ComboFix 09-02-08.02 - Krzysztof 2009-02-10 13:59:11.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.503.154 [GMT 1:00] Uruchomiony z: c:\documents and settings\Krzysztof\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090209-0] *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-10 do 2009-02-10 ))))))))))))))))))))))))))))))) . 2009-02-03 21:37 . 2009-02-03 21:37 64 --a------ c:\windows\LRD.INI 2009-02-03 21:36 . 2009-02-03 21:37 2009-02-02 23:03 . 2009-02-02 23:11 2009-01-30 21:05 . 2009-01-30 21:05 2009-01-26 21:15 . 2009-01-26 21:15 2009-01-25 21:25 . 2009-01-25 21:26 2009-01-25 21:25 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF 2009-01-25 21:25 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF 2009-01-25 21:25 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF 2009-01-25 21:25 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF 2009-01-25 21:25 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF 2009-01-25 21:25 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF 2009-01-25 21:25 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF 2009-01-25 21:25 . 2009-01-25 21:28 449 --a------ c:\windows\wincmd.ini 2009-01-24 23:58 . 2009-01-24 23:58 2009-01-24 19:11 . 2009-01-25 08:34 2009-01-24 18:54 . 2009-01-25 10:36 2009-01-24 00:48 . 2009-01-24 00:50 2009-01-24 00:48 . 2009-01-24 00:51 2009-01-24 00:38 . 2009-02-10 08:02 2009-01-24 00:38 . 2009-01-24 00:38 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-01-24 00:34 . 2009-01-24 00:34 2009-01-24 00:34 . 2009-01-24 00:34 2009-01-24 00:34 . 2009-02-10 13:46 2009-01-24 00:34 . 2009-01-24 00:34 2009-01-23 23:46 . 2009-01-23 23:46 2009-01-23 20:22 . 2009-01-23 20:22 2009-01-23 20:21 . 2009-01-23 20:21 2009-01-23 20:21 . 2009-01-23 20:21 2009-01-23 20:20 . 2009-01-23 20:20 2009-01-23 08:20 . 2009-02-10 14:00 2009-01-23 08:20 . 2009-01-29 06:42 2009-01-23 08:20 . 2009-01-22 11:06 2009-01-23 08:20 . 2009-01-22 11:56 2009-01-23 08:20 . 2009-01-23 08:20 2009-01-23 08:20 . 2009-01-22 11:56 2009-01-23 08:20 . 2009-01-24 19:11 2009-01-23 08:20 . 2009-01-23 08:20 2009-01-22 23:01 . 2009-01-22 23:01 2009-01-22 23:01 . 2009-01-22 23:01 2009-01-22 23:01 . 2009-01-22 23:01 2009-01-22 22:59 . 2009-01-22 23:02 2009-01-22 22:52 . 2009-01-22 22:52 2009-01-22 22:01 . 2009-01-25 20:50 2009-01-22 19:02 . 2009-01-22 19:03 2009-01-22 19:00 . 2009-02-08 20:04 69 --a------ c:\windows\NeroDigital.ini 2009-01-22 18:57 . 2008-04-14 18:20 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-22 18:00 . 2009-01-22 23:01 2009-01-22 18:00 . 2008-10-16 21:33 6,066,176 -----c— c:\windows\system32\dllcache\ieframe.dll 2009-01-22 18:00 . 2007-04-17 10:32 2,455,488 -----c— c:\windows\system32\dllcache\ieapfltr.dat 2009-01-22 18:00 . 2007-03-08 06:11 1,036,288 -----c— c:\windows\system32\dllcache\ieframe.dll.mui 2009-01-22 18:00 . 2008-10-16 21:33 459,264 -----c— c:\windows\system32\dllcache\msfeeds.dll 2009-01-22 18:00 . 2008-10-16 21:33 383,488 -----c— c:\windows\system32\dllcache\ieapfltr.dll 2009-01-22 18:00 . 2008-10-16 21:33 267,776 -----c— c:\windows\system32\dllcache\iertutil.dll 2009-01-22 18:00 . 2008-10-16 21:33 63,488 -----c— c:\windows\system32\dllcache\icardie.dll 2009-01-22 18:00 . 2008-10-16 21:33 52,224 -----c— c:\windows\system32\dllcache\msfeedsbs.dll 2009-01-22 18:00 . 2008-10-16 14:11 13,824 -----c— c:\windows\system32\dllcache\ieudinit.exe 2009-01-22 17:48 . 2009-01-22 22:02 2009-01-22 17:43 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd 2009-01-22 17:42 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx 2009-01-22 17:42 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe 2009-01-22 17:40 . 