laptopa na stacjonarny i ku swemu zdumieniu AVG na stacjonarnym wskazał mi wirusa, choć pen-drive został sfortmatowany przed przenoszeniem. Zrobiłem format, z powrotem wetknąłem pendriva do laptopa i wróciłem na stacjonarny... niespodzianka, znowu wirus. Oto logi:

Kod: Zaznacz wszystko

ComboFix 09-01-05.02 - Piotr 2009-01-05 23:18:50.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.3070.2393 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Piotr\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


(((((((((((((((((((((((((   Pliki utworzone od 2008-12-05 do 2009-01-05  )))))))))))))))))))))))))))))))
.

2009-01-05 22:52 . 2009-01-05 23:12   <DIR>   d--------   C:\HijackThis
2009-01-05 20:44 . 2009-01-05 20:49   <DIR>   d--------   C:\C4
2009-01-05 20:33 . 2002-12-08 16:29   208,896   --a------   c:\windows\system32\HDK3CTNT.dll
2009-01-05 20:33 . 1994-12-05 22:00   188,960   --a------   c:\windows\system32\WINGDE.DLL
2009-01-05 20:33 . 2002-07-11 16:17   173,056   --a------   c:\windows\system32\cncs32.dll
2009-01-05 20:33 . 2003-03-21 18:27   133,200   --a------   c:\windows\system32\CNCS.dll
2009-01-05 20:33 . 2002-12-08 16:29   114,176   --a------   c:\windows\system32\HDK3ANIM.dll
2009-01-05 20:33 . 1994-12-05 22:00   92,208   --a------   c:\windows\system32\WING.DLL
2009-01-05 20:33 . 1994-12-05 22:00   12,800   --a------   c:\windows\system32\WING32.DLL
2009-01-05 20:33 . 1994-12-05 22:00   6,736   --a------   c:\windows\system32\WINGDIB.DRV
2009-01-05 20:33 . 2002-12-08 16:29   5,647   --a------   c:\windows\system32\HDK3CRYP.dll
2009-01-05 20:33 . 1994-12-05 22:00   5,024   --a------   c:\windows\system32\WINGPAL.WND
2009-01-05 18:20 . 2009-01-05 18:20   <DIR>   d--------   c:\program files\Fantasy Grounds II
2009-01-02 12:20 . 2009-01-02 12:36   <DIR>   d--------   C:\Fraps
2009-01-02 12:20 . 2009-01-02 13:06   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-01 17:54 . 2009-01-01 17:54   <DIR>   d--------   c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2009-01-01 17:53 . 2009-01-01 17:55   <DIR>   d--------   c:\windows\NV36043136.TMP
2009-01-01 17:53 . 2008-12-08 17:42   201,616   --a------   c:\windows\system32\nvapps.nvb
2008-12-30 14:14 . 2008-12-30 14:14   <DIR>   d--------   C:\Freelancer
2008-12-27 18:51 . 2008-04-14 18:20   221,184   --a------   c:\windows\system32\wmpns.dll
2008-12-25 21:53 . 2008-12-25 21:53   <DIR>   d--------   c:\program files\Common Files\BioWare
2008-12-25 21:32 . 2008-12-25 21:54   <DIR>   d--------   C:\Mass Effect
2008-12-25 15:12 . 2008-12-25 15:18   8   --a------   c:\windows\system32\nvModes.dat
2008-12-25 15:00 . 2008-12-25 15:00   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-21 20:44 . 2008-12-21 20:44   37   --a------   c:\windows\Viewer.ini
2008-12-21 20:02 . 2008-12-23 22:59   <DIR>   d--------   C:\CSTORM
2008-12-20 22:47 . 2008-12-20 22:47   <DIR>   d--------   c:\program files\Sony
2008-12-20 18:22 . 2008-12-20 19:07   <DIR>   d--------   C:\C4_manual
2008-12-17 22:01 . 2008-12-17 22:01   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\MiKTeX
2008-12-17 21:57 . 2008-12-17 22:00   <DIR>   d--------   c:\program files\MiKTeX 2.7
2008-12-17 21:27 . 2008-12-17 21:32   <DIR>   d--------   C:\LaTeX
2008-12-16 15:51 . 2008-12-16 15:52   <DIR>   d--------   c:\windows\system32\NtmsData
2008-12-15 17:52 . 2008-12-15 17:52   <DIR>   d--------   c:\program files\GoldWave
2008-12-15 17:48 . 2008-12-15 17:48   0   --a------   c:\windows\sam7_E.INI
2008-12-14 19:55 . 2008-12-14 19:55   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Avg8
2008-12-14 15:25 . 2009-01-03 19:57   <DIR>   d--------   C:\Original War
2008-12-08 22:05 . 2008-12-08 22:35   <DIR>   d--------   c:\documents and settings\Piotr\Dane aplikacji\Mount&Blade
2008-12-08 22:03 . 2008-12-08 22:06   <DIR>   d--------   C:\Mount&Blade
2008-12-08 22:02 . 2008-11-03 19:10   399,385,059   --a------   C:\mountandblade_1011_setup.exe
2008-12-07 21:13 . 2008-12-07 21:13   <DIR>   d--------   c:\documents and settings\Piotr\Dane aplikacji\Datarescue
2008-12-07 21:09 . 2008-12-07 21:10   <DIR>   d--------   c:\program files\IDA
2008-12-07 17:41 . 2009-01-05 21:34   <DIR>   d--------   C:\Czarek - Piotrek - Jedi
2008-12-07 14:00 . 2008-12-07 14:22   31   --a------   c:\windows\progress
2008-12-05 23:45 . 2008-12-07 13:38   <DIR>   d--------   c:\program files\Common Files\Real
2008-12-05 15:50 . 2008-12-05 15:50   <DIR>   d--------   c:\program files\Guitar Pro 5
2008-12-05 15:04 . 2008-10-27 18:37   4,499,280   --a------   c:\windows\system32\D3dx9d_40.dll
2008-12-05 15:04 . 2008-10-27 18:37   906,576   --a------   c:\windows\system32\xaudioD2_3.dll
2008-12-05 15:04 . 2008-10-27 18:36   496,464   --a------   c:\windows\system32\D3DX10d_40.dll
2008-12-05 15:04 . 2008-10-27 18:39   360,784   --a------   c:\windows\system32\XactEngineA3_3.dll
2008-12-05 15:04 . 2008-10-27 18:39   286,032   --a------   c:\windows\system32\XactEngineD3_3.dll
2008-12-05 15:04 . 2008-10-27 18:39   123,216   --a------   c:\windows\system32\XAPOFXD1_2.dll
2008-12-05 15:04 . 2008-10-27 18:38   47,440   --a------   c:\windows\system32\X3DAudioD1_5.dll
2008-12-05 15:03 . 2008-10-10 04:52   4,379,984   --a------   c:\windows\system32\D3DX9_40.dll
2008-12-05 15:03 . 2008-10-10 04:52   2,036,576   --a------   c:\windows\system32\D3DCompiler_40.dll
2008-12-05 15:03 . 2008-10-27 10:04   514,384   --a------   c:\windows\system32\XAudio2_3.dll
2008-12-05 15:03 . 2008-10-10 04:52   452,440   --a------   c:\windows\system32\d3dx10_40.dll
2008-12-05 15:03 . 2008-10-27 10:04   235,856   --a------   c:\windows\system32\xactengine3_3.dll
2008-12-05 15:03 . 2008-10-27 10:04   70,992   --a------   c:\windows\system32\XAPOFX1_2.dll
2008-12-05 15:03 . 2008-10-27 10:04   23,376   --a------   c:\windows\system32\X3DAudio1_5.dll
2008-12-05 15:01 . 2008-12-05 15:04   <DIR>   d--------   c:\program files\Microsoft DirectX SDK (November 2008)
2008-12-05 15:01 . 2008-12-05 15:01   119,120   --a------   c:\windows\dxsdkuninst.exe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:23   ---------   d-----w   c:\program files\DNA
2009-01-05 22:23   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\DNA
2009-01-05 22:02   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\Dropbox
2009-01-05 21:59   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\BitTorrent
2009-01-04 19:19   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\FileZilla
2009-01-01 16:54   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-01-01 15:27   ---------   d-----w   c:\program files\Diablo II
2008-12-26 19:51   ---------   d-----w   c:\program files\Winamp
2008-12-25 14:41   ---------   d-----w   c:\program files\Heroes Chronicles
2008-12-24 22:58   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\Thinstall
2008-12-23 15:50   ---------   d-----w   c:\program files\FXhome VisionLab Studio
2008-12-19 21:24   ---------   d-----w   c:\program files\Wiedźmin
2008-12-14 14:52   ---------   d-----w   c:\program files\Microsoft Silverlight
2008-12-08 16:42   6,179,744   ----a-w   c:\windows\system32\drivers\nv4_mini.sys
2008-12-05 14:02   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-12-05 14:00   ---------   d-----w   c:\program files\AGEIA Technologies
2008-12-04 19:08   ---------   d-----w   c:\program files\Twierdza
2008-12-04 17:49   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-04 14:54   ---------   d-----w   c:\program files\RADVideo
2008-11-30 14:08   ---------   d-----w   c:\program files\eMule
2008-11-29 14:25   137,825,996   ----a-w   C:\C4Manual.zip
2008-11-28 15:58   ---------   d-----w   c:\program files\MakeHuman 0.9.1 RC1
2008-11-28 15:52   ---------   d-----w   c:\program files\Java
2008-11-28 15:44   ---------   d-----w   c:\program files\Feeling Software
2008-11-28 13:56   ---------   d-----w   c:\program files\Common Files\Softimage
2008-11-28 13:56   ---------   d-----w   c:\program files\Common Files\Avid
2008-11-23 21:16   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Bimesoft
2008-11-22 19:50   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\Apple Computer
2008-11-22 19:45   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\World Machine 2 Basic
2008-11-22 19:06   ---------   d-----w   c:\program files\QuickTime
2008-11-22 19:06   ---------   d-----w   c:\program files\Common Files\Apple
2008-11-22 19:06   ---------   d-----w   c:\program files\Apple Software Update
2008-11-22 19:06   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2008-11-22 19:06   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Apple
2008-11-20 22:00   ---------   d-----w   c:\program files\Spider-Man - Web of Shadows
2008-11-20 11:26   ---------   d-----w   c:\program files\DragonRiders
2008-11-17 15:05   ---------   d-----w   c:\program files\Heroes of Might and Magic III
2008-11-13 11:41   ---------   d-----w   c:\program files\Common Files\3DO Shared
2008-11-11 17:56   ---------   d-----w   c:\program files\FLV to AVI Converter
2008-11-11 17:50   ---------   d-----w   c:\program files\Free Video Converter
2008-11-11 17:39   ---------   d-----w   c:\program files\Flash Decompiler Trillix
2008-11-10 18:26   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\CyberLink
2008-11-10 18:25   ---------   d-----w   c:\program files\CyberLink
2008-11-10 18:25   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-11-08 18:24   ---------   d-----w   c:\program files\Microsoft SQL Server
2008-11-08 18:23   ---------   d-----w   c:\program files\Microsoft.NET
2008-11-08 18:16   ---------   d-----w   c:\program files\Microsoft Visual Studio 9.0
2008-11-08 18:15   ---------   d-----w   c:\program files\Microsoft Web Designer Tools
2008-11-07 16:28   2,829   ----a-w   c:\windows\DIIUnin.pif
2008-11-07 16:28   106,496   ----a-w   c:\windows\DIIUnin.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20   143360   --a------   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20   143360   --a------   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20   143360   --a------   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 18:59   2953216   --a------   c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 18:59   2953216   --a------   c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="d:\alcohol soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Google Update"="c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-11-14 133104]
"avp"="c:\recycler\S-1-5-21-7107284543-5583942833-164940287-3107\hdav.exe" [2008-12-15 72192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13594624]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"WLSS"="c:\program files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 190000]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2008-12-08 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]
"nwiz"="nwiz.exe" [2008-12-08 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

