ComboFix 11-02-27.03 - Indeco 2011-02-28 15:52:38.1.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.603 [GMT 1:00] Uruchomiony z: c:\documents and settings\Indeco\Pulpit\ComboFix.exe FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\fakturka c:\fakturka\Fakturka.ini c:\fakturka\KONTRAH.CDX c:\fakturka\KONTRAH.DBF c:\fakturka\POZYCJEFAK.DBF c:\fakturka\REJESTR.CDX c:\fakturka\REJESTR.DBF c:\fakturka\TOWARY.CDX c:\fakturka\TOWARY.DBF c:\fakturka\Wydruki\05-01-2011_BCO_Faktura_1001_2011.frp c:\fakturka\Wydruki\05-01-2011_MAVO_Faktura_1002_2011.frp c:\fakturka\Wydruki\05-01-2011_T_Faktura_1001_2011.frp c:\fakturka\Wydruki\ostatni.frf c:\recycled\Recycled c:\windows\system32\2186499788.dat c:\windows\system32\midas.dll c:\windows\system32\mswmpdat.tlb c:\windows\system32\oledb32.dll c:\windows\wiaservim.log c:\windows\system32\drivers\ndis.sys . . . jest zainfekowany!! . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DMSERVERRPCSS -------\Service_dmserverRpcSs ((((((((((((((((((((((((( Pliki utworzone od 2011-01-28 do 2011-02-28 ))))))))))))))))))))))))))))))) . 2011-02-17 08:12 . 2011-02-17 08:12 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-17 08:12 . 2011-02-17 08:12 -------- d-----w- c:\program files\Java 2011-02-17 07:56 . 2011-02-17 07:56 -------- d-----w- c:\windows\SxsCaPendDel 2011-02-16 14:26 . 2011-02-16 14:26 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2011-02-10 07:55 . 2011-02-10 07:55 -------- d-----w- C:\FOUND.011 2011-02-01 11:11 . 2003-08-04 15:56 45056 ----a-w- c:\windows\system32\vusetup.dll 2011-02-01 11:11 . 2003-08-04 14:29 11392 ----a-w- c:\windows\system32\drivers\vulfntr.sys 2011-02-01 11:11 . 2003-08-04 14:29 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys 2011-02-01 10:20 . 2011-02-01 10:20 -------- d-sh--w- c:\documents and settings\Indeco\PrivacIE 2011-02-01 10:06 . 2011-02-01 10:06 -------- d-sh--w- c:\documents and settings\Indeco\IETldCache 2011-02-01 10:02 . 2010-05-06 10:35 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll 2011-02-01 10:02 . 2010-05-06 10:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-02-01 10:02 . 2010-05-06 10:35 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2011-02-01 10:02 . 2010-05-06 10:35 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2011-02-01 10:02 . 2010-05-06 10:35 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll 2011-02-01 10:02 . 2010-05-06 10:35 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll 2011-02-01 10:02 . 2010-05-06 10:35 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2011-02-01 10:01 . 2011-02-01 10:01 -------- d--h--w- c:\windows\ie8 2011-02-01 10:01 . 2011-02-01 10:01 -------- d-----w- c:\windows\system32\pl-PL 2011-02-01 09:47 . 2011-02-01 09:47 -------- d-----w- c:\windows\ServicePackFiles 2011-02-01 09:40 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2011-01-31 14:48 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-01-31 14:48 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-17 08:12 . 2009-06-23 12:11 410984 ----a-w- c:\windows\system32\deploytk.dll . ------- Sigcheck ------- [-] 2009-04-14 . 558635D3AF1C7546D26067D5D9B6959E . 213376 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys [-] 2009-04-14 . 558635D3AF1C7546D26067D5D9B6959E . 213376 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys [-] 2008-04-13 . 558635D3AF1C7546D26067D5D9B6959E . 182656 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\ndis.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\tcpip.sys [7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 344064] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152] "EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-02-17 148888] c:\documents and settings\Indeco\Menu Start\Programy\Autostart\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Gadu-Gadu\\ggphone\\ggphone.exe"= "c:\\WINDOWS\\System32\\dpvsetup.exe"= "c:\\WINDOWS\\System32\\mmc.exe"= R2 FirebirdGuardian;Firebird Guardian;c:\program files\Firebird\bin\fbguard -s --> c:\program files\Firebird\bin\fbguard -s [?] R2 FirebirdServer;Firebird Server;c:\program files\Firebird\bin\fbserver -s --> c:\program files\Firebird\bin\fbserver -s [?] R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2005-11-17 3608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll FF - ProfilePath - c:\documents and settings\Indeco\Dane aplikacji\Mozilla\Firefox\Profiles\hjrznk0d.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.pl FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Firefox (default): {972ce4c6-7e08-4474-a285-3208198ce6fd} - %profile%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . . ------- Skojarzenia plików ------- . .scr=Icad.load.scr . - - - - USUNIĘTO PUSTE WPISY - - - - SSODL-UpdateCheck-{A56ADB45-DFD8-4861-AC6B-611B768626E7} - c:\windows\system32\mstmdm.dll MSConfigStartUp-DAEMON Tools-1033 - c:\program files\D-Tools\daemon.exe MSConfigStartUp-Komunikator - c:\program files\Tlen.pl\tlen.exe MSConfigStartUp-SO5 Integrator Pass Two - c:\windows\SOINTGR.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-28 15:58 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FirebirdGuardian] "ImagePath"="c:\program files\Firebird\bin\fbguard -s" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FirebirdServer] "ImagePath"="c:\program files\Firebird\bin\fbserver -s" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(632) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3088) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Firebird\bin\fbguard.exe c:\program files\Firebird\bin\fbserver.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2011-02-28 16:01:03 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-02-28 15:01 Przed: 12 388 696 064 bajtów wolnych Po: 16 817 520 640 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - F2C87892DB161D8E1E3249552F4BF46F