ComboFix 10-06-01.05 - DOM 2010-06-02 17:23:11.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1489 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\DOM\Pulpit\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\nfr.assembly C:\WINDOWS\system32\nfr.gpref Zainfekowana kopia C:\WINDOWS\system32\drivers\ndis.sys została znaleziona. Problem naprawiono Plik odzyskano z - C:\System Volume Information\_restore{22B7BB32-0A4B-4369-9F1A-73633046E660}\RP350\A0051822.sys . ((((((((((((((((((((((((( Pliki utworzone od 2010-05-02 do 2010-06-02 ))))))))))))))))))))))))))))))) . 2010-06-01 11:40:57 . 2008-11-23 09:23:04 97792 ----a-w- C:\WINDOWS\system32\drivers\NSHE.SYS 2010-06-01 11:27:19 . 2006-11-22 08:01:48 693760 ----a-w- C:\WINDOWS\system32\drivers\hardlock.sys 2010-06-01 11:27:17 . 2010-06-01 11:27:17 191488 ----a-w- C:\WINDOWS\system32\hlvdd.dll 2010-06-01 11:27:14 . 2006-12-20 09:55:08 3066968 ----a-w- C:\WINDOWS\system32\hinstd.dll 2010-06-01 11:27:14 . 2006-12-20 08:00:20 671112 ----a-w- C:\WINDOWS\system32\hdinst_windows.dll 2010-06-01 11:27:14 . 2006-12-20 08:00:16 2511360 ----a-w- C:\WINDOWS\system32\haspds_windows.dll 2010-06-01 11:27:14 . 2006-11-30 09:06:00 69632 ----a-w- C:\WINDOWS\system32\hasp_inst_help1.dll 2010-06-01 11:27:14 . 2005-09-06 15:06:20 28672 ----a-w- C:\WINDOWS\system32\hlduinst.exe 2010-06-01 11:27:14 . 2002-07-26 15:02:06 153088 ----a-w- C:\WINDOWS\system32\UNWISE.EXE 2010-06-01 11:10:37 . 2010-06-01 11:10:37 -------- d-----w- C:\Tecar Forum 2010-05-31 17:42:26 . 2010-05-31 17:42:26 -------- d-----w- C:\_OTL 2010-05-31 17:34:12 . 2010-05-31 17:35:12 7317900 ----a-w- C:\Crack-FIX_72_3.exe 2010-05-28 16:46:35 . 2010-05-28 16:46:35 -------- d-----w- C:\Program Files\Trend Micro 2010-05-17 10:48:27 . 2010-05-17 10:48:27 -------- d-----w- C:\Documents and Settings\DOM\Dane aplikacji\Talkback 2010-05-11 16:57:43 . 2010-05-11 16:57:43 -------- d-----w- C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\Opera 2010-05-11 16:57:35 . 2010-05-28 16:23:26 -------- d-----w- C:\Program Files\Opera . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-02 15:32:43 . 2010-06-02 15:32:39 8406280 ----a-w- C:\Documents and Settings\DOM\Dane aplikacji\RST\Trans\Update\V3.3.2.643\setup.exe 2010-06-02 08:48:50 . 2010-06-02 08:48:50 503808 ----a-w- C:\Documents and Settings\DOM\Dane aplikacji\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5eda1594-n\msvcp71.dll 2010-06-02 08:48:50 . 2010-06-02 08:48:50 499712 ----a-w- C:\Documents and Settings\DOM\Dane aplikacji\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5eda1594-n\jmc.dll 2010-06-02 08:48:50 . 2010-06-02 08:48:50 348160 ----a-w- C:\Documents and Settings\DOM\Dane aplikacji\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5eda1594-n\msvcr71.dll 2010-05-28 17:20:17 . 2009-11-11 16:56:43 -------- d-----w- C:\Program Files\Google 2010-05-28 16:57:03 . 2009-02-11 18:38:01 -------- d-----w- C:\Documents and Settings\DOM\Dane aplikacji\Skype 2010-05-19 13:13:41 . 2010-05-17 09:12:20 16 ----a-w- C:\Documents and Settings\NetworkService\Dane aplikacji\qvjsge.dat 2010-05-17 10:44:46 . 2009-02-11 18:18:20 107134 ----a-w- C:\WINDOWS\UninstallFirefox.exe 2010-05-17 10:44:43 . 2009-02-11 18:18:15 4023 ----a-w- C:\WINDOWS\mozver.dat 2010-05-13 07:07:18 . 2008-06-05 11:41:07 -------- d-----w- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2010-05-12 07:32:28 . 2008-07-10 14:48:37 72248 ----a-w- C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-05-06 13:36:35 . 2010-05-06 13:36:35 8407488 ----a-w- C:\Documents and Settings\DOM\Dane aplikacji\RST\Trans\Update\V3.3.2.632\setup.exe 2010-05-03 16:36:04 . 2009-02-17 18:20:54 -------- d-----w- C:\Documents and Settings\DOM\Dane aplikacji\Azureus 2010-03-28 07:23:41 . 2004-08-04 12:00:00 502858 ----a-w- C:\WINDOWS\system32\perfh015.dat 2010-03-28 07:23:40 . 2004-08-04 12:00:00 90072 ----a-w- C:\WINDOWS\system32\perfc015.dat 2010-03-09 11:11:21 . 2008-04-14 20:50:58 430080 ----a-w- C:\WINDOWS\system32\vbscript.dll 2010-05-17 10:44:02 . 