ComboFix 10-08-22.07 - Administrator 2010-08-23 21:29:18.1.1 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.411 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\DOMOWY\Pulpit\logi\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\2008.exe C:\DOCUME~1\DOMOWY\USTAWI~1\Temp\0.EXE C:\DOCUME~1\DOMOWY\USTAWI~1\Temp\4_pinnew.exe C:\DOCUME~1\DOMOWY\USTAWI~1\Temp\avto.exe C:\DOCUME~1\DOMOWY\USTAWI~1\Temp\q1.exe C:\DOCUME~1\DOMOWY\USTAWI~1\Temp\teste1_p.exe C:\Documents and Settings\Administrator\Dane aplikacji\ohydy.exe C:\Documents and Settings\All Users\Dane aplikacji\CyberLink\sp.Dll C:\Documents and Settings\DOMOWY\Dane aplikacji\39AA00BBCDF4F5F63BF1E4BA4DEE43BC C:\Documents and Settings\DOMOWY\Dane aplikacji\39AA00BBCDF4F5F63BF1E4BA4DEE43BC\enemies-names.txt C:\Documents and Settings\DOMOWY\Dane aplikacji\39AA00BBCDF4F5F63BF1E4BA4DEE43BC\local.ini C:\Documents and Settings\DOMOWY\Dane aplikacji\39AA00BBCDF4F5F63BF1E4BA4DEE43BC\setupupdater0002.exe C:\Documents and Settings\DOMOWY\Dane aplikacji\avdrn.dat C:\Documents and Settings\DOMOWY\Dane aplikacji\ohydy.exe C:\Documents and Settings\DOMOWY\Menu Start\Programy\Autostart\wwwqxk32.exe C:\Documents and Settings\DOMOWY\oashdihasidhasuidhiasdhiashdiuasdhasd C:\lsass.exe C:\WINDOWS\cfdrive32.exe C:\WINDOWS\cndrive32.exe C:\WINDOWS\ctfmon.exe C:\WINDOWS\lsass.exe C:\WINDOWS\servicelayer.exe C:\WINDOWS\svc2.exe C:\WINDOWS\svc3.exe C:\WINDOWS\svw.exe C:\WINDOWS\svx.exe C:\WINDOWS\system\dwm.exe C:\WINDOWS\system32\comsats.sys c:\windows\system32\driVERs\ijghfhnr.sys c:\windows\System32\drivers\imhd7a2.sys c:\windows\system32\driVERs\kfugs.sys c:\windows\System32\drivers\kkf5adc.sys c:\windows\system32\driVERs\nfgveh.sys C:\WINDOWS\system32\Install.txt C:\WINDOWS\system32\ipcmd.dll C:\WINDOWS\system32\lowsec C:\WINDOWS\system32\lowsec\local.ds C:\WINDOWS\system32\lowsec\user.ds C:\WINDOWS\system32\lowsec\user.ds.lll C:\WINDOWS\system32\regedit.exe C:\WINDOWS\system32\service.sys C:\WINDOWS\system32\sstray.exe C:\WINDOWS\system32\sysdiag.dll C:\WINDOWS\system32\szetyj67v.txt C:\WINDOWS\system32\wbem\grpconv.exe C:\WINDOWS\system32\winntcmd_2_0.dll C:\WINDOWS\tmp0781393.log C:\WINDOWS\tmp3047514.log C:\WINDOWS\tmp4094166.log C:\WINDOWS\tmp5659986.log C:\WINDOWS\tmp7070070.log C:\WINDOWS\tmp7637918.log C:\WINDOWS\tmp7754353.log C:\WINDOWS\tmp8290846.log C:\WINDOWS\tmp8616832.log C:\WINDOWS\tmp9728289.log Zainfekowana kopia C:\WINDOWS\system32\userinit.exe została znaleziona. Problem naprawiono Plik odzyskano z - C:\WINDOWS\system32\dllcache\userinit.exe C:\WINDOWS\system32\drivers\ndis.sys . . . jest zainfekowany!! Zainfekowana kopia C:\WINDOWS\system32\drivers\cdrom.sys została znaleziona. Problem naprawiono Plik odzyskano z - C:\System Volume Information\_restore{91D1CDD0-D074-4DFD-9485-54D76C9E163D}\RP72\A0039394.sys C:\WINDOWS\system32\grpconv.exe . . . brak pliku!! . