ComboFix 10-10-12.03 - Administrator 2010-10-14 16:10:09.17.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.1.1250.48.1045.18.512.280 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt FILE :: "c:\windows\system32\drivers\oopuhnpkpjv.sys" "c:\windows\system32\drivers\scplhqkvrkfuzb.sys" "c:\windows\system32\drivers\YzIdiot.sys" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Dane aplikacji\download c:\documents and settings\Administrator\Dane aplikacji\download\svcnost.exe c:\program files\Common Files\GoldenSoft c:\program files\Common Files\GoldenSoft\ChannelRg.exe c:\program files\Common Files\GoldenSoft\DiskID32.dll c:\program files\Common Files\GoldenSoft\Mfc42.dll c:\program files\Common Files\GoldenSoft\PizzaSvr.exe c:\program files\GoldenSoft c:\program files\GoldenSoft\Recovery Genius\WinNT\fl.bin c:\program files\GoldenSoft\Recovery Genius\WinNT\mfc42.dll c:\program files\GoldenSoft\Recovery Genius\WinNT\UninRes.dll c:\program files\GoldenSoft\Recovery Genius\WinNT\UnInst.exe c:\windows\system32\drivers\oopuhnpkpjv.sys c:\windows\system32\drivers\scplhqkvrkfuzb.sys c:\windows\system32\drivers\YzIdiot.sys c:\windows\system32\qmgr.dll . . . jest zainfekowany!! c:\windows\system32\grpconv.exe . . . brak pliku!! c:\windows\system32\proquota.exe . . . brak pliku!! . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CHANNELRG -------\Legacy_YZIDIOT -------\Service_ChannelRg -------\Service_fngkxwitv -------\Service_khqlmxop -------\Service_YzIdiot ((((((((((((((((((((((((( Pliki utworzone od 2010-09-14 do 2010-10-14 ))))))))))))))))))))))))))))))) . 2010-10-14 10:44 . 2010-10-14 10:44 -------- d-----w- C:\_OTL 2010-10-14 10:31 . 2009-12-17 20:34 100104 ----a-w- C:\KatesKiller.exe 2010-10-07 13:53 . 2010-10-07 13:53 1409 ----a-w- c:\windows\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2004-07-09 02:27 . E393D47674124AB0754AC77B132C5DB7 . 1689600 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll c:\windows\System32\wscntfy.exe ... - brak elementu !! c:\windows\System32\xmlprov.dll ... - brak elementu !! . ((((((((((((((((((((((((((((( SnapShot_2010-05-04_22.11.05 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-14 14:18 . 2010-10-14 14:18 16384 c:\windows\temp\Perflib_Perfdata_d0.dat + 2010-09-09 12:46 . 2005-01-12 09:00 28672 c:\windows\system32\vxblock.dll + 2010-09-09 12:46 . 2005-04-25 09:03 56320 c:\windows\system32\pxinsa64.exe + 2010-09-09 12:46 . 2005-04-25 09:03 61440 c:\windows\system32\pxhpinst.exe + 2010-09-09 12:46 . 2004-09-27 08:00 56832 c:\windows\system32\pxcpya64.exe + 2010-05-27 20:09 . 2010-05-27 20:09 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2007-09-18 00:28 . 2010-06-03 19:43 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2010-09-09 12:46 . 2005-04-25 09:03 20640 c:\windows\system32\drivers\PxHelp20.sys + 2010-08-23 22:44 . 2010-04-29 13:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys + 2010-08-23 22:44 . 2010-04-29 13:39 19288 c:\windows\system32\drivers\mbam.sys + 2010-05-04 22:35 . 2010-10-14 13:27 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2005-02-07 18:32 . 2010-04-27 20:41 16384 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2005-02-07 18:32 . 2010-10-14 13:27 16384 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2005-02-07 18:32 . 2010-04-27 20:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-08-09 13:42 . 2010-10-14 13:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2002-09-20 14:04 . 2002-09-20 14:04 78848 c:\windows\msfpmi2.dll + 2010-06-16 23:05 . 2010-06-16 23:05 21504 c:\windows\Installer\7cbf63.msi + 2010-05-20 10:36 . 2010-05-20 10:36 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-09-27 13:40 . 2010-09-27 13:40 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe + 2010-08-30 17:35 . 2009-06-07 14:24 180224 c:\windows\system32\xvidvfw.dll + 2007-08-05 13:38 . 2009-06-07 14:16 819200 c:\windows\system32\xvidcore.dll + 2010-09-09 12:46 . 2005-05-05 20:50 151552 c:\windows\system32\pxwma.dll + 2010-09-09 12:46 . 2005-05-05 20:48 339968 c:\windows\system32\pxwave.dll + 2010-09-09 12:46 . 2005-05-05 20:49 172032 c:\windows\system32\pxmas.dll + 2010-09-09 12:46 . 2005-04-25 09:03 109568 c:\windows\system32\pxinsi64.exe + 2010-09-09 12:46 . 2005-05-06 08:01 421888 c:\windows\system32\pxdrv.dll + 2010-09-09 12:46 . 2004-09-27 08:00 108544 c:\windows\system32\pxcpyi64.exe + 2010-09-09 12:46 . 2005-05-05 20:50 372736 c:\windows\system32\px.dll + 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe + 2010-09-09 04:16 . 2010-07-17 03:00 153376 c:\windows\system32\javaws.exe - 2009-11-23 17:17 . 2009-10-11 02:17 145184 c:\windows\system32\javaw.exe + 2010-09-09 04:16 . 2010-07-17 03:00 145184 c:\windows\system32\javaw.exe + 2010-09-09 04:16 . 2010-07-17 03:00 145184 c:\windows\system32\java.exe - 2009-11-23 17:17 . 2009-10-11 02:17 145184 c:\windows\system32\java.exe + 2010-06-10 05:14 . 2010-07-17 03:00 423656 c:\windows\system32\deployJava1.dll + 2010-09-09 04:16 . 2010-09-09 04:16 180224 c:\windows\Installer\246fb73.msi + 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2010-09-27 13:40 . 2010-09-27 13:40 1223680 c:\windows\Installer\9458643.msi + 2010-10-13 21:14 . 2010-10-13 21:15 2647552 c:\windows\Installer\3c49c7.msi . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-06 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-22 196608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-23 219136] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 01000000 [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Media Player.lnk] path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Media Player.lnk backup=c:\windows\pss\Adobe Media Player.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Server4PC.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Server4PC.lnk backup=c:\windows\pss\Server4PC.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 136176] S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552] . Zawartość folderu 'Zaplanowane zadania' 2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0da84ca71038.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 10:32] 2010-10-12 c:\windows\Tasks\expressburnShakeIcon.job - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-09-09 09:36] . . ------- Skan uzupełniający ------- . uStart Page = about:blank mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(380) c:\windows\System32\ODBC32.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'lsass.exe'(436) c:\windows\System32\dssenh.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\progra~1\Grisoft\AVG7\avgamsvr.exe c:\progra~1\Grisoft\AVG7\avgupsvc.exe c:\progra~1\Grisoft\AVG7\avgemc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe . ************************************************************************** . Czas ukończenia: 2010-10-14 16:21:03 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-10-14 14:21 ComboFix2.txt 2010-10-14 13:30 ComboFix3.txt 2010-08-09 13:21 ComboFix4.txt 2010-06-07 05:39 ComboFix5.txt 2010-10-14 14:07 Przed: 9 423 814 656 bajtów wolnych Po: 9 410 314 240 bajtów wolnych - - End Of File - - 322F0EBCDA518B1A0EF0B884953EC33D