ComboFix 10-10-12.03 - Administrator 2010-10-14 15:21:41.16.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.1.1250.48.1045.18.512.87 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Dane aplikacji\download2 c:\documents and settings\Administrator\Dane aplikacji\download2\svcnost.exe c:\documents and settings\Administrator\Dane aplikacji\SystemProc c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\1-removewga.exe c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf c:\windows\system32\drivers\npf.sys c:\windows\system32\drivers\str.sys c:\windows\system32\Packet.dll c:\windows\system32\wpcap.dll G:\Autorun.inf c:\windows\system32\qmgr.dll . . . jest zainfekowany!! c:\windows\system32\grpconv.exe . . . brak pliku!! c:\windows\system32\proquota.exe . . . brak pliku!! . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Pliki utworzone od 2010-09-14 do 2010-10-14 ))))))))))))))))))))))))))))))) . 2010-10-14 10:44 . 2010-10-14 10:44 -------- d-----w- C:\_OTL 2010-10-14 10:31 . 2009-12-17 20:34 100104 ----a-w- C:\KatesKiller.exe 2010-10-07 13:53 . 2010-10-07 13:53 1409 ----a-w- c:\windows\QTFont.for 2010-09-17 07:36 . 2010-09-17 12:43 69120 ----a-w- c:\windows\system32\drivers\scplhqkvrkfuzb.sys 2010-09-17 07:36 . 2010-09-17 12:43 69120 ----a-w- c:\windows\system32\drivers\oopuhnpkpjv.sys 2010-09-15 21:56 . 2010-09-15 21:56 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\download . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2004-07-09 02:27 . E393D47674124AB0754AC77B132C5DB7 . 1689600 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll c:\windows\System32\wscntfy.exe ... - brak elementu !! c:\windows\System32\xmlprov.dll ... - brak elementu !! . ((((((((((((((((((((((((((((( SnapShot_2010-05-04_22.11.05 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-14 13:27 . 2010-10-14 13:27 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat + 2010-09-09 12:46 . 2005-01-12 09:00 28672 c:\windows\system32\vxblock.dll + 2010-09-09 12:46 . 2005-04-25 09:03 56320 c:\windows\system32\pxinsa64.exe + 2010-09-09 12:46 . 2005-04-25 09:03 61440 c:\windows\system32\pxhpinst.exe + 2010-09-09 12:46 . 2004-09-27 08:00 56832 c:\windows\system32\pxcpya64.exe + 2010-05-27 20:09 . 2010-05-27 20:09 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2007-09-18 00:28 . 2010-06-03 19:43 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2010-09-09 12:46 . 2005-04-25 09:03 20640 c:\windows\system32\drivers\PxHelp20.sys + 2010-08-23 22:44 . 2010-04-29 13:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys + 2010-08-23 22:44 . 2010-04-29 13:39 19288 c:\windows\system32\drivers\mbam.sys + 2010-05-04 22:35 . 2010-10-14 10:46 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2005-02-07 18:32 . 2010-04-27 20:41 16384 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2005-02-07 18:32 . 2010-10-14 10:46 16384 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2005-02-07 18:32 . 2010-04-27 20:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-08-09 13:42 . 2010-10-14 10:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2002-09-20 14:04 . 2002-09-20 14:04 78848 c:\windows\msfpmi2.dll + 2010-06-16 23:05 . 2010-06-16 23:05 21504 c:\windows\Installer\7cbf63.msi + 2010-05-20 10:36 . 2010-05-20 10:36 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe + 2010-08-30 17:35 . 2009-06-07 14:24 180224 c:\windows\system32\xvidvfw.dll + 2007-08-05 13:38 . 2009-06-07 14:16 819200 c:\windows\system32\xvidcore.dll + 2010-09-09 12:46 . 2005-05-05 20:50 151552 c:\windows\system32\pxwma.dll + 2010-09-09 12:46 . 2005-05-05 20:48 339968 c:\windows\system32\pxwave.dll + 2010-09-09 12:46 . 2005-05-05 20:49 172032 c:\windows\system32\pxmas.dll + 2010-09-09 12:46 . 2005-04-25 09:03 109568 c:\windows\system32\pxinsi64.exe + 2010-09-09 12:46 . 2005-05-06 08:01 421888 c:\windows\system32\pxdrv.dll + 2010-09-09 12:46 . 2004-09-27 08:00 108544 c:\windows\system32\pxcpyi64.exe + 2010-09-09 12:46 . 2005-05-05 20:50 372736 c:\windows\system32\px.dll + 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe + 2010-09-09 04:16 . 2010-07-17 03:00 153376 c:\windows\system32\javaws.exe - 2009-11-23 17:17 . 2009-10-11 02:17 145184 c:\windows\system32\javaw.exe + 2010-09-09 04:16 . 2010-07-17 03:00 145184 c:\windows\system32\javaw.exe + 2010-09-09 04:16 . 2010-07-17 03:00 145184 c:\windows\system32\java.exe - 2009-11-23 17:17 . 2009-10-11 02:17 145184 c:\windows\system32\java.exe + 2010-06-10 05:14 . 2010-07-17 03:00 423656 c:\windows\system32\deployJava1.dll + 2010-09-09 04:16 . 2010-09-09 04:16 180224 c:\windows\Installer\246fb73.msi + 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2010-09-27 13:40 . 2010-09-27 13:40 1223680 c:\windows\Installer\9458643.msi + 2010-10-13 21:14 . 2010-10-13 21:15 2647552 c:\windows\Installer\3c49c7.msi . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-06 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-22 196608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-23 219136] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 01000000 [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Media Player.lnk] path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Media Player.lnk backup=c:\windows\pss\Adobe Media Player.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Server4PC.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Server4PC.lnk backup=c:\windows\pss\Server4PC.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe R0 YzIdiot;YzIdiot;c:\windows\system32\drivers\YzIdiot.sys [2008-04-17 26192] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] R2 ChannelRg;ChannelRg;c:\program files\Common Files\GoldenSoft\ChannelRg.exe [2008-04-17 86016] S0 fngkxwitv;fngkxwitv;c:\windows\system32\drivers\scplhqkvrkfuzb.sys [2010-09-17 69120] S0 khqlmxop;khqlmxop;c:\windows\system32\drivers\oopuhnpkpjv.sys [2010-09-17 69120] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 136176] S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552] . Zawartość folderu 'Zaplanowane zadania' 2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0da84ca71038.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 10:32] 2010-10-12 c:\windows\Tasks\expressburnShakeIcon.job - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-09 09:36] . . ------- Skan uzupełniający ------- . uStart Page = about:blank mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-download - c:\documents and settings\Administrator\Dane aplikacji\download2\svcnost.exe HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\Administrator\Dane aplikacji\SystemProc\lsass.exe . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(380) c:\windows\System32\ODBC32.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'lsass.exe'(436) c:\windows\System32\dssenh.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\progra~1\Grisoft\AVG7\avgamsvr.exe c:\progra~1\Grisoft\AVG7\avgupsvc.exe c:\progra~1\Grisoft\AVG7\avgemc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe . ************************************************************************** . Czas ukończenia: 2010-10-14 15:30:13 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-10-14 13:30 ComboFix2.txt 2010-08-09 13:21 ComboFix3.txt 2010-06-07 05:39 ComboFix4.txt 2010-05-04 22:13 ComboFix5.txt 2010-08-09 13:40 Przed: 9 414 131 712 bajtów wolnych Po: 9 417 277 440 bajtów wolnych - - End Of File - - 1803CC0575F318F18151EB1D01D73ED1