2009-01-22 17:40 2009-01-22 17:40 . 2009-01-22 17:40 2009-01-22 17:39 . 2009-01-22 17:39 2009-01-22 17:36 . 2009-01-22 17:38 2009-01-22 17:36 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-22 17:33 . 2009-01-25 21:17 2009-01-22 17:32 . 2009-01-22 17:42 2009-01-22 17:32 . 2009-01-22 17:41 2009-01-22 17:29 . 2008-04-13 19:46 85,248 --a------ c:\windows\system32\drivers\nabtsfec.sys 2009-01-22 17:29 . 2008-04-13 19:46 19,200 --a------ c:\windows\system32\drivers\wstcodec.sys 2009-01-22 17:29 . 2008-04-14 18:21 16,384 --a------ c:\windows\system32\ipsink.ax 2009-01-22 17:29 . 2008-04-13 19:46 15,232 --a------ c:\windows\system32\drivers\streamip.sys 2009-01-22 17:29 . 2008-04-13 19:46 11,136 --a------ c:\windows\system32\drivers\slip.sys 2009-01-22 17:29 . 2008-04-13 19:46 10,880 --a------ c:\windows\system32\drivers\ndisip.sys 2009-01-22 17:29 . 2008-04-13 19:39 5,504 --a------ c:\windows\system32\drivers\mstee.sys 2009-01-22 17:28 . 2008-04-13 19:46 121,984 --a------ c:\windows\system32\drivers\usbvideo.sys 2009-01-22 17:28 . 2008-04-14 18:21 91,648 --a------ c:\windows\system32\kswdmcap.ax 2009-01-22 17:28 . 2008-04-14 18:21 61,952 --a------ c:\windows\system32\kstvtune.ax 2009-01-22 17:28 . 2008-04-14 18:20 54,784 --a------ c:\windows\system32\vfwwdm32.dll 2009-01-22 17:28 . 2008-04-14 18:21 43,008 --a------ c:\windows\system32\ksxbar.ax 2009-01-22 17:28 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-01-22 17:28 . 2008-04-14 18:21 28,672 --a------ c:\windows\system32\vidcap.ax 2009-01-22 17:28 . 2008-04-14 18:21 20,992 --a------ c:\windows\system32\dshowext.ax 2009-01-22 17:28 . 2008-04-13 19:46 17,024 --a------ c:\windows\system32\drivers\ccdecode.sys 2009-01-22 17:02 . 2008-06-14 18:36 273,024 --------- c:\windows\system32\drivers\bthport.sys 2009-01-22 17:02 . 2008-06-14 18:36 273,024 -----c— c:\windows\system32\dllcache\bthport.sys 2009-01-22 17:00 . 2008-08-14 14:26 2,190,464 -----c— c:\windows\system32\dllcache\ntoskrnl.exe 2009-01-22 17:00 . 2008-08-14 14:26 2,146,816 -----c— c:\windows\system32\dllcache\ntkrnlmp.exe 2009-01-22 17:00 . 2008-08-14 14:26 2,067,328 -----c— c:\windows\system32\dllcache\ntkrnlpa.exe 2009-01-22 17:00 . 2008-08-14 14:26 2,025,472 -----c— c:\windows\system32\dllcache\ntkrpamp.exe 2009-01-22 17:00 . 2008-09-15 16:27 1,846,656 -----c— c:\windows\system32\dllcache\win32k.sys 2009-01-22 16:55 . 2008-10-24 12:21 455,296 -----c— c:\windows\system32\dllcache\mrxsmb.sys 2009-01-22 16:55 . 2008-05-08 15:02 203,136 -----c— c:\windows\system32\dllcache\rmcast.sys 2009-01-22 16:54 . 2008-04-11 20:06 691,712 -----c— c:\windows\system32\dllcache\inetcomm.dll 2009-01-22 16:54 . 2008-12-11 11:57 333,952 -----c— c:\windows\system32\dllcache\srv.sys 2009-01-22 16:53 . 2001-07-05 17:43 114,765 --a------ c:\windows\system32\hpzlnt03.dll 2009-01-22 16:53 . 2009-01-22 16:53 800 --a------ c:\windows\hpinfo.lnk 2009-01-22 16:53 . 2009-01-22 16:53 750 --a------ c:\windows\reg.prm 2009-01-22 16:52 . 2008-10-15 17:36 337,408 -----c— c:\windows\system32\dllcache\netapi32.dll 2009-01-22 16:52 . 2009-01-22 16:52 376 --a------ c:\windows\mozregistry.dat 2009-01-22 16:51 . 2009-01-22 16:53 2009-01-22 16:51 . 2009-01-22 16:51 2009-01-22 16:44 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-01-22 13:50 . 2009-01-23 08:55 2009-01-22 13:50 . 2007-08-10 20:53 26,488 --a------ c:\windows\system32\spupdsvc.exe 2009-01-22 13:49 . 2009-01-22 13:49 2009-01-22 13:09 . 2009-01-22 13:09 2009-01-22 13:09 . 2009-01-22 13:09 2009-01-22 13:09 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll 2009-01-22 13:09 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll 2009-01-22 13:09 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll 2009-01-22 13:09 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll 2009-01-22 13:09 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe 2009-01-22 13:09 . 