2009-02-11 18:18:15 60518 ----a-w- C:\Program Files\mozilla firefox\components\jar50.dll 2010-05-17 10:44:07 . 2009-02-11 18:18:15 49248 ----a-w- C:\Program Files\mozilla firefox\components\jsd3250.dll 2010-05-17 10:44:02 . 2009-02-11 18:18:15 165992 ----a-w- C:\Program Files\mozilla firefox\components\xpinstal.dll 2009-09-25 16:41:48 . 2009-09-25 16:41:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41:48 . 2009-09-25 16:41:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files\BS_Player\tbBS_0.dll" [2010-03-24 13:44:28 2349080] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 2010-03-24 13:44:28 2349080 ----a-w- C:\Program Files\BS_Player\tbBS_0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files\BS_Player\tbBS_0.dll" [2010-03-24 13:44:28 2349080] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "C:\Program Files\BS_Player\tbBS_0.dll" [2010-03-24 13:44:28 2349080] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="C:\Program Files\ALLPlayer\ALLUpdate.exe" [2008-11-24 19:44:18 869888] "PC Suite Tray"="C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\PCSUITE.EXE" [2009-06-25 13:12:42 1414144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 12:39:00 16862720] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 03:46:00 13529088] "nwiz"="nwiz.exe" [2008-05-03 03:46:00 1630208] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 03:46:00 86016] "Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 02:41:08 1122304] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16:00 39792] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 09:44:34 31072] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-02-17 18:20:26 148888] "Trans"="C:\Program Files\Trans\trans.exe" [2009-05-14 11:35:48 2923448] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 12:23:12 2021400] "QuickTime Task"="C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" [2009-01-05 14:18:48 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 20:51:12 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 09:34:50 5724184] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "C:\\WINDOWS\\system32\\winver.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\IvecoPower\\app\\mysql\\bin\\mysqld.exe"= "C:\\Program Files\\IvecoPower\\cdi.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 03:33:08 138780] R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\drivers\xmasscsi.sys [2009-02-11 23:06:48 5248] R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [2009-02-06 14:23:18 106208] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [2009-02-06 14:24:24 93336] R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 04:13:28 46779] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 14:23:36 727720] R2 NSHE;Guardant Emulator Driver;C:\WINDOWS\system32\drivers\NSHE.SYS [2010-06-01 13:40:57 97792] S4 xmasbus;xmasbus;C:\WINDOWS\system32\drivers\xmasbus.sys [2009-02-11 23:06:48 140800] . Zawartość folderu 'Zaplanowane zadania' 2010-06-02 C:\WINDOWS\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20:38 . 2007-10-19 09:20:38] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local; IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\ogeon8wc.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: C:\Program Files\Mozilla Firefox\components\xpinstal.dll FF - component: C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess"); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess"); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess"); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess"); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess"); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess"); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess"); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess"); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess"); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess"); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-02 17:31:00 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...