c:\documents and settings\Piotr\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Dropbox.lnk - c:\program files\Dropbox\Dropbox.exe [2008-09-26 24096981]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 561213]
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-01-17 41042]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-10-27 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 18:46 90112 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli psqlpwd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex00_connect_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex01_lanbroadcast_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex02_zoidlevel_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex03_object_replication_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex04_object_deletion_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex08_file_transfer_server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\FantasyGrounds\\FantasyGrounds.exe"=
"e:\\ProjectsC#\\ServerConsole\\bin\\Release\\ServerConsole.exe"=
"e:\\ProjectsC#\\ChatTest\\bin\\Release\\ChatTest.exe"=
"d:\\Programming\\Delta3D\\build\\bin\\testEchoServer.exe"=
"d:\\Programming\\Delta3D\\build\\bin\\testNetwork.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Piotr\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Piotr\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\ChatServer\\bin\\Release\\ChatServer.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\ImageServer\\bin\\Release\\ImageServer.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\LargePacketServer\\bin\\Release\\LargePacketServer.exe"=
"e:\\Projects XNA\\Adventurer\\AdventurerMasterServer\\bin\\Release\\AdventurerMasterServer.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\StressServer\\bin\\Release\\StressServer.exe"=
"c:\\Program Files\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"c:\\WinHTTrack\\WinHTTrack.exe"=
"d:\\Wesnoth\\wesnothd.exe"=
"d:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"=
"d:\\Programming\\Esenthel\\EsenthelEngineSDK\\Tutorials\\Tutorials.exe"=
"c:\\Program Files\\IDA\\idag.exe"=
"c:\\Program Files\\IDA\\idag64.exe"=
"c:\\Original War\\OwarFull.dll"=
"c:\\Program Files\\Heroes of Might and Magic III\\Heroes3.exe"=
"c:\\CSTORM\\CSTORM.exe"=
"c:\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2008-10-01 9856]
R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbe46db5-da60-11dd-a1e7-001cbf1d9ff5}]
\Shell\AutoRun\command - G:\USBNB.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1482476501-839522115-1004.job
- c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-14 23:23]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\c2gkrnfg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - plugin: c:\documents and settings\Piotr\Dane aplikacji\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: d:\adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: d:\k-lite codec pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\k-lite codec pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 23:23:35
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\tabhook.dll

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\spm\spmdib.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\alcohol soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-05 23:26:37 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-01-05 22:26:34

Przed: 728 678 400 bajtów wolnych
Po: 1,681,588,224 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

330   --- E O F ---   2008-12-27 10:41:05


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:48, on 2009-01-05
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\spm\spmdib.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [avp] C:\RECYCLER\S-1-5-21-7107284543-5583942833-164940287-3107\hdav.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Flash Decompiler Trillix\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Flash Decompiler Trillix\iebt.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmdib.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9783 bytes


[Lukesh]

Zapoznaj sie i zastosuj:
bad-generic-host-process-for-win32-services-vt79489.html
http://www.searchengines.pl/Infekcje-z-pendrivemediow-przenosnych-t94761.html

Loga nie sprawdze, bo zwyczajnie nie znam sie na tym.

[L_Devil]

Z pierwszego linka: zastosowałem WWDC, pierwsze trzy opcje były na czerwono, po fixowaniu i restarcie wszystkie zaświeciły się na zielono z wyjątkiem NetBIOS, który jest na żółto.

[UszatyPL]

hehe mam ten sam problem

[apg2312]

Skorzystajcie z tego programu :
http://www.programosy.pl/program,ninja-pendisk.html

[sgsman]

1. Z podłączonymi dyskami przenośnymi użyjcie Combofixa, a potem wklejcie logi.
2. "Przejedźcie" swoje pendrive'y Flash Desinfectorem.
3. Sprawdźcie, czy Autoruny wam działają

[L_Devil]

Niech to! Zewnętrzne dyski twarde też zaraża, nie tylko pen-drivy :-/
Jak rozumiem ten Ninja usuwa syf z penów... a jak się go pozbyć z dysku? Działania ComboFixa wystarczą?

Edit A, jedna sprawa: po tym co robiłem ComboFixem i WWDC przestała mi działać lokalna baza danych MySql. W usługach widzę że jest wyłączona i że przycisk "włącz" jest niedostępny

Kod: Zaznacz wszystko

ComboFix 09-01-05.05 - Piotr 2009-01-06 17:23:36.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.3070.2475 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Piotr\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-12-06 do 2009-01-06  )))))))))))))))))))))))))))))))
.

2009-01-06 17:08 . 1994-12-05 22:00   92,208   --a------   c:\windows\system\WING.DLL
2009-01-06 17:08 . 1994-12-05 22:00   12,800   --a------   c:\windows\system\WING32.DLL
2009-01-06 17:07 . 2009-01-06 17:07   <DIR>   d--------   c:\program files\TryMedia
2009-01-06 17:00 . 2009-01-06 17:00   36   --a------   c:\windows\screensaverusersettingHeroes III.ini
2009-01-05 22:52 . 2009-01-05 23:29   <DIR>   d--------   C:\HijackThis
2009-01-05 20:44 . 2009-01-05 20:49   <DIR>   d--------   C:\C4
2009-01-05 20:33 . 2002-12-08 16:29   208,896   --a------   c:\windows\system32\HDK3CTNT.dll
2009-01-05 20:33 . 1994-12-05 22:00   188,960   --a------   c:\windows\system32\WINGDE.DLL
2009-01-05 20:33 . 2002-07-11 16:17   173,056   --a------   c:\windows\system32\cncs32.dll
2009-01-05 20:33 . 2003-03-21 18:27   133,200   --a------   c:\windows\system32\CNCS.dll
2009-01-05 20:33 . 2002-12-08 16:29   114,176   --a------   c:\windows\system32\HDK3ANIM.dll
2009-01-05 20:33 . 1994-12-05 22:00   92,208   --a------   c:\windows\system32\WING.DLL
2009-01-05 20:33 . 1994-12-05 22:00   12,800   --a------   c:\windows\system32\WING32.DLL
2009-01-05 20:33 . 1994-12-05 22:00   6,736   --a------   c:\windows\system32\WINGDIB.DRV
2009-01-05 20:33 . 2002-12-08 16:29   5,647   --a------   c:\windows\system32\HDK3CRYP.dll
2009-01-05 20:33 . 1994-12-05 22:00   5,024   --a------   c:\windows\system32\WINGPAL.WND
2009-01-05 18:20 . 2009-01-05 18:20   <DIR>   d--------   c:\program files\Fantasy Grounds II
2009-01-02 12:20 . 2009-01-02 12:36   <DIR>   d--------   C:\Fraps
2009-01-02 12:20 . 2009-01-02 13:06   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-01 17:54 . 2009-01-01 17:54   <DIR>   d--------   c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2009-01-01 17:53 . 2009-01-01 17:55   <DIR>   d--------   c:\windows\NV36043136.TMP
2009-01-01 17:53 . 2008-12-08 17:42   201,616   --a------   c:\windows\system32\nvapps.nvb
2008-12-30 14:14 . 2008-12-30 14:14   <DIR>   d--------   C:\Freelancer
2008-12-27 18:51 . 2008-04-14 18:20   221,184   --a------   c:\windows\system32\wmpns.dll
2008-12-25 21:53 . 2008-12-25 21:53   <DIR>   d--------   c:\program files\Common Files\BioWare
2008-12-25 21:32 . 2008-12-25 21:54   <DIR>   d--------   C:\Mass Effect
2008-12-25 15:12 . 2008-12-25 15:18   8   --a------   c:\windows\system32\nvModes.dat
2008-12-25 15:00 . 2008-12-25 15:00   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-21 20:44 . 2008-12-21 20:44   37   --a------   c:\windows\Viewer.ini
2008-12-21 20:02 . 2008-12-23 22:59   <DIR>   d--------   C:\CSTORM
2008-12-20 22:47 . 2008-12-20 22:47   <DIR>   d--------   c:\program files\Sony
2008-12-20 18:22 . 2008-12-20 19:07   <DIR>   d--------   C:\C4_manual
2008-12-17 22:01 . 2008-12-17 22:01   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\MiKTeX
2008-12-17 21:57 . 2008-12-17 22:00   <DIR>   d--------   c:\program files\MiKTeX 2.7
2008-12-17 21:27 . 2008-12-17 21:32   <DIR>   d--------   C:\LaTeX
2008-12-16 15:51 . 2008-12-16 15:52   <DIR>   d--------   c:\windows\system32\NtmsData
2008-12-15 17:52 . 2008-12-15 17:52   <DIR>   d--------   c:\program files\GoldWave
2008-12-15 17:48 . 2008-12-15 17:48   0   --a------   c:\windows\sam7_E.INI
2008-12-14 19:55 . 2008-12-14 19:55   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Avg8
2008-12-14 15:25 . 2009-01-03 19:57   <DIR>   d--------   C:\Original War
2008-12-08 22:05 . 2008-12-08 22:35   <DIR>   d--------   c:\documents and settings\Piotr\Dane aplikacji\Mount&Blade
2008-12-08 22:03 . 2008-12-08 22:06   <DIR>   d--------   C:\Mount&Blade
2008-12-08 22:02 . 2008-11-03 19:10   399,385,059   --a------   C:\mountandblade_1011_setup.exe
2008-12-07 21:13 . 2008-12-07 21:13   <DIR>   d--------   c:\documents and settings\Piotr\Dane aplikacji\Datarescue
2008-12-07 21:09 . 2008-12-07 21:10   <DIR>   d--------   c:\program files\IDA
2008-12-07 17:41 . 2009-01-05 21:34   <DIR>   d--------   C:\Czarek - Piotrek - Jedi
2008-12-07 14:00 . 2008-12-07 14:22   31   --a------   c:\windows\progress

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 16:29   ---------   d-----w   c:\program files\DNA
2009-01-06 16:29   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\Dropbox
2009-01-06 16:29   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\DNA
2009-01-06 14:52   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\FileZilla
2009-01-06 14:16   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\BitTorrent
2009-01-01 16:54   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-01-01 15:27   ---------   d-----w   c:\program files\Diablo II
2008-12-26 19:51   ---------   d-----w   c:\program files\Winamp
2008-12-25 14:41   ---------   d-----w   c:\program files\Heroes Chronicles
2008-12-24 22:58   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\Thinstall
2008-12-23 15:50   ---------   d-----w   c:\program files\FXhome VisionLab Studio
2008-12-19 21:24   ---------   d-----w   c:\program files\Wiedźmin
2008-12-14 14:52   ---------   d-----w   c:\program files\Microsoft Silverlight
2008-12-08 16:42   6,179,744   ----a-w   c:\windows\system32\drivers\nv4_mini.sys
2008-12-07 12:38   ---------   d-----w   c:\program files\Common Files\Real
2008-12-05 14:50   ---------   d-----w   c:\program files\Guitar Pro 5
2008-12-05 14:04   ---------   d-----w   c:\program files\Microsoft DirectX SDK (November 2008)
2008-12-05 14:02   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-12-05 14:01   119,120   ----a-w   c:\windows\dxsdkuninst.exe
2008-12-05 14:00   ---------   d-----w   c:\program files\AGEIA Technologies
2008-12-04 19:08   ---------   d-----w   c:\program files\Twierdza
2008-12-04 17:49   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-04 14:54   ---------   d-----w   c:\program files\RADVideo
2008-11-30 14:08   ---------   d-----w   c:\program files\eMule
2008-11-29 14:25   137,825,996   ----a-w   C:\C4Manual.zip
2008-11-28 15:58   ---------   d-----w   c:\program files\MakeHuman 0.9.1 RC1
2008-11-28 15:52   ---------   d-----w   c:\program files\Java
2008-11-28 15:44   ---------   d-----w   c:\program files\Feeling Software
2008-11-28 13:56   ---------   d-----w   c:\program files\Common Files\Softimage
2008-11-28 13:56   ---------   d-----w   c:\program files\Common Files\Avid
2008-11-23 21:16   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Bimesoft
2008-11-22 19:50   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\Apple Computer
2008-11-22 19:45   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\World Machine 2 Basic
2008-11-22 19:06   ---------   d-----w   c:\program files\QuickTime
2008-11-22 19:06   ---------   d-----w   c:\program files\Common Files\Apple
2008-11-22 19:06   ---------   d-----w   c:\program files\Apple Software Update
2008-11-22 19:06   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2008-11-22 19:06   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Apple
2008-11-20 22:00   ---------   d-----w   c:\program files\Spider-Man - Web of Shadows
2008-11-20 11:26   ---------   d-----w   c:\program files\DragonRiders
2008-11-17 15:05   ---------   d-----w   c:\program files\Heroes of Might and Magic III
2008-11-13 11:41   ---------   d-----w   c:\program files\Common Files\3DO Shared
2008-11-11 17:56   ---------   d-----w   c:\program files\FLV to AVI Converter
2008-11-11 17:50   ---------   d-----w   c:\program files\Free Video Converter
2008-11-11 17:39   ---------   d-----w   c:\program files\Flash Decompiler Trillix
2008-11-10 18:26   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\CyberLink
2008-11-10 18:25   ---------   d-----w   c:\program files\CyberLink
2008-11-10 18:25   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-11-08 18:24   ---------   d-----w   c:\program files\Microsoft SQL Server
2008-11-08 18:23   ---------   d-----w   c:\program files\Microsoft.NET
2008-11-08 18:16   ---------   d-----w   c:\program files\Microsoft Visual Studio 9.0
2008-11-08 18:15   ---------   d-----w   c:\program files\Microsoft Web Designer Tools
2008-11-07 16:28   2,829   ----a-w   c:\windows\DIIUnin.pif
2008-11-07 16:28   106,496   ----a-w   c:\windows\DIIUnin.exe
.

(((((((((((((((((((((((((((((   snapshot@2009-01-05_23.26.19.29   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-05 22:23:19   14,050   ----a-w   c:\windows\system32\tablet.dat
+ 2009-01-06 16:28:48   14,050   ----a-w   c:\windows\system32\tablet.dat
+ 2009-01-06 16:28:41   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_7b0.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20   143360   --a------   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20   143360   --a------   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20   143360   --a------   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 18:59   2953216   --a------   c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 18:59   2953216   --a------   c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="d:\alcohol soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Google Update"="c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-11-14 133104]
"avp"="c:\recycler\S-1-5-21-1455143099-5278492500-798028734-8514\hdav.exe" [2009-01-05 72192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13594624]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"WLSS"="c:\program files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 190000]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2008-12-08 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]
"nwiz"="nwiz.exe" [2008-12-08 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