2004-03-02 17:37 125,184 --------- c:\windows\system32\drivers\imagesrv.sys 2009-01-22 13:09 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll 2009-01-22 13:09 . 2004-03-02 17:37 5,504 --------- c:\windows\system32\drivers\imagedrv.sys 2009-01-22 13:03 . 2009-01-22 13:03 2009-01-22 13:03 . 2009-01-22 13:03 2009-01-22 13:03 . 2009-01-22 13:03 2009-01-22 12:59 . 2006-10-12 03:10 49,265 --a------ c:\windows\system32\jpicpl32.cpl 2009-01-22 12:58 . 2009-01-22 12:59 2009-01-22 12:58 . 2009-01-22 12:58 2009-01-22 12:55 . 2009-01-22 12:55 2009-01-22 12:52 . 2008-10-25 23:18 24,816 --a------ c:\windows\system32\mdimon.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 10:44 --------- d-----w c:\program files\Alwil Software 2009-01-22 10:11 --------- d-----w c:\program files\microsoft frontpage 2009-01-22 10:09 --------- d-----w c:\program files\Usługi online 2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Creative Live! Cam Manager”=“c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe” [2006-09-06 143360] “ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360] “Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-11-07 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.EXE” [2004-08-04 208952] “PHIME2002ASync”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2004-08-04 455168] “PHIME2002A”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2004-08-04 455168] “IgfxTray”=“c:\windows\system32\igfxtray.exe” [2005-04-25 94208] “HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2005-04-25 77824] “Persistence”=“c:\windows\system32\igfxpers.exe” [2005-04-25 114688] “avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000] “SunJavaUpdateSched”=“c:\program files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 49263] “NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648] “HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe” [2001-07-05 200704] “AVFX Engine”=“c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” [2006-08-16 24576] “V0270Mon.exe”=“c:\windows\V0270Mon.exe” [2006-09-11 32768] “WinampAgent”=“c:\program files\Winamp\winampa.exe” [2008-08-04 36352] “AGRSMMSG”=“AGRSMMSG.exe” [2004-08-24 c:\windows\AGRSMMSG.exe] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “vidc.3iv2”= 3ivxVfWCodec.dll “msacm.divxa32”= divxa32.acm “VIDC.HFYU”= huffyuv.dll “VIDC.i263”= i263_32.drv “msacm.imc”= imc32.acm “VIDC.VP31”= vp31vfw.dll [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “c:\Program Files\SightSpeed\SightSpeed.exe”= “c:\Program Files\Skype\Phone\Skype.exe”= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-22 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-22 20560] R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-08 49152] S3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [2009-01-22 221152] S3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [2009-01-22 6912] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.pb.bialystok.pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {9A79A67D-9664-4B83-854F-CCC4EFA61FBC} = 212.33.64.2,212.33.64.18 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-10 14:00:49 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > ‘winlogon.exe’(464) c:\windows\system32\igfxdev.dll . Czas ukończenia: 2009-02-10 14:02:01 ComboFix-quarantined-files.txt 2009-02-10 13:01:58 Przed: 3 903 537 152 bajt˘w wolnych Po: 4,683,677,696 bajt˘w wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect 226 — E O F — 2009-01-23 07:55:23