ComboFix 08-09-11.02 - usr 2008-09-12 17:36:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.74 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\usr\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\usr\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Program Files\Antivirus 2009
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\007B1B32
C:\Program Files\myglobalsearch\bar\Cache\007B29B9
C:\Program Files\myglobalsearch\bar\Cache\007B2B8E.bin
C:\Program Files\myglobalsearch\bar\Cache\007B2F66.bin
C:\Program Files\myglobalsearch\bar\Cache\007B316A.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Program Files\Web Technologies
C:\Program Files\Web Technologies\wcs.exe
C:\Program Files\Web Technologies\wcu.exe
C:\WINDOWS\system\mmtaskclean.log
C:\WINDOWS\system\win32in.dll
C:\WINDOWS\system\win32out.dll
C:\WINDOWS\system32\explorxp.exe
C:\WINDOWS\system32\kdanv.exe
C:\WINDOWS\system32\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D}
C:\WINDOWS\system32\settings.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CREATEPROCESS
((((((((((((((((((((((((( Pliki utworzone od 2008-08-12 do 2008-09-12 )))))))))))))))))))))))))))))))
.
2008-09-12 12:14 . 2008-09-12 12:14
2008-09-08 19:30 . 2008-09-09 16:17
2008-09-08 15:01 . 2005-11-10 05:45 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-08 15:01 . 2005-11-10 05:45 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-08 15:00 . 2005-11-10 05:45 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-08 15:00 . 2005-11-10 05:45 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-01 19:12 . 2008-09-01 19:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-20 17:23 . 2008-08-20 17:23
2008-08-20 17:22 . 2008-08-20 17:22
2008-08-20 17:22 . 2008-08-20 17:23
2008-08-20 17:22 . 2008-08-20 17:23
2008-08-20 17:22 . 2008-08-20 17:23
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 14:19 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-09-06 12:15 --------- d-----w C:\Program Files\ESET
2008-09-03 07:10 90,112 ----a-w C:\WINDOWS\DUMP5091.tmp
2008-07-26 20:56 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Skype
2008-07-26 20:46 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\skypePM
2008-07-13 19:08 --------- d-----w C:\Program Files\BearShare
2008-07-07 20:19 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-26 12:32 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-24 16:30 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:16 669,696 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“OM2_Monitor”=“C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe” [2007-02-08 95800]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-07-04 68856]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-01-23 155648]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-01-23 126976]
“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2008-06-26 949376]
“QuickTime Task”=“C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe” [2006-09-01 282624]
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 57344]
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 159744]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-06-26 950272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.3iv2”= 3ivxVfWCodec.dll
“msacm.divxa32”= divxa32.acm
“VIDC.HFYU”= huffyuv.dll
“VIDC.VP31”= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\BearShare\BearShare.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0fda8cac-4540-11dd-8561-0060b39cb3da}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8d5cf47d-49a5-11dd-856a-0060b39cb3da}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-C:\WINDOWS\system32\kdanv.exe - C:\WINDOWS\system32\kdanv.exe
HKLM-Explorer_Run-this - C:\Program Files\Web Technologies\wcs.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 17:42:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
PROCES: C:\WINDOWS\system32\lsass.exe
- C:\Program Files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Czas ukończenia: 2008-09-12 17:48:07 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-09-12 15:48:01
Przed: 12,226,441,216 bajt˘w wolnych
Po: 12,865,089,536 bajt˘w wolnych
144 — E O F — 2008-09-01 09:02:33