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOLLOWER -------\Service_Follower -------\Service_SPService -------\Legacy_ijghfhnr -------\Legacy_imhd7a2 -------\Legacy_kfugs -------\Legacy_kkf5adc -------\Legacy_nfgveh -------\Service_ijghfhnr -------\Service_imhd7a2 -------\Service_kfugs -------\Service_kkf5adc -------\Service_nfgveh ((((((((((((((((((((((((( Pliki utworzone od 2010-07-23 do 2010-08-23 ))))))))))))))))))))))))))))))) . 2010-08-23 16:30:21 . 2010-08-23 16:30:21 -------- d-----w- C:\Program Files\IrfanView 2010-08-23 16:19:04 . 2010-08-23 16:19:05 -------- d-----w- C:\UsbFix 2010-08-23 16:00:59 . 2010-08-23 19:24:48 -------- d-----w- C:\WINDOWS\LastGood.Tmp 2010-08-22 18:54:23 . 2010-08-22 18:54:23 -------- d-----w- C:\Documents and Settings\DOMOWY\DoctorWeb 2010-08-22 17:32:02 . 2010-08-22 17:32:02 -------- d-sh--w- C:\Documents and Settings\Administrator\PrivacIE 2010-08-02 15:59:01 . 2010-08-02 16:26:50 782336 ----a-w- C:\WINDOWS\system32\drivers\kbxrr.sys 2010-08-02 15:58:35 . 2010-08-02 15:58:35 -------- d--h--w- C:\Documents and Settings\DOMOWY\Dane aplikacji\{H3QR9S90-S0MH-DFS5-6CQW-H79I45QT} 2010-08-02 15:50:59 . 2010-08-02 15:50:59 -------- d--h--w- C:\Documents and Settings\DOMOWY\Dane aplikacji\{XNYU4L5G-8V69-4XS9-92XB-H215XM11} 2010-08-02 15:35:45 . 2010-08-02 15:35:45 -------- d--h--w- C:\Documents and Settings\DOMOWY\Dane aplikacji\{1R86IJ4Q-WHI0-QC4H-8FTN-9A2652YS} 2010-07-27 14:59:39 . 2010-08-02 15:55:40 585472 ----a-w- C:\WINDOWS\system32\drivers\mxuhbaqh.sys 2010-07-27 14:54:14 . 2010-07-27 14:54:15 -------- d-----w- C:\Documents and Settings\DOMOWY\Dane aplikacji\Extensions 2010-07-26 14:09:54 . 2010-07-26 14:09:54 -------- d-sh--w- C:\Documents and Settings\LocalService\PrivacIE 2010-07-26 14:09:48 . 2010-07-26 14:09:48 -------- d-----r- C:\Documents and Settings\LocalService\Ulubione 2010-07-26 13:27:52 . 2010-07-26 13:27:52 -------- d-----w- C:\WINDOWS\system32\LogFiles 2010-07-25 13:51:54 . 2010-07-25 13:51:54 1055744 ----a-w- C:\Documents and Settings\DOMOWY\Dane aplikacji\Extensions\uac.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-23 19:45:59 . 2009-11-14 14:07:54 782336 ----a-w- C:\WINDOWS\system32\drivers\aec.sys 2010-08-23 19:37:36 . 2009-11-14 13:58:49 -------- d-----w- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2010-07-30 18:44:15 . 2010-07-30 18:44:14 16 ----a-w- C:\Documents and Settings\NetworkService\Dane aplikacji\mbsvil.dat 2010-07-27 19:06:10 . 2010-07-27 19:06:10 12 ----a-w- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\mbsvil.dat 2010-07-27 14:59:19 . 2010-07-27 14:59:18 16 ----a-w- C:\Documents and Settings\LocalService\Dane aplikacji\mbsvil.dat 2010-07-24 08:29:47 . 2004-08-03 20:14:30 211072 ----a-w- C:\WINDOWS\system32\drivers\ndis.sys 2010-07-18 18:09:43 . 2009-11-14 14:50:56 -------- d-----w- C:\Program Files\English Translator 3 2010-07-09 14:11:06 . 2010-07-09 14:11:06 -------- d-----w- C:\Program Files\Pierwsza Pomoc Demo 2010-06-23 15:22:59 . 2010-06-23 15:22:59 501936 ----a-w- C:\Documents and Settings\All Users\Dane aplikacji\Google\Google Toolbar\Update\gtbD.tmp.exe 2010-05-29 11:58:01 . 