siema mam taki pboblem oto moj combofix prosze o szybka pomoc!
ComboFix 11-09-23.03 - SysOp 2011-09-23 15:17:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1555 [GMT 2:00]
Uruchomiony z: c:\documents and settings\SysOp\Moje dokumenty\Pobieranie\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\hbwvn.pif
c:\windows\Alcmtr.exe
c:\windows\system32\msconfig.exe
D:\Autorun.inf
D:\muvst.pif
I:\autorun.inf
I:\ynwwsw.exe
.
c:\windows\system32\midimap.dll . . . jest zainfekowany!!
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-08-23 do 2011-09-23 )))))))))))))))))))))))))))))))
.
.
2011-09-23 14:08 . 2011-09-23 13:22 -------- d-----r- C:\Program Files
2011-09-23 14:04 . 2011-09-23 12:28 -------- d-----w- C:\Documents and Settings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren’t necessarily malware.
.
[-] 2009-07-12 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2009-07-12 12:19 . 4678172D19476FA7D539682FCA42C942 . 1420800 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2009-07-12 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2009-07-12 . 37ED43F3DEC4400586554D61C3129478 . 112128 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
.
[-] 2009-07-12 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2009-07-12 . BE84B4FE25D1965661172432A6426CDC . 6160896 . . [8.00.6001.22873] . . c:\windows\system32\mshtml.dll
.
[-] 2009-07-03 . 991C8CDC4C34B65FFC780F49936358FB . 652288 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2009-07-12 . B62213934FDC8B5DC9E6360218043E59 . 1016832 . . [8.00.6001.22873] . . c:\windows\system32\wininet.dll
.
[-] 2009-03-17 . 36F8D0529ACD765F9A9672A154930997 . 1739776 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . 6D80898D552439B00B2AB651C4B60C3A . 270336 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2009-07-12 . EB3B4771498DD3FFD97E123643A26D91 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
.
.
.
.
[-] 2009-07-12 . 572B0A653990AFE6B71D38D7DD2F202D . 370688 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2009-03-21 . D3B530DD991CD66B97BDC4F5B30CBA00 . 2027520 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
.
.
[-] 2009-03-21 . 1350B4234A59717691AAEAF717A46DA5 . 2148864 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2009-07-12 . 193B2DEA1AB15B511DDBB8E01E034477 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
c:\windows\System32\wscntfy.exe … - brak elementu 
c:\windows\System32\ctfmon.exe … - brak elementu
c:\windows\System32\regsvc.dll … - brak elementu
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2010-07-29 110696]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2010-07-29 13923432]
“RTHDCPL”=“RTHDCPL.EXE” [2008-02-13 16857600]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“_nltide_3”=“advpack.dll” [2009-07-12 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
.
[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“ForceClassicControlPanel”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
“FirewallDisableNotify”=dword:00000001
“FirewallOverride”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“UacDisableNotify”=dword:00000001
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
“DisableNotifications”= 1 (0x1)
.
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\WINDOWS\system32\taskmgr.exe”=
“c:\WINDOWS\RTHDCPL.EXE”=
.
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-09-23 91496]
S3 SetupNTGLM7X;SetupNTGLM7X;??\j:\ntglm7x.sys – j:\NTGLM7X.sys [?]
.
— Inne Usługi/Sterowniki w Pamięci —
.
*NewlyCreated* - AMSINT32
*NewlyCreated* - HELPSVC
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://winmod.net/
TCP: DhcpNameServer = 62.179.1.62 62.179.1.63
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-23 15:22
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów …
.
skanowanie ukrytych wpisów autostartu …
.
skanowanie ukrytych plików …
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
-
-
-
-
-
-
- ‘winlogon.exe’(724)
-
-
-
-
-
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
-
-
-
-
-
-
- ‘lsass.exe’(780)
-
-
-
-
-
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\psbase.dll
.
-
-
-
-
-
-
- ‘explorer.exe’(2880)
-
-
-
-
-
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Czas ukończenia: 2011-09-23 15:23:19 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2011-09-23 13:23
.
Przed: 49 555 357 696 bajtów wolnych
Po: 49 500 200 960 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect /numproc=2
.
-
- End Of File - - 6470698E431325A9885E303F43F5FEDF
