ComboFix 09-02-08.02 - Miszczó 2009-02-09 14:26:21.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2046.1611 [GMT 1:00] Uruchomiony z: c:\documents and settings\Miszczó\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-09 do 2009-02-09 ))))))))))))))))))))))))))))))) . 2009-02-09 12:59 . 2009-02-09 14:15 2009-02-08 22:17 . 2009-02-09 12:54 2009-02-08 21:37 . 2009-02-08 21:37 2009-02-08 19:38 . 2009-02-08 19:38 2009-02-08 18:35 . 2009-02-08 18:35 2009-02-08 18:35 . 2009-02-08 18:35 2009-02-06 21:41 . 2009-02-06 22:02 2009-02-06 10:49 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2009-02-06 00:33 . 2009-02-06 00:33 2009-02-06 00:32 . 2009-02-09 14:07 2009-02-06 00:32 . 2009-02-09 14:05 931,872 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-02-06 00:32 . 2009-02-09 14:22 204,832 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-02-06 00:32 . 2009-02-06 09:51 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-02-06 00:32 . 2009-02-06 09:51 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-02-06 00:32 . 2009-02-09 14:05 10,456 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-02-06 00:32 . 2009-02-09 14:22 2,828 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-02-06 00:31 . 2009-02-06 00:31 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 13:08 --------- d-----w c:\program files\neostrada tp 2009-02-08 16:11 --------- d-----w c:\documents and settings\Miszczó\Dane aplikacji\Xfire 2009-02-06 12:31 --------- d–h--w c:\program files\InstallShield Installation Information 2009-02-06 08:51 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-02-05 22:16 --------- d-----w c:\documents and settings\NetworkService\Dane aplikacji\Xfire 2009-02-05 22:09 --------- d-----w c:\documents and settings\Miszczó\Dane aplikacji\DAEMON Tools Pro 2009-02-05 22:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro 2009-02-05 22:06 685,816 ----a-w c:\windows\system32\drivers\sptd.sys 2009-02-05 22:05 --------- d-----w c:\documents and settings\Miszczó\Dane aplikacji\InstallShield 2009-02-05 22:00 --------- d-----w c:\documents and settings\Miszczó\Dane aplikacji\ATI 2009-02-05 22:00 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI 2009-02-05 21:59 --------- d-----w c:\program files\ATI Technologies 2009-02-05 21:46 --------- d-----w c:\program files\Thomson 2009-02-05 21:46 --------- d-----w c:\program files\Java 2009-02-05 21:46 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-05 21:41 --------- d-----w c:\program files\Marvell 2009-02-05 21:39 315,392 ----a-w c:\windows\HideWin.exe 2009-02-05 21:39 --------- d-----w c:\program files\Realtek 2009-02-05 21:38 --------- d-----w c:\program files\Intel 2009-02-05 21:32 --------- d-----w c:\program files\microsoft frontpage 2009-02-05 21:31 --------- d-----w c:\program files\Usługi online 2009-01-23 01:17 42,320 ----a-w c:\windows\system32\xfcodec.dll 2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll 2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll 2009-01-14 04:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll 2009-01-14 04:36 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll 2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll 2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll 2009-01-14 04:34 598,016 ----a-w c:\windows\system32\ati2evxx.exe 2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll 2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll 2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll 2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll 2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll 2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll 2009-01-14 03:37 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll 2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll 2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll 2009-01-13 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll . ((((((((((((((((((((((((((((( SnapShot_2009-02-08_19.51.26,87 ))))))))))))))))))))))))))))))))))))))))) . - 2004-08-03 22:43:54 66,560 ----a-w c:\windows\system32\cdm.dll + 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll - 2009-02-05 21:35:07 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-09 12:59:22 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-02-05 21:35:07 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2009-02-09 12:59:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2009-02-05 21:35:07 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2009-02-09 12:59:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2004-08-03 22:43:54 66,560 -c–a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-16 13:09:44 92,696 -c–a-w c:\windows\system32\dllcache\cdm.dll - 2004-08-03 22:44:16 