Midimap.dll . . . jest zainfekowany!


(Sibik6) #1

siema mam taki pboblem oto moj combofix prosze o szybka pomoc!

ComboFix 11-09-23.03 - SysOp 2011-09-23 15:17:59.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1555 [GMT 2:00]

Uruchomiony z: c:\documents and settings\SysOp\Moje dokumenty\Pobieranie\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\autorun.inf

C:\hbwvn.pif

c:\windows\Alcmtr.exe

c:\windows\system32\msconfig.exe

D:\Autorun.inf

D:\muvst.pif

I:\autorun.inf

I:\ynwwsw.exe

.

c:\windows\system32\midimap.dll . . . jest zainfekowany!!

.

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AMSINT32

-------\Service_amsint32

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-08-23 do 2011-09-23 )))))))))))))))))))))))))))))))

.

.

2011-09-23 14:08 . 2011-09-23 13:22 -------- d-----r- C:\Program Files

2011-09-23 14:04 . 2011-09-23 12:28 -------- d-----w- C:\Documents and Settings

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-07-12 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

.

[-] 2009-07-12 12:19 . 4678172D19476FA7D539682FCA42C942 . 1420800 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

.

[-] 2009-07-12 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

.

[-] 2009-07-12 . 37ED43F3DEC4400586554D61C3129478 . 112128 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe

.

[-] 2009-07-12 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll

[7] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2001-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

.

[-] 2009-07-12 . BE84B4FE25D1965661172432A6426CDC . 6160896 . . [8.00.6001.22873] . . c:\windows\system32\mshtml.dll

.

[-] 2009-07-03 . 991C8CDC4C34B65FFC780F49936358FB . 652288 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

.

[-] 2009-07-12 . B62213934FDC8B5DC9E6360218043E59 . 1016832 . . [8.00.6001.22873] . . c:\windows\system32\wininet.dll

.

[-] 2009-03-17 . 36F8D0529ACD765F9A9672A154930997 . 1739776 . . [6.00.2900.5512] . . c:\windows\explorer.exe

.

[-] 2008-04-14 . 6D80898D552439B00B2AB651C4B60C3A . 270336 . . [5.1.2600.5512] . . c:\windows\regedit.exe

.

[-] 2009-07-12 . EB3B4771498DD3FFD97E123643A26D91 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll

.

.

.

.

[-] 2009-07-12 . 572B0A653990AFE6B71D38D7DD2F202D . 370688 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

.

[-] 2009-03-21 . D3B530DD991CD66B97BDC4F5B30CBA00 . 2027520 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe

.

.

[-] 2009-03-21 . 1350B4234A59717691AAEAF717A46DA5 . 2148864 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe

.

[-] 2009-07-12 . 193B2DEA1AB15B511DDBB8E01E034477 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

.

c:\windows\System32\wscntfy.exe ... - brak elementu !!

c:\windows\System32\ctfmon.exe ... - brak elementu !!

c:\windows\System32\regsvc.dll ... - brak elementu !!

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-29 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-29 13923432]

"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

.

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-07-12 128512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

.

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"c:\WINDOWS\system32\taskmgr.exe"=

"c:\WINDOWS\RTHDCPL.EXE"=

.

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-09-23 91496]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\j:\ntglm7x.sys -- j:\NTGLM7X.sys [?]

.

--- Inne Usługi/Sterowniki w Pamięci ---

.

*NewlyCreated* - AMSINT32

*NewlyCreated* - HELPSVC

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://winmod.net/

TCP: DhcpNameServer = 62.179.1.62 62.179.1.63

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-23 15:22

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

.

skanowanie ukrytych procesów ...

.

skanowanie ukrytych wpisów autostartu ...

.

skanowanie ukrytych plików ...

.

skanowanie pomyślnie ukończone

ukryte pliki: 0

.

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

.

  • 'winlogon.exe'(724)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

.

  • 'lsass.exe'(780)

c:\windows\system32\setupapi.dll

c:\windows\system32\scecli.dll

c:\windows\system32\psbase.dll

.

  • 'explorer.exe'(2880)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\WININET.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Czas ukończenia: 2011-09-23 15:23:19 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2011-09-23 13:23

.

Przed: 49 555 357 696 bajtów wolnych

Po: 49 500 200 960 bajtów wolnych

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /numproc=2

.

  • End Of File - - 6470698E431325A9885E303F43F5FEDF

(Agatonster) #2

sibik6 ,

Proszę poprawić pisownię w opisie problemu.

Wklejanie logów na forum - przeczytaj i zastosuj się do Tematu

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.


(Leon$) #3

prawdopodobnie masz Sality http://helpc.eu/topic/1370-usuwanie-wirusa-sality/

:slight_smile: