ComboFix 10-09-30.05 - er! 2010-10-01 20:03:32.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1549 [GMT 2:00] Uruchomiony z: c:\documents and settings\er!\Pulpit\ComboFix.exe . PEV Error: ProfilesFile ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Data c:\windows\system32\EXPLORER.EXE(2).VIR . ((((((((((((((((((((((((( Pliki utworzone od 2010-09-01 do 2010-10-01 ))))))))))))))))))))))))))))))) . 2010-10-01 17:30 . 2010-10-01 17:31 -------- d-----w- c:\windows\LastGood 2010-09-10 14:08 . 2010-09-10 14:08 -------- d-sh--w- c:\documents and settings\er!\IECompatCache . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-01 09:31 . 2009-09-10 12:52 1 ----a-w- c:\documents and settings\er!\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-01 10:25 . 2010-09-01 10:19 -------- d-----w- c:\program files\PLAY ONLINE 2009-03-21 14:08 . 2004-08-03 22:44 167384 --sha-r- c:\windows\system32\vnxtaihg.dll . ------- Sigcheck ------- [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys [-] 2004-10-11 09:20 . C9BF4BC4D24A3A25E4A4894499FD9A6A . 25088 . . [10.0.3790.3650] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-10-11 09:20 . C9BF4BC4D24A3A25E4A4894499FD9A6A . 25088 . . [10.0.3790.3650] . . c:\windows\system32\MsPMSNSv.dll [-] 2004-10-11 09:20 . C9BF4BC4D24A3A25E4A4894499FD9A6A . 25088 . . [10.0.3790.3650] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2004-08-03 22:44 . FA83DF4EE3B86E5CE53A5EA425F3F472 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoD"="c:\documents and settings\er!\Moje dokumenty\GoD\GoD.exe" [2010-05-05 932352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776] "nwiz"="nwiz.exe" [2007-12-04 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136] "RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592] "DataCardMonitor"="c:\program files\blueconnect\DataCardMonitor.exe" [2009-09-14 249856] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] 2009-06-04 20:56 869888 ----a-w- d:\program files\ALLPlayer\ALLUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE] 2008-04-14 17:21 1035264 ----a-w- c:\windows\explorer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-08 20:17 52256 ----a-w- d:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-12-05 10:30 2295072 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 12:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-03-14 19:01 71216 ------w- d:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-09-10 12:38 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 ----a-w- d:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UPS"=3 (0x3) "srservice"=2 (0x2) "RichVideo"=2 (0x2) "NVSvc"=2 (0x2) "NMIndexingService"=3 (0x3) "NBService"=3 (0x3) "LightScribeService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2477:TCP"= 2477:TCP:xtdkawtx R4 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys --> c:\windows\system32\drivers\klbg.sys [?] S2 pvenh;Image Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-09-10 1684736] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - RKREVEAL150 *Deregistered* - RKREVEAL150 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs pvenh [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-12-05 10:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\er!\Dane aplikacji\Mozilla\Firefox\Profiles\6s1vdwuy.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/firefox?client=firefox-a&rls=org.mozilla:pl:official FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-wsctf.exe - wsctf.exe AddRemove-HijackThis - c:\documents and settings\er!\Pulpit\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-01 20:06 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DataCardMonitor = c:\program files\blueconnect\DataCardMonitor.exe????????????????????????Z? ?????x???x?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pvenh] "ServiceDll"="c:\windows\system32\vnxtaihg.dll" . Czas ukończenia: 2010-10-01 20:09:09 ComboFix-quarantined-files.txt 2010-10-01 18:08 Przed: 2 800 660 480 bajtów wolnych Po: 2 763 239 424 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 9E448FEDB5BDA71DD727D920D88BD0CC