c:\documents and settings\Piotr\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Dropbox.lnk - c:\program files\Dropbox\Dropbox.exe [2008-09-26 24096981]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 561213]
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-01-17 41042]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-10-27 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 18:46 90112 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli psqlpwd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex00_connect_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex01_lanbroadcast_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex02_zoidlevel_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex03_object_replication_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex04_object_deletion_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex08_file_transfer_server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\FantasyGrounds\\FantasyGrounds.exe"=
"e:\\ProjectsC#\\ServerConsole\\bin\\Release\\ServerConsole.exe"=
"e:\\ProjectsC#\\ChatTest\\bin\\Release\\ChatTest.exe"=
"d:\\Programming\\Delta3D\\build\\bin\\testEchoServer.exe"=
"d:\\Programming\\Delta3D\\build\\bin\\testNetwork.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Piotr\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Piotr\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\ChatServer\\bin\\Release\\ChatServer.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\ImageServer\\bin\\Release\\ImageServer.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\LargePacketServer\\bin\\Release\\LargePacketServer.exe"=
"e:\\Projects XNA\\Adventurer\\AdventurerMasterServer\\bin\\Release\\AdventurerMasterServer.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\StressServer\\bin\\Release\\StressServer.exe"=
"c:\\Program Files\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"c:\\WinHTTrack\\WinHTTrack.exe"=
"d:\\Wesnoth\\wesnothd.exe"=
"d:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"=
"d:\\Programming\\Esenthel\\EsenthelEngineSDK\\Tutorials\\Tutorials.exe"=
"c:\\Program Files\\IDA\\idag.exe"=
"c:\\Program Files\\IDA\\idag64.exe"=
"c:\\Original War\\OwarFull.dll"=
"c:\\Program Files\\Heroes of Might and Magic III\\Heroes3.exe"=
"c:\\CSTORM\\CSTORM.exe"=
"c:\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2008-10-01 9856]
R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbe46db5-da60-11dd-a1e7-001cbf1d9ff5}]
\Shell\AutoRun\command - G:\USBNB.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1482476501-839522115-1004.job
- c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-14 23:23]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\c2gkrnfg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - plugin: c:\documents and settings\Piotr\Dane aplikacji\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: d:\adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: d:\k-lite codec pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\k-lite codec pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 17:29:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1482476501-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\S*NULL*P*NULL*O*NULL*R*NULL*E*NULL*"!]
"Order"=hex:08,00,00,00,02,00,00,00,02,02,00,00,01,00,00,00,04,00,00,00,88,00,\
  00,00,00,00,00,00,7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,32,\
  00,ac,05,00,00,58,39,1d,73,20,00,50,4c,49,4b,50,52,7e,31,2e,4c,4e,4b,00,00,\
  3e,00,03,00,04,00,ef,be,58,39,1d,73,72,39,40,a1,14,00,00,00,50,00,6c,00,69,\
  00,6b,00,20,00,50,00,72,00,7a,00,65,00,63,00,7a,00,79,00,74,00,61,00,6a,00,\
  2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
  00,00,00,00,00,00,00,00,00,7a,00,00,00,01,00,00,00,6c,00,00,00,41,75,67,4d,\
  02,00,00,00,01,00,00,00,5a,00,32,00,8e,07,00,00,58,39,1d,73,20,00,50,4f,4d,\
  4f,43,45,7e,31,2e,4c,4e,4b,00,00,30,00,03,00,04,00,ef,be,58,39,1d,73,72,39,\
  40,a1,14,00,00,00,50,00,6f,00,6d,00,6f,00,63,00,20,00,45,00,41,00,2e,00,6c,\
  00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,\
  00,00,00,00,00,00,74,00,00,00,02,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,\
  00,01,00,00,00,54,00,32,00,a0,06,00,00,58,39,1d,73,20,00,53,50,4f,52,45,7e,\
  31,2e,4c,4e,4b,00,2c,00,03,00,04,00,ef,be,58,39,1d,73,72,39,40,a1,14,00,00,\
  00,53,00,50,00,4f,00,52,00,45,00,22,21,2e,00,6c,00,6e,00,6b,00,00,00,1a,00,\
  0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00,80,00,00,\
  00,03,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,32,00,\
  b9,07,00,00,58,39,1d,73,20,00,55,53,55,53,50,4f,7e,31,2e,4c,4e,4b,00,00,36,\
  00,03,00,04,00,ef,be,58,39,1d,73,72,39,41,a1,14,00,00,00,55,00,73,00,75,00,\
  44,01,20,00,53,00,50,00,4f,00,52,00,45,00,22,21,2e,00,6c,00,6e,00,6b,00,00,\
  00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-1844237615-1482476501-839522115-1004\Software\SecuROM\License information*NULL*]
"datasecu"=hex:4f,6f,e7,c2,47,e4,f2,12,dd,e4,91,aa,30,36,1f,34,c2,d7,45,e0,a1,\
  44,14,9b,62,83,c4,34,4a,1e,5a,03,e2,68,4b,ac,20,8a,06,70,1d,c7,e4,11,79,d3,\
  3d,21,bb,e6,d9,e3,15,c4,94,df,65,ef,3a,c7,c5,2a,2b,14,ce,17,9b,93,52,57,39,\
  70,2d,f2,2a,bd,dc,93,a6,eb,c1,a2,d6,85,5d,04,4b,9c,52,84,25,fc,39,f2,b6,b2,\
  b3,85,6f,2d,e7,c2,2c,58,70,a0,6e,b1,e4,e7,ac,ea,6c,90,ba,29,0a,57,49,63,b1,\
  6a,25,a4,8b,bc,e8,e9,cd,1b,79,02,6a,52,4d,d9,71,fd,40,84,c2,ca,9f,cb,79,e9,\
  db,18,91,e1,37,cd,09,64,09,25,3e,96,64,75,d0,ac,c9,62,44,80,2f,5d,31,c1,27,\
  70,46,7f,17,7b,e3,53,7e,8a,0a,fc,37,6f,d2,8d,7d,7a,51,a0,9d,e2,9c,8d,18,65,\
  48,0f,a0,8a,f8,c3,1e,1e,a3,f0,6f,a5,65,89,5e,bb,53,02,d3,d2,31,c4,07,75,3a,\
  2e,7b,6e,49,23,3d,d2,7d,ac,8f,42,f1,f7,1f,75,dc,3b,5b,9c,ec,59,8f,7c,b7,53,\
  90,28,c5,bd,c3,f6,7e,75,44,a3,05,1a,4d,93,b9,2f,81,3a,c8,ea,e5,9b,4e,95,b5,\
  85,38,21,6a,5d,54,79,c7,3b,f2,28,43,63,e1,07,8c,f3,f6,50,bb,f5,47,85,9d,f8,\
  42,03,a1,b3,ed,dd,31,5c,74,5d,00,24,03,78,8b,db,a1,09,84,71,45,f0,55,11,fb,\
  c0,c3,aa,6c,25,93,4b,7b,c9,2a,19,14,68,5d,40,05,a6,1a,42,2c,a9,a9,4e,26,7f,\
  a3,db,32,1e,27,b9,15,14,e8,08,13,57,aa,ce,67,85,76,ef,1c,d7,42,69,e9,55,e0,\
  41,2c,95,d6,33,b2,a6,95,2a,b4,ba,f5,9d,34,cb,be,8c,2c,db,88,cf,13,8e,54,c3,\
  68,bf,18,50,9d,d7,2b,e2,f1,84,23,fd,34,c8,df,0f,73,99,5a,8d,7a,90,e8,a1,d8,\
  6f,8d,09,6c,58,5e,e1,98,29,20,bc,f4,3d,ed,85,40,14,08,52,23,94,aa,e8,45,e3,\
  74,c5,fb,0f,2f,f7,0a,3f,82,3f,58,d6,0d,9d,26,be,60,d4,65,6f,61,88,cf,19,99,\
  f6,fd,bf,9b,2a,a2,de,45,52,9a,17,89,d9,8c,af,eb,0d,ef,a9,92,37,54,48,30,6a,\
  7c,7f,40,11,da,0e,07,ec,8e,0f,ec,df,fd,85,dc,57,e1,4f,4d,9d,a3,bd,4a,bc,5b,\
  57,65,fe,81,3a,7b,e2,f9,9b,88,89,48,5a,78,c2,8b,5d,a5,9d,49,fd,63,fa,94,fc,\
  e4,07,1b,e5,d6,c0,a5,cc,e8,34,42,aa,ee,0d,df,ed,4f,69,ee,d5,22,4c,39,64,c1,\
  51,d1,c5,af,35,eb,c0,88,c8,4e,67,d5,aa,b3,ef,76,0f,85,c3,08,ce,27,99,f0,37,\
  82,d6,87,9a,b7,e0,0e,b0,2a,20,67,5e,aa,ad,e6,e7,2c,97,76,bf,7c,81,28,89,d5,\
  f6,21,7b,c7,99,93,84,bf,03,70,65,b7,b8,82,bc,96,99,a7,b1,2f,94,5b,09,14,74,\
  b1,1f,4e,a9,15,da,a7,04,14,25,ef,af,87,71,b8,88,d9,e9,7f,d8,02,73,97,c2,d8,\
  c0,65,ca,6b,da,39,cb,23,60,39,5e,e3,df,b6,8b,64,17,fb,dd,52,7b,73,c6,e2,b3,\
  b6,5f,57,3b,79,29,bb,6f,59,89,35,22,90,15,c8,76,30,e8,a2,cd,a9,84,62,06,24,\
  83,88,1c,bc,0e,51,a6,9b,68,61,e1,cf,d4,5b,fd,ce,32,05,c2,16,5a,36,ce,61,0f,\
  c6,c4,75,79,54,14,d2,80,d6,32,c5,d2,ca,d4,ef,c9,b4,ce,3b,5d,ef,1e,bc,ba,c7,\
  40,d3,77,9d,a3,0c,1a,fb,67,3f,12,d1,5c,3e,56,0e,64,82,03,c2,3b,77,dc,07,93,\
  4b,55,76,41,3e,ec,26,0e,22,19,44,05,c0,d0,cf,77,d7,ae,44,60,36,0c,28,3a,0c,\
  30,fc,ff,7f,6b,64,e1,75,58,4a,c3,ae,ae,08,87,7b,fc,54,32,24,53,2d,d6,f9,63,\
  82,73,ae,d6,05,78,4a,81,44,af,a6,d5,33,40,6f,fb,de,08,e0,1a,d3,9c,ee,d9,3f,\
  d1,65,a1,5e,99,d7,a0,27,ee,9c,04,b4,08,3b,65,bf,11,47,b2,47,2f,8c,59,55,06,\
  b4,9b,3f,97,20,6f,43,0b,0f,43,72,f6,2c,7e,26,9a,3c,cb,13,b8,7d,c8,57,5e,40,\
  dd,b6,77,66,ff,3b,51,c1,d6,d9,68,1c,63,3c,18,90,b1,b4,33,8f,be,52,ec,54,1c,\
  55,77,96,14,62,b2,85,92,08,74,70,ba,d8,d4,95,5e,6f,fb,86,a1,78,d1,28,82,53,\
  56,d7,71,15,3c,e7,8e,9f,a5,53,a3,16,9d,6a,64,5a,f3,d2,1e,5e,fe,6d,0d,83,4f,\
  6b,af,4d,8a,ae,e6,3c,7a,81,f6,94,12,37,41,5b,36,a9,bb,0f,9b,4c,af,38,30,9c,\
  cd,5e,a1,5e,83,c6,3f,67,a1,a4,7d,7b,36,1f,d5,43,5a,59,c5,48,06,12,71,63,ea,\
  0c,69,a7,b0,6b,e1,7c,24,99,8b,7a,9b,94,03,48,2d,a3,f4,4a,c3,d1,4f,a9,f2,ec,\
  af,a6,b4,9d,33,45,7d,5e,b5,8f,8d,47,df,47,f0,b8,db,f6,bd,16,2d,d0,98,89,fa,\
  2b,71,91,8a,3d,53,73,e9,0f,6f,9c,a1,e5,39,9b,17,f5,e6,26,c7,df,04,ad,62,3d,\
  00,c7,45,1e,00,db,81,e3,b9,e7,69,a8,c4,86,0e,25,4e,91,93,61,b2,e1,3c,c6,45,\
  2e,16,84,0e,64,82,eb,6a,d4,08,87,87,4d,6c,ab,ea,2e,5c,dd,5e,a0,85,ab,66,a9,\
  3c,c6,7c,7c,80,d9,47,4d,16,67,78,fa,35,2d,49,77,48,5c,1c,3e,0b,89,53,d3,74,\
  35,09,1a,8c,f2,24,77,de,a7,fd,08,74,d9,88,2c,cd,5d,6f,21,98,7a,66,22,61,54,\
  b6,a6,63,bb,25,dc,b0,01,a5,38,09,b7,63,ab,7e,d3,7b,d2,07,0e,de,b1,cd,24,15,\
  64,56,c9,46,84,cc,07,67,de,36,83,65,9b,74,b6,87,0c,2b,0d,6e,f0,20,2a,f8,32,\
  a3,08,64,cb,6a,32,54,da,92,bb,0a,09,68,91,e8,f5,af,e9,0f,a7,ce,75,5d,3e,ca,\
  90,eb,d2,e9,88,5d,cc,2c,61,25,19,e5,c1,93,87,47,0a,ca,a8,6e,85,81,20,a3,3a,\
  be,f1,12,83,9f,1a,bb,bc,88,0f,7c,84,3a,e3,e4,2b,96,e7,dd,e0,95,14,a9,99,95,\
  6a,07,c0,bf,fa,65,17,7a,47,13,4a,a3,e3,09,0d,e4,d5,2a,d4,3d,1f,4e,bb,93,cc,\
  d8,e1,59,f0,cc,73,d9,c4,c3,f5,02,ba,d0,3b,bc,a0,dd,b8,48,6e,fc,07,95,1f,dd,\
  86,72,bf,f9,b4,07,cb,2c,e8,19,e4,ad,6b,8d,7c,ab,c1,02,74,51,7e,8e,d8,f8,1b,\
  86,65,12,84,86,ec,e7,dc,48,20,8a,fd,5b,c4,54,bd,fd,62,16,75,19,14,ff,11,84,\
  99,07,84,2d,da,7b,c3,fe,6f,f1,de,a9,5d,ba,dd,76,14,44,6b,ae,ea,f5,e6,99,b0,\
  1f,a7,26,34,6b,e7,92,5a,ef,0c,e2,78,fc,e4,b6,0f,2a,7e,ca,7a,8a,2d,b4,10,4c,\
  1b,87,df,ec,21,da,74,ff,96,df,a1,c6,3c,48,36,08,35,a2,92,7d,e7,a9,2c,fd,0f,\
  3b,6b,99,93,5b,f2,cb,c7,ba,b3,d6,8b,d7,6c,95,8f,ad,1b,76,a0,46,08,6d,1e,de,\
  95,be,5d,a2,49,c9,f5,f1,05,4c,5a,02,e4,76,25,dd,7f,99,d1,c5,44,a2,ed,4a,69,\
  f2,d7,09,0c,1f,d8,48,5e,4b,ff,ab,21,9b,ee,3c,af,0c,cb,14,05,56,9a,f8,e2,18,\
  89,1e,e0,c3,32,da,a7,dd,46,ac,1c,13,de,56,90,20,4b,cf,bc,c2,eb,6f,3c,c6,dc,\
  5a,e5,0a,ac,41,0f,a2,09,f5,e6,43,7b,d7,79,86,20,05,6f,97,53,cb,8c,0e,92,8b,\
  19,49,0c,e9,d4,4a,b8,e7,07,3e,86,e9,3a,12,12,3c,9c,65,b7,4e,a1,92,41,9b,72,\
  f3,82,7b,eb,f5,a4,61,54,4d,4d,47,63,5a,f1,e3,a2,c9,b0,64,61,2d,1d,df,00,02,\
  69,9f,2c,f1,e9,f6,a3,4f,d6,d1,41,bc,b5,fb,58,08,17,a6,b6,3e,30,e1,73,8e,02,\
  05,57,e9,32,cd,19,96,b6,93,06,5a,fa,0b,54,f2,a3,d7,85,71,46,03,6f,3b,82,24,\
  41,28,a7,f4,e9,ed,24,0d,72,12,23,b3,b7,3b,5a,c9,12,97,25,ea,dc,6d,a3,36,8a,\
  8d,12,4b,73,43,2b,62,c9,34,3b,59,dc,b2,ca,ab,5b,1b,ed,2a,c1,b9,b3,3d,58,bb,\
  ae,d5,d9,e0,2b,25,6a,5b,b2,29,76,64,a3,4e,27,65,bf,d7,74,30,23,fd,06,41,6b,\
  ba,6c,85,7f,d5,82,c1,73,18,6e,46,41,1e,9a,0a,58,87,72,f2,e6,40,14,fb,14,43,\
  ac,f0,82,3b,c3,2d,39,8f,cf,b3,de,02,6a,d7,44,ef,f8,49,4b,23,5a,1a,c8,51,a1,\
  3c,4f,1d,7e,64,d7,1a,ab,10,a4,70,08,2a,6f,bb,78,3d,1d,dc,3e,83,77,db,d4,db,\
  cf,79,8d,e7,45,92,a1,ee,13,b5,ae,c9,b9,3c,52,51,b9,db,9a,e7,83,32,64,85,21,\
  f2,76,63,af,21,99,03,f6,e3,f1,34,c0,23,02,ca,bd,61,7f,84,61,63,c6,2d,99,87,\
  77,a4,8e,13,7e,9d,db,c5,2c,5a,74,dc,a5,ae,f6,45,55,88,4d,19,ef,f7,03,4d,5e,\
  12,03,45,a6,12,03
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\tabhook.dll

