ComboFix 12-10-18.03 - Andrzej 2012-10-19 1:39:12.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1595 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\Andrzej\Pulpit\ComboFix.exe Użyto następujących komend :: C:\Documents and Settings\Andrzej\Pulpit\CFScript.txt ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) Zainfekowana kopia C:\WINNT\system32\ntoskrnl.exe została znaleziona. Problem naprawiono Plik odzyskano z - C:\WINNT\Driver Cache\i386\ntoskrnl.exe ((((((((((((((((((((((((( Pliki utworzone od 2012-09-18 do 2012-10-18 ))))))))))))))))))))))))))))))) 2012-10-18 23:27:39 . 2012-10-18 23:27:39 -------- d-----w- C:\Program Files\Common Files\Java 2012-10-18 15:51:27 . 2012-10-18 15:51:27 -------- d-----w- C:\Program Files\LSoft Technologies 2012-10-18 09:40:34 . 2012-10-18 09:40:34 -------- d-----w- C:\_OTL 2012-10-11 22:02:47 . 2012-10-18 21:23:50 -------- d-----w- C:\UsbFix 2012-10-09 16:02:55 . 2012-10-09 16:02:55 -------- d-----w- C:\Documents and Settings\Andrzej\Dane aplikacji\Media Player Classic 2012-09-24 14:23:21 . 2012-09-24 14:23:21 -------- d-----w- C:\Documents and Settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Help 2012-09-22 11:07:48 . 2012-09-22 11:11:01 -------- d-----w- C:\Documents and Settings\Andrzej\Dane aplikacji\ExpressFiles . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-09-24 13:32:24 . 2012-09-10 14:51:02 477168 ----a-w- C:\WINNT\system32\npdeployJava1.dll 2012-09-24 13:32:20 . 2012-03-27 16:20:57 473072 ----a-w- C:\WINNT\system32\deployJava1.dll 2012-09-24 11:51:47 . 2012-09-10 14:51:02 73728 ----a-w- C:\WINNT\system32\javacpl.cpl ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 00:24:00 20480] "Gadu-Gadu 10"="D:\Programy\gg\Gadu-Gadu 10\gg.exe" [2011-06-01 13:14:56 13349472] "uTorrent"="D:\Programy\utorrent\uTorrent.exe" [2012-07-20 11:30:58 895376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell Wireless Manager UI"="C:\WINNT\system32\WLTRAY" [X] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 19:05:00 344064] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 09:19:58 819200] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 09:17:42 970752] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 09:33:20 155648] "Adobe Reader Speed Launcher"="D:\Programy\adobe\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 08:07:56 843712] "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 12:54:26 91520] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 10:41:54 254896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2008-04-14 20:51:12 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2004-08-04 00:33:20 44544] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan Plus.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk backup=C:\WINNT\pss\McAfee Security Scan Plus.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2006-06-29 10:13:32 1032192 ----a-w- C:\Program Files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-06-07 17:17:34 17425072 ----a-r- C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2012-07-20 11:30:58 895376 ----a-w- D:\Programy\utorrent\uTorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Programy\\utorrent\\uTorrent.exe"= "D:\\Programy\\gg\\Gadu-Gadu 10\\gg.exe"= R2 MSSQL$InsERT;MSSQL$InsERT;C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe -sInsERT --> C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlservr.exe -sInsERT [?] S2 0102741350577920mcinstcleanup;McAfee Application Installer Cleanup (0102741350577920);C:\DOCUME~1\Andrzej\USTAWI~1\Temp\010274~1.EXE -cleanup -nolog --> C:\DOCUME~1\Andrzej\USTAWI~1\Temp\010274~1.EXE -cleanup -nolog [?] S2 gupdate;Usługa Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-15 16:08:27 136176] S2 KMService;KMService;C:\WINNT\system32\srvany.exe [2012-06-10 23:36:43 8192] S2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [2012-06-07 19:12:14 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:21:43 250056] S3 gupdatem;Usługa Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-15 16:08:27 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 10:25:22 30969208] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 22:05:45 114144] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 21:37:50 4640000] S3 SQLAgent$InsERT;SQLAgent$InsERT;C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlagent.EXE -i InsERT --> C:\Program Files\Microsoft SQL Server\MSSQL$InsERT\Binn\sqlagent.EXE -i InsERT [?] S4 sptd;sptd;C:\WINNT\system32\Drivers\sptd.sys --> C:\WINNT\system32\Drivers\sptd.sys [?] Zawartość folderu 'Zaplanowane zadania' 2012-10-18 C:\WINNT\Tasks\Adobe Flash Player Updater.job - C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:21:43 . 2012-07-02 07:06:44] 2012-10-18 C:\WINNT\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-15 14:08:27 . 2012-04-15 14:08:02] 2012-10-18 C:\WINNT\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-15 14:08:27 . 2012-04-15 14:08:02] 2012-10-18 C:\WINNT\Tasks\WGASetup.job - C:\WINNT\system32\KB905474\wgasetup.exe [2012-04-02 09:08:26 . 2009-03-10 20:18:14] ------- Skan uzupełniający ------- uInternet Connection Wizard,ShellNext = hxxp://linktarget.ashampoo.com/linktarget/?target=regpopinstall&edition=eid=9384&x-thrdp=none IE: E&ksportuj do programu Microsoft Excel - D:\Programy\ofice\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - D:\Programy\ofice\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\5esuaogd.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - ExtSQL: 2012-09-10 16:51; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; D:\Programy\Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}