2010-05-29 11:58:01 177 ----a-w- C:\backup.reg . ------- Sigcheck ------- [-] 2010-07-24 08:29:47 . !HASH: COULD NOT OPEN FILE !!!!! . 211072 . . [------] . . C:\WINDOWS\system32\drivers\ndis.sys [-] 2010-07-24 08:29:47 . !HASH: COULD NOT OPEN FILE !!!!! . 211072 . . [------] . . C:\WINDOWS\system32\dllcache\ndis.sys [-] 2008-04-13 19:20:37 . !HASH: COULD NOT OPEN FILE !!!!! . 182656 . . [------] . . C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\ndis.sys [-] 2008-04-14 17:21:45 . 2A5B37D520508BE6570A3EA79695F5B5 . 26624 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\userinit.exe [-] 2004-08-03 21:44:30 . 7F9C2B6661488BD6BD483DD4CE0C8B46 . 25088 . . [------] . . C:\WINDOWS\system32\userinit.exe [7] 2004-08-03 21:44:30 . BD768099B4C44AA631728CB74EB54396 . 25088 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\dllcache\userinit.exe [-] 2008-04-14 17:20:47 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sfcfiles.dll [-] 2008-02-23 10:15:11 . 44A87287F63395AE9E7950D266A73160 . 1548288 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\sfcfiles.dll [-] 2010-08-23 19:46:30 . !HASH: COULD NOT OPEN FILE !!!!! . 782336 . . [------] . . C:\WINDOWS\system32\drivers\aec.sys [-] 2008-04-13 16:39:23 . !HASH: COULD NOT OPEN FILE !!!!! . 142592 . . [------] . . C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\aec.sys [-] 2004-08-03 22:39:38 . !HASH: COULD NOT OPEN FILE !!!!! . 142464 . . [------] . . C:\WINDOWS\system32\dllcache\aec.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-07 12:39:48 39408] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:44:20 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\totalcmd\\TOTALCMD.EXE"= "C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "C:\\Program Files\\Opera\\opera.exe"= R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [2010-03-20 20:51:02 233472] S2 gupdate;Usługa Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 15:18:47 135664] S4 kbxrr;kbxrr;C:\WINDOWS\system32\drivers\kbxrr.sys [2010-08-02 17:59:01 782336] S4 mxuhbaqh;mxuhbaqh;C:\WINDOWS\system32\drivers\mxuhbaqh.sys [2010-07-27 16:59:39 585472] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - FSUSBEXDISK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62d85242-d126-11de-a82d-806d6172696f}] \Shell\AutoRun\command - F:\Start.exe . Zawartość folderu 'Zaplanowane zadania' 2010-08-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 13:18:47 . 2010-02-08 13:18:46] 2010-08-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 13:18:47 . 2010-02-08 13:18:46] . . ------- Skan uzupełniający ------- . uStart Page = wyborcza.pl/0,0.html?p=027 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - USUNIĘTO PUSTE WPISY - - - - ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file) HKU-Default-Run-efffggsys - tuvuro.dll HKLM-Explorer_Run-wa0ub - C:\DOCUME~1\DOMOWY\USTAWI~1\Temp\u2lj.exe SafeBoot-dwshd.sys6356050f