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\spm\spmdib.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Apache Group\Apache2\bin\Apache.exe
d:\alcohol soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-06 17:32:18 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-01-06 16:32:15
ComboFix2.txt  2009-01-05 22:26:38

Przed: 1 767 198 720 bajtów wolnych
Po: 1,752,752,128 bajtów wolnych

422   --- E O F ---   2008-12-27 10:41:05

[wojtas]

1)

Wylecz pendriva lub kartę pamięci
Perlovga Removal Tool
Flash Disinfector
lub format

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[L_Devil]

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by Piotr on 2009-01-06 at 17:58

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\patch.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 19:11:46
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:7d,be,1e,2e,78,c9,10,ff,2c,b2,a7,84,65,d2,c3,86,3a,7a,8f,0a,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7a,01,31,b7,10,ac,ed,85,ce,c8,ee,6d,6c,c3,e7,10,36,30,4a,2f,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ed,30,dd,ae,ab,c4,1f,71,3d,fc,02,97,7b,07,79,dc,13,..
"khjeh"=hex:f4,9b,ed,8e,4b,c8,85,7c,2a,98,32,37,46,1a,8e,a5,cf,44,13,cd,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1d,88,c0,79,fa,59,df,21,02,12,7c,30,ff,b8,32,07,69,8e,e7,03,f3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:94,9b,0c,61,88,00,dc,72,f6,33,76,ed,54,61,94,c0,fa,a1,da,58,f7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ed,30,dd,ae,ab,c4,1f,71,3d,fc,02,97,7b,07,79,dc,13,..
"khjeh"=hex:f4,9b,ed,8e,4b,c8,85,7c,2a,98,32,37,46,1a,8e,a5,cf,44,13,cd,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:87,7c,69,aa,9e,48,b8,0e,e2,19,eb,29,91,73,16,bb,7a,68,3d,a9,15,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:7d,be,1e,2e,78,c9,10,ff,2c,b2,a7,84,65,d2,c3,86,3a,7a,8f,0a,52,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7a,01,31,b7,10,ac,ed,85,ce,c8,ee,6d,6c,c3,e7,10,36,30,4a,2f,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ed,30,dd,ae,ab,c4,1f,71,3d,fc,02,97,7b,07,79,dc,13,..
"khjeh"=hex:f4,9b,ed,8e,4b,c8,85,7c,2a,98,32,37,46,1a,8e,a5,cf,44,13,cd,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1d,88,c0,79,fa,59,df,21,02,12,7c,30,ff,b8,32,07,69,8e,e7,03,f3,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex00_connect_server.exe"="D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex00_connect_server.exe:*:Enabled:ex00_connect_server"
"D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex01_lanbroadcast_server.exe"="D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex01_lanbroadcast_server.exe:*:Enabled:ex01_lanbroadcast_server"
"D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex02_zoidlevel_server.exe"="D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex02_zoidlevel_server.exe:*:Enabled:ex02_zoidlevel_server"
"D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex03_object_replication_server.exe"="D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex03_object_replication_server.exe:*:Enabled:ex03_object_replication_server"
"D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex04_object_deletion_server.exe"="D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex04_object_deletion_server.exe:*:Enabled:ex04_object_deletion_server"
"D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex08_file_transfer_server.exe"="D:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex08_file_transfer_server.exe:*:Enabled:ex08_file_transfer_server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit"
"C:\\Program Files\\FantasyGrounds\\FantasyGrounds.exe"="C:\\Program Files\\FantasyGrounds\\FantasyGrounds.exe:*:Enabled:FantasyGrounds"
"E:\\ProjectsC#\\ServerConsole\\bin\\Release\\ServerConsole.exe"="E:\\ProjectsC#\\ServerConsole\\bin\\Release\\ServerConsole.exe:*:Enabled:ServerConsole"
"E:\\ProjectsC#\\ChatTest\\bin\\Release\\ChatTest.exe"="E:\\ProjectsC#\\ChatTest\\bin\\Release\\ChatTest.exe:*:Enabled:ChatTest"
"D:\\Programming\\Delta3D\\build\\bin\\testEchoServer.exe"="D:\\Programming\\Delta3D\\build\\bin\\testEchoServer.exe:*:Enabled:testEchoServer"
"D:\\Programming\\Delta3D\\build\\bin\\testNetwork.exe"="D:\\Programming\\Delta3D\\build\\bin\\testNetwork.exe:*:Enabled:testNetwork"
"C:\\Program Files\\Common Files\\Microsoft Shared\\XNA\\XnaTrans\\v3.0\\XnaTransX.exe"="C:\\Program Files\\Common Files\\Microsoft Shared\\XNA\\XnaTrans\\v3.0\\XnaTransX.exe:LocalSubNet:Enabled:XNA Game Studio 3.0 Transport"
"C:\\Program Files\\Microsoft XNA\\XNA Game Studio\\v3.0\\Bin\\XnaLiveProxy.exe"="C:\\Program Files\\Microsoft XNA\\XNA Game Studio\\v3.0\\Bin\\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows - LIVE"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\Piotr\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.dll"="C:\\Documents and Settings\\Piotr\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\\Documents and Settings\\Piotr\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\Piotr\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"E:\\Projects XNA\\lidgren-network\\Samples\\ChatServer\\bin\\Release\\ChatServer.exe"="E:\\Projects XNA\\lidgren-network\\Samples\\ChatServer\\bin\\Release\\ChatServer.exe:*:Enabled:ChatServer"
"E:\\Projects XNA\\lidgren-network\\Samples\\ImageServer\\bin\\Release\\ImageServer.exe"="E:\\Projects XNA\\lidgren-network\\Samples\\ImageServer\\bin\\Release\\ImageServer.exe:*:Enabled:ImageServer"
"E:\\Projects XNA\\lidgren-network\\Samples\\LargePacketServer\\bin\\Release\\LargePacketServer.exe"="E:\\Projects XNA\\lidgren-network\\Samples\\LargePacketServer\\bin\\Release\\LargePacketServer.exe:*:Enabled:LargePacketServer"
"E:\\Projects XNA\\Adventurer\\AdventurerMasterServer\\bin\\Release\\AdventurerMasterServer.exe"="E:\\Projects XNA\\Adventurer\\AdventurerMasterServer\\bin\\Release\\AdventurerMasterServer.exe:*:Enabled:AdventurerMasterServer"
"E:\\Projects XNA\\lidgren-network\\Samples\\StressServer\\bin\\Release\\StressServer.exe"="E:\\Projects XNA\\lidgren-network\\Samples\\StressServer\\bin\\Release\\StressServer.exe:*:Enabled:StressServer"
"C:\\Program Files\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"="C:\\Program Files\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe:*:Enabled:Spider-Man(TM) - Web of Shadows"
"C:\\WinHTTrack\\WinHTTrack.exe"="C:\\WinHTTrack\\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes"
"D:\\Wesnoth\\wesnothd.exe"="D:\\Wesnoth\\wesnothd.exe:*:Enabled:wesnothd"
"D:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"="D:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe:*:Disabled:XSI"
"D:\\Programming\\Esenthel\\EsenthelEngineSDK\\Tutorials\\Tutorials.exe"="D:\\Programming\\Esenthel\\EsenthelEngineSDK\\Tutorials\\Tutorials.exe:*:Enabled:Tutorials"
"C:\\Program Files\\IDA\\idag.exe"="C:\\Program Files\\IDA\\idag.exe:*:Enabled:Interactive Disassembler (32-bit)"
"C:\\Program Files\\IDA\\idag64.exe"="C:\\Program Files\\IDA\\idag64.exe:*:Enabled:Interactive Disassembler (64-bit)"
"C:\\Original War\\OwarFull.dll"="C:\\Original War\\OwarFull.dll:*:Enabled:OwarFull"
"C:\\Program Files\\Heroes of Might and Magic III\\Heroes3.exe"="C:\\Program Files\\Heroes of Might and Magic III\\Heroes3.exe:*:Enabled:Heroes of Might and MagicR III (CDP)"
"C:\\CSTORM\\CSTORM.exe"="C:\\CSTORM\\CSTORM.exe:*:Enabled:MissionForce: CyberStorm from Dynamix, Inc"
"C:\\Mass Effect\\Binaries\\MassEffect.exe"="C:\\Mass Effect\\Binaries\\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\\Mass Effect\\MassEffectLauncher.exe"="C:\\Mass Effect\\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"="C:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe:*:Enabled:FantasyGrounds"
"C:\\Documents and Settings\\Piotr\\Pulpit\\ninja.exe"="C:\\Documents and Settings\\Piotr\\Pulpit\\ninja.exe:*:Enabled:ninja"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 28 Nov 2008        12,016 A..H. --- "C:\spm\spm-kf.bak"
Mon  5 Jan 2009        72,192 ..SHR --- "C:\RECYCLER\S-1-5-21-1455143099-5278492500-798028734-8514\hdav.exe"
Fri  8 Sep 2006       304,704 A..H. --- "C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe"
Mon 28 Feb 2005        61,440 A..H. --- "C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uinstrsc.dll"
Fri 17 Oct 2008     7,404,659 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7837c8972583fef84c1e0ba805a0472f\BIT511.tmp"
Sun 26 Oct 2008         1,977 ...HR --- "C:\Documents and Settings\Piotr\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]



Kod: Zaznacz wszystko

ComboFix 09-01-05.05 - Piotr 2009-01-06 19:42:42.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.3070.2464 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Piotr\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-12-06 do 2009-01-06  )))))))))))))))))))))))))))))))
.