431,616 -c–a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 13:12:20 561,688 -c–a-w c:\windows\system32\dllcache\wuapi.dll - 2004-08-03 22:44:30 112,128 -c–a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 13:09:44 51,224 -c–a-w c:\windows\system32\dllcache\wuauclt.exe - 2004-08-03 22:44:16 1,134,592 -c–a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 13:13:40 1,809,944 -c–a-w c:\windows\system32\dllcache\wuaueng.dll - 2004-08-03 22:44:16 113,664 -c–a-w c:\windows\system32\dllcache\wucltui.dll + 2008-10-16 13:12:22 323,608 -c–a-w c:\windows\system32\dllcache\wucltui.dll - 2004-08-03 22:44:16 36,864 -c–a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 13:08:58 34,328 -c–a-w c:\windows\system32\dllcache\wups.dll - 2004-08-03 22:44:16 120,320 -c–a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 13:13:40 202,776 -c–a-w c:\windows\system32\dllcache\wuweb.dll - 2009-02-05 21:57:59 58,732 ----a-w c:\windows\system32\perfc009.dat + 2009-02-09 13:12:02 58,732 ----a-w c:\windows\system32\perfc009.dat - 2009-02-05 21:57:59 74,450 ----a-w c:\windows\system32\perfc015.dat + 2009-02-09 13:12:03 74,450 ----a-w c:\windows\system32\perfc015.dat - 2009-02-05 21:57:59 392,432 ----a-w c:\windows\system32\perfh009.dat + 2009-02-09 13:12:03 392,432 ----a-w c:\windows\system32\perfh009.dat - 2009-02-05 21:57:59 448,348 ----a-w c:\windows\system32\perfh015.dat + 2009-02-09 13:12:03 448,348 ----a-w c:\windows\system32\perfh015.dat + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2005-02-25 03:36:06 16,096 ------w c:\windows\system32\spmsg.dll - 2004-11-18 09:42:52 22,752 ----a-w c:\windows\system32\spupdsvc.exe + 2005-02-25 03:36:06 22,752 ----a-w c:\windows\system32\spupdsvc.exe - 2004-08-03 22:44:16 431,616 ----a-w c:\windows\system32\wuapi.dll + 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll - 2004-08-03 22:44:30 112,128 ----a-w c:\windows\system32\wuauclt.exe + 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe - 2004-08-03 22:44:16 1,134,592 ----a-w c:\windows\system32\wuaueng.dll + 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll - 2004-08-03 22:44:16 113,664 ----a-w c:\windows\system32\wucltui.dll + 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll - 2004-08-03 22:44:16 36,864 ----a-w c:\windows\system32\wups.dll + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll + 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll - 2004-08-03 22:44:16 120,320 ----a-w c:\windows\system32\wuweb.dll + 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll . – Migawka wyzerowana – . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AVP”=“d:\programy\Kaspersky Anti-Virus 2009\avp.exe” [2009-02-06 206088] “StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-08-29 61440] “DeathAdder”=“d:\programy\Razer DeathAdder\razerhid.exe” [2007-09-07 159744] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “VIDC.XFR1”= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] --a------ 2007-09-06 14:08 136136 d:\programy\DAEMON Tools Pro\DTProAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] --a------ 2008-03-20 11:04 2127296 d:\programy\Gadu-Gadu\gg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] --a------ 2004-01-26 11:38 866816 c:\program files\Thomson\SpeedTouch USB\dragdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2009-02-06 13:21 1410296 d:\gry\The Orange Box\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-09-12 17:45 36352 d:\programy\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 16:55 32768 c:\progra~1\NEOSTR~1\GestMAJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 14:49 20480 c:\progra~1\NEOSTR~1\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-01-30 11:54 16116224 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “d:\Programy\Xfire\Xfire.exe”= “d:\Gry\The Orange Box\steamapps\dziwak666\team fortress 2\hl2.exe”= “d:\Programy\BitComet\BitComet.exe”= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-02-05 22784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl IE: { - c:\program files\Messenger\msmsgs.exe TCP: {741AC00A-DAAE-4057-B389-53B8A0F31892} = 194.204.159.1 217.98.63.164 FF - ProfilePath - c:\documents and settings\Miszczó\Dane aplikacji\Mozilla\Firefox\Profiles\2rjz2ug4.default\ FF - prefs.js: browser.startup.homepage - http://www.Pclab.pl FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-09 14:27:28 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > ‘winlogon.exe’(728) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-02-09 14:28:31 ComboFix-quarantined-files.txt 2009-02-09 13:28:29 ComboFix2.txt 2009-02-08 18:51:51 ComboFix3.txt 2009-02-06 09:27:38 Przed: 15 688 777 728 bajtów wolnych Po: 15,677,878,272 bajtów wolnych 207 — E O F — 2009-02-08 21:17:09