2009-01-06 17:57 . 2009-01-06 17:57   580,096   --a--c---   c:\windows\system32\dllcache\user32.dll
2009-01-06 17:53 . 2009-01-06 17:54   <DIR>   d--------   c:\windows\ERUNT
2009-01-06 17:52 . 2009-01-06 19:16   <DIR>   d--------   C:\SDFix
2009-01-06 17:48 . 2009-01-06 17:48   51,232   --a------   C:\wwdc.exe
2009-01-06 17:47 . 2009-01-06 17:48   1,529,241   --a------   C:\SDFix.exe
2009-01-06 17:36 . 2009-01-06 17:36   <DIR>   d--------   c:\program files\Ninja
2009-01-06 17:08 . 1994-12-05 22:00   92,208   --a------   c:\windows\system\WING.DLL
2009-01-06 17:08 . 1994-12-05 22:00   12,800   --a------   c:\windows\system\WING32.DLL
2009-01-06 17:07 . 2009-01-06 17:07   <DIR>   d--------   c:\program files\TryMedia
2009-01-06 17:00 . 2009-01-06 17:00   36   --a------   c:\windows\screensaverusersettingHeroes III.ini
2009-01-05 22:52 . 2009-01-05 23:29   <DIR>   d--------   C:\HijackThis
2009-01-05 20:44 . 2009-01-05 20:49   <DIR>   d--------   C:\C4
2009-01-05 20:33 . 2002-12-08 16:29   208,896   --a------   c:\windows\system32\HDK3CTNT.dll
2009-01-05 20:33 . 1994-12-05 22:00   188,960   --a------   c:\windows\system32\WINGDE.DLL
2009-01-05 20:33 . 2002-07-11 16:17   173,056   --a------   c:\windows\system32\cncs32.dll
2009-01-05 20:33 . 2003-03-21 18:27   133,200   --a------   c:\windows\system32\CNCS.dll
2009-01-05 20:33 . 2002-12-08 16:29   114,176   --a------   c:\windows\system32\HDK3ANIM.dll
2009-01-05 20:33 . 1994-12-05 22:00   92,208   --a------   c:\windows\system32\WING.DLL
2009-01-05 20:33 . 1994-12-05 22:00   12,800   --a------   c:\windows\system32\WING32.DLL
2009-01-05 20:33 . 1994-12-05 22:00   6,736   --a------   c:\windows\system32\WINGDIB.DRV
2009-01-05 20:33 . 2002-12-08 16:29   5,647   --a------   c:\windows\system32\HDK3CRYP.dll
2009-01-05 20:33 . 1994-12-05 22:00   5,024   --a------   c:\windows\system32\WINGPAL.WND
2009-01-05 18:20 . 2009-01-05 18:20   <DIR>   d--------   c:\program files\Fantasy Grounds II
2009-01-02 12:20 . 2009-01-02 12:36   <DIR>   d--------   C:\Fraps
2009-01-02 12:20 . 2009-01-02 13:06   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-01 17:54 . 2009-01-01 17:54   <DIR>   d--------   c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2009-01-01 17:53 . 2009-01-01 17:55   <DIR>   d--------   c:\windows\NV36043136.TMP
2009-01-01 17:53 . 2008-12-08 17:42   201,616   --a------   c:\windows\system32\nvapps.nvb
2008-12-30 14:14 . 2008-12-30 14:14   <DIR>   d--------   C:\Freelancer
2008-12-27 18:51 . 2008-04-14 18:20   221,184   --a------   c:\windows\system32\wmpns.dll
2008-12-25 21:53 . 2008-12-25 21:53   <DIR>   d--------   c:\program files\Common Files\BioWare
2008-12-25 21:32 . 2008-12-25 21:54   <DIR>   d--------   C:\Mass Effect
2008-12-25 15:12 . 2008-12-25 15:18   8   --a------   c:\windows\system32\nvModes.dat
2008-12-25 15:00 . 2008-12-25 15:00   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-21 20:44 . 2008-12-21 20:44   37   --a------   c:\windows\Viewer.ini
2008-12-21 20:02 . 2008-12-23 22:59   <DIR>   d--------   C:\CSTORM
2008-12-20 22:47 . 2008-12-20 22:47   <DIR>   d--------   c:\program files\Sony
2008-12-20 18:22 . 2008-12-20 19:07   <DIR>   d--------   C:\C4_manual
2008-12-17 22:01 . 2008-12-17 22:01   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\MiKTeX
2008-12-17 21:57 . 2008-12-17 22:00   <DIR>   d--------   c:\program files\MiKTeX 2.7
2008-12-17 21:27 . 2008-12-17 21:32   <DIR>   d--------   C:\LaTeX
2008-12-16 15:51 . 2008-12-16 15:52   <DIR>   d--------   c:\windows\system32\NtmsData
2008-12-15 17:52 . 2008-12-15 17:52   <DIR>   d--------   c:\program files\GoldWave
2008-12-15 17:48 . 2008-12-15 17:48   0   --a------   c:\windows\sam7_E.INI
2008-12-14 19:55 . 2008-12-14 19:55   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Avg8
2008-12-14 15:25 . 2009-01-03 19:57   <DIR>   d--------   C:\Original War
2008-12-08 22:05 . 2008-12-08 22:35   <DIR>   d--------   c:\documents and settings\Piotr\Dane aplikacji\Mount&Blade
2008-12-08 22:03 . 2008-12-08 22:06   <DIR>   d--------   C:\Mount&Blade
2008-12-08 22:02 . 2008-11-03 19:10   399,385,059   --a------   C:\mountandblade_1011_setup.exe
2008-12-07 21:13 . 2008-12-07 21:13   <DIR>   d--------   c:\documents and settings\Piotr\Dane aplikacji\Datarescue
2008-12-07 21:09 . 2008-12-07 21:10   <DIR>   d--------   c:\program files\IDA
2008-12-07 17:41 . 2009-01-05 21:34   <DIR>   d--------   C:\Czarek - Piotrek - Jedi
2008-12-07 14:00 . 2008-12-07 14:22   31   --a------   c:\windows\progress

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 18:48   ---------   d-----w   c:\program files\DNA
2009-01-06 18:48   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\Dropbox
2009-01-06 18:48   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\DNA
2009-01-06 14:52   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\FileZilla
2009-01-06 14:16   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\BitTorrent
2009-01-01 16:54   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-01-01 15:27   ---------   d-----w   c:\program files\Diablo II
2008-12-26 19:51   ---------   d-----w   c:\program files\Winamp
2008-12-25 14:41   ---------   d-----w   c:\program files\Heroes Chronicles
2008-12-24 22:58   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\Thinstall
2008-12-23 15:50   ---------   d-----w   c:\program files\FXhome VisionLab Studio
2008-12-19 21:24   ---------   d-----w   c:\program files\Wiedźmin
2008-12-14 14:52   ---------   d-----w   c:\program files\Microsoft Silverlight
2008-12-08 16:42   6,179,744   ----a-w   c:\windows\system32\drivers\nv4_mini.sys
2008-12-07 12:38   ---------   d-----w   c:\program files\Common Files\Real
2008-12-05 14:50   ---------   d-----w   c:\program files\Guitar Pro 5
2008-12-05 14:04   ---------   d-----w   c:\program files\Microsoft DirectX SDK (November 2008)
2008-12-05 14:02   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-12-05 14:01   119,120   ----a-w   c:\windows\dxsdkuninst.exe
2008-12-05 14:00   ---------   d-----w   c:\program files\AGEIA Technologies
2008-12-04 19:08   ---------   d-----w   c:\program files\Twierdza
2008-12-04 17:49   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-04 14:54   ---------   d-----w   c:\program files\RADVideo
2008-11-30 14:08   ---------   d-----w   c:\program files\eMule
2008-11-29 14:25   137,825,996   ----a-w   C:\C4Manual.zip
2008-11-28 15:58   ---------   d-----w   c:\program files\MakeHuman 0.9.1 RC1
2008-11-28 15:52   ---------   d-----w   c:\program files\Java
2008-11-28 15:44   ---------   d-----w   c:\program files\Feeling Software
2008-11-28 13:56   ---------   d-----w   c:\program files\Common Files\Softimage
2008-11-28 13:56   ---------   d-----w   c:\program files\Common Files\Avid
2008-11-23 21:16   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Bimesoft
2008-11-22 19:50   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\Apple Computer
2008-11-22 19:45   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\World Machine 2 Basic
2008-11-22 19:06   ---------   d-----w   c:\program files\QuickTime
2008-11-22 19:06   ---------   d-----w   c:\program files\Common Files\Apple
2008-11-22 19:06   ---------   d-----w   c:\program files\Apple Software Update
2008-11-22 19:06   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2008-11-22 19:06   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Apple
2008-11-20 22:00   ---------   d-----w   c:\program files\Spider-Man - Web of Shadows
2008-11-20 11:26   ---------   d-----w   c:\program files\DragonRiders
2008-11-17 15:05   ---------   d-----w   c:\program files\Heroes of Might and Magic III
2008-11-13 11:41   ---------   d-----w   c:\program files\Common Files\3DO Shared
2008-11-11 17:56   ---------   d-----w   c:\program files\FLV to AVI Converter
2008-11-11 17:50   ---------   d-----w   c:\program files\Free Video Converter
2008-11-11 17:39   ---------   d-----w   c:\program files\Flash Decompiler Trillix
2008-11-10 18:26   ---------   d-----w   c:\documents and settings\Piotr\Dane aplikacji\CyberLink
2008-11-10 18:25   ---------   d-----w   c:\program files\CyberLink
2008-11-10 18:25   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-11-08 18:24   ---------   d-----w   c:\program files\Microsoft SQL Server
2008-11-08 18:23   ---------   d-----w   c:\program files\Microsoft.NET
2008-11-08 18:16   ---------   d-----w   c:\program files\Microsoft Visual Studio 9.0
2008-11-08 18:15   ---------   d-----w   c:\program files\Microsoft Web Designer Tools
2008-11-07 16:28   2,829   ----a-w   c:\windows\DIIUnin.pif
2008-11-07 16:28   106,496   ----a-w   c:\windows\DIIUnin.exe
.

(((((((((((((((((((((((((((((   snapshot@2009-01-05_23.26.19.29   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04   163,328   ----a-w   c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-01-06 16:54:38   11,005,952   ----a-w   c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-01-06 16:54:38   372,736   ----a-w   c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04   163,328   ----a-w   c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-01-06 16:54:12   11,005,952   ----a-w   c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-01-06 16:54:12   372,736   ----a-w   c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-12-26 19:48:55   92,048   ----a-w   c:\windows\system32\perfc009.dat
+ 2009-01-06 18:41:30   92,048   ----a-w   c:\windows\system32\perfc009.dat
- 2008-12-26 19:48:55   108,480   ----a-w   c:\windows\system32\perfc015.dat
+ 2009-01-06 18:41:30   108,480   ----a-w   c:\windows\system32\perfc015.dat
- 2008-12-26 19:48:55   498,002   ----a-w   c:\windows\system32\perfh009.dat
+ 2009-01-06 18:41:30   498,002   ----a-w   c:\windows\system32\perfh009.dat
- 2008-12-26 19:48:55   556,178   ----a-w   c:\windows\system32\perfh015.dat
+ 2009-01-06 18:41:30   556,178   ----a-w   c:\windows\system32\perfh015.dat
- 2009-01-05 22:23:19   14,050   ----a-w   c:\windows\system32\tablet.dat
+ 2009-01-06 18:47:58   14,050   ----a-w   c:\windows\system32\tablet.dat
+ 2009-01-06 18:47:52   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_7ac.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20   143360   --a------   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20   143360   --a------   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 08:20   143360   --a------   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 18:59   2953216   --a------   c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 18:59   2953216   --a------   c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="d:\alcohol soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Google Update"="c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-11-14 133104]
"avp"="c:\recycler\S-1-5-21-1455143099-5278492500-798028734-8514\hdav.exe" [2009-01-05 72192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13594624]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"WLSS"="c:\program files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 190000]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2008-12-08 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]
"nwiz"="nwiz.exe" [2008-12-08 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

c:\documents and settings\Piotr\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Dropbox.lnk - c:\program files\Dropbox\Dropbox.exe [2008-09-26 24096981]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 561213]
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-01-17 41042]
ninja.lnk - c:\program files\Ninja\ninja.exe [2009-01-06 695296]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-10-27 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 18:46 90112 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli psqlpwd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex00_connect_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex01_lanbroadcast_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex02_zoidlevel_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex03_object_replication_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex04_object_deletion_server.exe"=
"d:\\Programming\\zoidcom\\samples\\bin\\mingw\\ex08_file_transfer_server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\FantasyGrounds\\FantasyGrounds.exe"=
"e:\\ProjectsC#\\ServerConsole\\bin\\Release\\ServerConsole.exe"=
"e:\\ProjectsC#\\ChatTest\\bin\\Release\\ChatTest.exe"=
"d:\\Programming\\Delta3D\\build\\bin\\testEchoServer.exe"=
"d:\\Programming\\Delta3D\\build\\bin\\testNetwork.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Piotr\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Piotr\\Ustawienia lokalne\\Dane aplikacji\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\ChatServer\\bin\\Release\\ChatServer.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\ImageServer\\bin\\Release\\ImageServer.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\LargePacketServer\\bin\\Release\\LargePacketServer.exe"=
"e:\\Projects XNA\\Adventurer\\AdventurerMasterServer\\bin\\Release\\AdventurerMasterServer.exe"=
"e:\\Projects XNA\\lidgren-network\\Samples\\StressServer\\bin\\Release\\StressServer.exe"=
"c:\\Program Files\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"c:\\WinHTTrack\\WinHTTrack.exe"=
"d:\\Wesnoth\\wesnothd.exe"=
"d:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"=
"d:\\Programming\\Esenthel\\EsenthelEngineSDK\\Tutorials\\Tutorials.exe"=
"c:\\Program Files\\IDA\\idag.exe"=
"c:\\Program Files\\IDA\\idag64.exe"=
"c:\\Original War\\OwarFull.dll"=
"c:\\Program Files\\Heroes of Might and Magic III\\Heroes3.exe"=
"c:\\CSTORM\\CSTORM.exe"=
"c:\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"=
"c:\\Documents and Settings\\Piotr\\Pulpit\\ninja.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2008-10-01 9856]
R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbe46db5-da60-11dd-a1e7-001cbf1d9ff5}]
\Shell\AutoRun\command - G:\USBNB.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1482476501-839522115-1004.job
- c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-14 23:23]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\c2gkrnfg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - plugin: c:\documents and settings\Piotr\Dane aplikacji\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: d:\adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: d:\k-lite codec pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\k-lite codec pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 19:48:26
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1482476501-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\S*NULL*P*NULL*O*NULL*R*NULL*E*NULL*"!]
"Order"=hex:08,00,00,00,02,00,00,00,02,02,00,00,01,00,00,00,04,00,00,00,88,00,\
  00,00,00,00,00,00,7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,32,\
  00,ac,05,00,00,58,39,1d,73,20,00,50,4c,49,4b,50,52,7e,31,2e,4c,4e,4b,00,00,\
  3e,00,03,00,04,00,ef,be,58,39,1d,73,72,39,40,a1,14,00,00,00,50,00,6c,00,69,\
  00,6b,00,20,00,50,00,72,00,7a,00,65,00,63,00,7a,00,79,00,74,00,61,00,6a,00,\
  2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
  00,00,00,00,00,00,00,00,00,7a,00,00,00,01,00,00,00,6c,00,00,00,41,75,67,4d,\
  02,00,00,00,01,00,00,00,5a,00,32,00,8e,07,00,00,58,39,1d,73,20,00,50,4f,4d,\
  4f,43,45,7e,31,2e,4c,4e,4b,00,00,30,00,03,00,04,00,ef,be,58,39,1d,73,72,39,\
  40,a1,14,00,00,00,50,00,6f,00,6d,00,6f,00,63,00,20,00,45,00,41,00,2e,00,6c,\
  00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,\
  00,00,00,00,00,00,74,00,00,00,02,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,\
  00,01,00,00,00,54,00,32,00,a0,06,00,00,58,39,1d,73,20,00,53,50,4f,52,45,7e,\
  31,2e,4c,4e,4b,00,2c,00,03,00,04,00,ef,be,58,39,1d,73,72,39,40,a1,14,00,00,\
  00,53,00,50,00,4f,00,52,00,45,00,22,21,2e,00,6c,00,6e,00,6b,00,00,00,1a,00,\
  0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00,80,00,00,\
  00,03,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,32,00,\
  b9,07,00,00,58,39,1d,73,20,00,55,53,55,53,50,4f,7e,31,2e,4c,4e,4b,00,00,36,\
  00,03,00,04,00,ef,be,58,39,1d,73,72,39,41,a1,14,00,00,00,55,00,73,00,75,00,\
  44,01,20,00,53,00,50,00,4f,00,52,00,45,00,22,21,2e,00,6c,00,6e,00,6b,00,00,\
  00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-1844237615-1482476501-839522115-1004\Software\SecuROM\License information*NULL*]
"datasecu"=hex:4f,6f,e7,c2,47,e4,f2,12,dd,e4,91,aa,30,36,1f,34,c2,d7,45,e0,a1,\
  44,14,9b,62,83,c4,34,4a,1e,5a,03,e2,68,4b,ac,20,8a,06,70,1d,c7,e4,11,79,d3,\
  3d,21,bb,e6,d9,e3,15,c4,94,df,65,ef,3a,c7,c5,2a,2b,14,ce,17,9b,93,52,57,39,\
  70,2d,f2,2a,bd,dc,93,a6,eb,c1,a2,d6,85,5d,04,4b,9c,52,84,25,fc,39,f2,b6,b2,\
  b3,85,6f,2d,e7,c2,2c,58,70,a0,6e,b1,e4,e7,ac,ea,6c,90,ba,29,0a,57,49,63,b1,\
  6a,25,a4,8b,bc,e8,e9,cd,1b,79,02,6a,52,4d,d9,71,fd,40,84,c2,ca,9f,cb,79,e9,\
  db,18,91,e1,37,cd,09,64,09,25,3e,96,64,75,d0,ac,c9,62,44,80,2f,5d,31,c1,27,\
  70,46,7f,17,7b,e3,53,7e,8a,0a,fc,37,6f,d2,8d,7d,7a,51,a0,9d,e2,9c,8d,18,65,\
  48,0f,a0,8a,f8,c3,1e,1e,a3,f0,6f,a5,65,89,5e,bb,53,02,d3,d2,31,c4,07,75,3a,\
  2e,7b,6e,49,23,3d,d2,7d,ac,8f,42,f1,f7,1f,75,dc,3b,5b,9c,ec,59,8f,7c,b7,53,\
  90,28,c5,bd,c3,f6,7e,75,44,a3,05,1a,4d,93,b9,2f,81,3a,c8,ea,e5,9b,4e,95,b5,\
  85,38,21,6a,5d,54,79,c7,3b,f2,28,43,63,e1,07,8c,f3,f6,50,bb,f5,47,85,9d,f8,\
  42,03,a1,b3,ed,dd,31,5c,74,5d,00,24,03,78,8b,db,a1,09,84,71,45,f0,55,11,fb,\
  c0,c3,aa,6c,25,93,4b,7b,c9,2a,19,14,68,5d,40,05,a6,1a,42,2c,a9,a9,4e,26,7f,\
  a3,db,32,1e,27,b9,15,14,e8,08,13,57,aa,ce,67,85,76,ef,1c,d7,42,69,e9,55,e0,\
  41,2c,95,d6,33,b2,a6,95,2a,b4,ba,f5,9d,34,cb,be,8c,2c,db,88,cf,13,8e,54,c3,\
  68,bf,18,50,9d,d7,2b,e2,f1,84,23,fd,34,c8,df,0f,73,99,5a,8d,7a,90,e8,a1,d8,\
  6f,8d,09,6c,58,5e,e1,98,29,20,bc,f4,3d,ed,85,40,14,08,52,23,94,aa,e8,45,e3,\
  74,c5,fb,0f,2f,f7,0a,3f,82,3f,58,d6,0d,9d,26,be,60,d4,65,6f,61,88,cf,19,99,\
  f6,fd,bf,9b,2a,a2,de,45,52,9a,17,89,d9,8c,af,eb,0d,ef,a9,92,37,54,48,30,6a,\
  7c,7f,40,11,da,0e,07,ec,8e,0f,ec,df,fd,85,dc,57,e1,4f,4d,9d,a3,bd,4a,bc,5b,\
  57,65,fe,81,3a,7b,e2,f9,9b,88,89,48,5a,78,c2,8b,5d,a5,9d,49,fd,63,fa,94,fc,\
  e4,07,1b,e5,d6,c0,a5,cc,e8,34,42,aa,ee,0d,df,ed,4f,69,ee,d5,22,4c,39,64,c1,\
  51,d1,c5,af,35,eb,c0,88,c8,4e,67,d5,aa,b3,ef,76,0f,85,c3,08,ce,27,99,f0,37,\
  82,d6,87,9a,b7,e0,0e,b0,2a,20,67,5e,aa,ad,e6,e7,2c,97,76,bf,7c,81,28,89,d5,\
  f6,21,7b,c7,99,93,84,bf,03,70,65,b7,b8,82,bc,96,99,a7,b1,2f,94,5b,09,14,74,\
  b1,1f,4e,a9,15,da,a7,04,14,25,ef,af,87,71,b8,88,d9,e9,7f,d8,02,73,97,c2,d8,\
  c0,65,ca,6b,da,39,cb,23,60,39,5e,e3,df,b6,8b,64,17,fb,dd,52,7b,73,c6,e2,b3,\
  b6,5f,57,3b,79,29,bb,6f,59,89,35,22,90,15,c8,76,30,e8,a2,cd,a9,84,62,06,24,\
  83,88,1c,bc,0e,51,a6,9b,68,61,e1,cf,d4,5b,fd,ce,32,05,c2,16,5a,36,ce,61,0f,\
  c6,c4,75,79,54,14,d2,80,d6,32,c5,d2,ca,d4,ef,c9,b4,ce,3b,5d,ef,1e,bc,ba,c7,\
  40,d3,77,9d,a3,0c,1a,fb,67,3f,12,d1,5c,3e,56,0e,64,82,03,c2,3b,77,dc,07,93,\
  4b,55,76,41,3e,ec,26,0e,22,19,44,05,c0,d0,cf,77,d7,ae,44,60,36,0c,28,3a,0c,\
  30,fc,ff,7f,6b,64,e1,75,58,4a,c3,ae,ae,08,87,7b,fc,54,32,24,53,2d,d6,f9,63,\
  82,73,ae,d6,05,78,4a,81,44,af,a6,d5,33,40,6f,fb,de,08,e0,1a,d3,9c,ee,d9,3f,\
  d1,65,a1,5e,99,d7,a0,27,ee,9c,04,b4,08,3b,65,bf,11,47,b2,47,2f,8c,59,55,06,\
  b4,9b,3f,97,20,6f,43,0b,0f,43,72,f6,2c,7e,26,9a,3c,cb,13,b8,7d,c8,57,5e,40,\
  dd,b6,77,66,ff,3b,51,c1,d6,d9,68,1c,63,3c,18,90,b1,b4,33,8f,be,52,ec,54,1c,\
  55,77,96,14,62,b2,85,92,08,74,70,ba,d8,d4,95,5e,6f,fb,86,a1,78,d1,28,82,53,\
  56,d7,71,15,3c,e7,8e,9f,a5,53,a3,16,9d,6a,64,5a,f3,d2,1e,5e,fe,6d,0d,83,4f,\
  6b,af,4d,8a,ae,e6,3c,7a,81,f6,94,12,37,41,5b,36,a9,bb,0f,9b,4c,af,38,30,9c,\
  cd,5e,a1,5e,83,c6,3f,67,a1,a4,7d,7b,36,1f,d5,43,5a,59,c5,48,06,12,71,63,ea,\
  0c,69,a7,b0,6b,e1,7c,24,99,8b,7a,9b,94,03,48,2d,a3,f4,4a,c3,d1,4f,a9,f2,ec,\
  af,a6,b4,9d,33,45,7d,5e,b5,8f,8d,47,df,47,f0,b8,db,f6,bd,16,2d,d0,98,89,fa,\
  2b,71,91,8a,3d,53,73,e9,0f,6f,9c,a1,e5,39,9b,17,f5,e6,26,c7,df,04,ad,62,3d,\
  00,c7,45,1e,00,db,81,e3,b9,e7,69,a8,c4,86,0e,25,4e,91,93,61,b2,e1,3c,c6,45,\
  2e,16,84,0e,64,82,eb,6a,d4,08,87,87,4d,6c,ab,ea,2e,5c,dd,5e,a0,85,ab,66,a9,\
  3c,c6,7c,7c,80,d9,47,4d,16,67,78,fa,35,2d,49,77,48,5c,1c,3e,0b,89,53,d3,74,\
  35,09,1a,8c,f2,24,77,de,a7,fd,08,74,d9,88,2c,cd,5d,6f,21,98,7a,66,22,61,54,\
  b6,a6,63,bb,25,dc,b0,01,a5,38,09,b7,63,ab,7e,d3,7b,d2,07,0e,de,b1,cd,24,15,\
  64,56,c9,46,84,cc,07,67,de,36,83,65,9b,74,b6,87,0c,2b,0d,6e,f0,20,2a,f8,32,\
  a3,08,64,cb,6a,32,54,da,92,bb,0a,09,68,91,e8,f5,af,e9,0f,a7,ce,75,5d,3e,ca,\
  90,eb,d2,e9,88,5d,cc,2c,61,25,19,e5,c1,93,87,47,0a,ca,a8,6e,85,81,20,a3,3a,\
  be,f1,12,83,9f,1a,bb,bc,88,0f,7c,84,3a,e3,e4,2b,96,e7,dd,e0,95,14,a9,99,95,\
  6a,07,c0,bf,fa,65,17,7a,47,13,4a,a3,e3,09,0d,e4,d5,2a,d4,3d,1f,4e,bb,93,cc,\
  d8,e1,59,f0,cc,73,d9,c4,c3,f5,02,ba,d0,3b,bc,a0,dd,b8,48,6e,fc,07,95,1f,dd,\
  86,72,bf,f9,b4,07,cb,2c,e8,19,e4,ad,6b,8d,7c,ab,c1,02,74,51,7e,8e,d8,f8,1b,\
  86,65,12,84,86,ec,e7,dc,48,20,8a,fd,5b,c4,54,bd,fd,62,16,75,19,14,ff,11,84,\
  99,07,84,2d,da,7b,c3,fe,6f,f1,de,a9,5d,ba,dd,76,14,44,6b,ae,ea,f5,e6,99,b0,\
  1f,a7,26,34,6b,e7,92,5a,ef,0c,e2,78,fc,e4,b6,0f,2a,7e,ca,7a,8a,2d,b4,10,4c,\
  1b,87,df,ec,21,da,74,ff,96,df,a1,c6,3c,48,36,08,35,a2,92,7d,e7,a9,2c,fd,0f,\
  3b,6b,99,93,5b,f2,cb,c7,ba,b3,d6,8b,d7,6c,95,8f,ad,1b,76,a0,46,08,6d,1e,de,\
  95,be,5d,a2,49,c9,f5,f1,05,4c,5a,02,e4,76,25,dd,7f,99,d1,c5,44,a2,ed,4a,69,\
  f2,d7,09,0c,1f,d8,48,5e,4b,ff,ab,21,9b,ee,3c,af,0c,cb,14,05,56,9a,f8,e2,18,\
  89,1e,e0,c3,32,da,a7,dd,46,ac,1c,13,de,56,90,20,4b,cf,bc,c2,eb,6f,3c,c6,dc,\
  5a,e5,0a,ac,41,0f,a2,09,f5,e6,43,7b,d7,79,86,20,05,6f,97,53,cb,8c,0e,92,8b,\
  19,49,0c,e9,d4,4a,b8,e7,07,3e,86,e9,3a,12,12,3c,9c,65,b7,4e,a1,92,41,9b,72,\
  f3,82,7b,eb,f5,a4,61,54,4d,4d,47,63,5a,f1,e3,a2,c9,b0,64,61,2d,1d,df,00,02,\
  69,9f,2c,f1,e9,f6,a3,4f,d6,d1,41,bc,b5,fb,58,08,17,a6,b6,3e,30,e1,73,8e,02,\
  05,57,e9,32,cd,19,96,b6,93,06,5a,fa,0b,54,f2,a3,d7,85,71,46,03,6f,3b,82,24,\
  41,28,a7,f4,e9,ed,24,0d,72,12,23,b3,b7,3b,5a,c9,12,97,25,ea,dc,6d,a3,36,8a,\
  8d,12,4b,73,43,2b,62,c9,34,3b,59,dc,b2,ca,ab,5b,1b,ed,2a,c1,b9,b3,3d,58,bb,\
  ae,d5,d9,e0,2b,25,6a,5b,b2,29,76,64,a3,4e,27,65,bf,d7,74,30,23,fd,06,41,6b,\
  ba,6c,85,7f,d5,82,c1,73,18,6e,46,41,1e,9a,0a,58,87,72,f2,e6,40,14,fb,14,43,\
  ac,f0,82,3b,c3,2d,39,8f,cf,b3,de,02,6a,d7,44,ef,f8,49,4b,23,5a,1a,c8,51,a1,\
  3c,4f,1d,7e,64,d7,1a,ab,10,a4,70,08,2a,6f,bb,78,3d,1d,dc,3e,83,77,db,d4,db,\
  cf,79,8d,e7,45,92,a1,ee,13,b5,ae,c9,b9,3c,52,51,b9,db,9a,e7,83,32,64,85,21,\
  f2,76,63,af,21,99,03,f6,e3,f1,34,c0,23,02,ca,bd,61,7f,84,61,63,c6,2d,99,87,\
  77,a4,8e,13,7e,9d,db,c5,2c,5a,74,dc,a5,ae,f6,45,55,88,4d,19,ef,f7,03,4d,5e,\
  12,03,45,a6,12,03
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\tabhook.dll

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\spm\spmdib.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Apache Group\Apache2\bin\Apache.exe
d:\alcohol soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-06 19:51:40 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-01-06 18:51:38
ComboFix2.txt  2009-01-05 22:26:38

Przed: 1 633 206 272 bajtów wolnych
Po: 1,615,843,328 bajtów wolnych

443   --- E O F ---   2008-12-27 10:41:05


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:48, on 2009-01-06
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\spm\spmdib.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
D:\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Ninja\ninja.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [avp] C:\RECYCLER\S-1-5-21-1455143099-5278492500-798028734-8514\hdav.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: ninja.lnk = C:\Program Files\Ninja\ninja.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Flash Decompiler Trillix\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Flash Decompiler Trillix\iebt.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmdib.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9919 bytes


[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[L_Devil]

Kod: Zaznacz wszystko

środa, 7 styczeń 2009
System operacyjny: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (build 2600)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Wednesday, January 07, 2009 17:43:08
Liczba wpisów: 1579372
Ustawienia skanowania
Typ bazy danych użytej do skanowania    rozszerzona
Skanuj archiwa    tak
Skanuj pocztowe bazy danych    tak
Obszar skanowania    Mój komputer
C:\
D:\
E:\
F:\
H:\
Statystyki skanowania
Przeskanowanych plików    301814
Nazwa zagrożenia    3
Zainfekowanych obiektów    9
Podejrzanych obiektów    0
Czas skanowania    02:53:14

Nazwa pliku    Nazwa zagrożenia    Liczba zagrożeń
C:\!files.drakan.ru\pub\fgf095.zip   Zainfekowany: not-a-virus:AdWare.Win32.Aureate.a   5   
C:\!files.drakan.ru\pub\RADMIN21.EXE   Zainfekowany: not-a-virus:RemoteAdmin.Win32.RAdmin.20   2   
C:\!files.drakan.ru\pub\RADMIN21.EXE   Zainfekowany: not-a-virus:RemoteAdmin.Win32.RAdmin.21   2   
Wybrany obszar został przeskanowany.

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.20.7238                             *
*                                                                              *
********************************************************************************

Created at 22:38:21 on Wednesday, January 07, 2009

Time Zone            :

Logged On User       : Piotr

Operating System     : Microsoft Windows XP Home Edition Dodatek Service Pack 3
OS Version           : 5.1.2600
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X86 Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   : System
System Drive Size    : 81.92 GB
System Drive Free    : 1.46 GB

Total Physical Memory: 3070 MB
Free Physical Memory : 2280 MB
Total Page File      : 3070 MB
Free Page File       : 4273 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1969 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

[wojtas]

wydaje sie byc ok