Pomocy z wirusem

hansik_24 · 9 Maj 2009 15:31

potrzebuje pomocy w usunieciu wirusa siedzi w system 32 nic nie moze go usunac dostalem go z gry World of Warcraft

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2047.1357 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Świat WOW\Pulpit\ComboFix.exe

AV: G DATA AntiVirus+Firewall 2009 *On-access scanning enabled* (Updated)

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\d.ini

c:\windows\system32\35132502110.dll

c:\windows\system32\3626937214.dll

c:\windows\system32\43551092112.dll

.

((((((((((((((((((((((((( Pliki utworzone od 2009-04-06 do 2009-05-06 )))))))))))))))))))))))))))))))

.

2009-05-06 16:44 . 2009-05-06 16:44 -------- d-----w c:\program files\Trend Micro

2009-05-06 11:13 . 2009-05-06 11:13 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Zylom

2009-05-06 11:13 . 2009-05-06 11:13 -------- d-----w c:\program files\Zylom Games

2009-04-22 06:28 . 2009-04-22 06:28 -------- d-----w c:\program files\OpenOffice.org 2.4

2009-04-22 06:27 . 2009-04-22 06:27 -------- d-----w c:\program files\Common Files\Java

2009-04-21 05:38 . 2009-04-21 05:38 68296 ----a-w c:\windows\system32\drivers\GRD.sys

2009-04-21 05:34 . 2009-04-21 05:34 50888 ----a-w c:\windows\system32\drivers\MiniIcpt.sys

2009-04-21 05:34 . 2009-04-28 21:04 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\G DATA

2009-04-21 05:34 . 2009-04-21 05:34 -------- d-----w c:\windows\l2schemas

2009-04-21 05:33 . 2006-11-01 07:17 69120 ------w c:\windows\system32\wlanapi.dll

2009-04-21 05:33 . 2005-04-19 23:54 14592 -c----w c:\windows\system32\dllcache\ndisuio.sys

2009-04-21 05:33 . 2005-04-20 19:31 52736 -c----w c:\windows\system32\dllcache\wzcsapi.dll

2009-04-21 05:33 . 2005-04-20 19:31 474624 -c----w c:\windows\system32\dllcache\wzcsvc.dll

2009-04-21 05:33 . 2009-04-21 05:33 22272 ----a-w c:\windows\system32\drivers\GDNdisIc.sys

2009-04-21 05:33 . 2009-04-21 05:33 50888 ----a-w c:\windows\system32\drivers\GDTdiIcpt.sys

2009-04-20 07:35 . 2009-04-20 07:35 -------- d-----w c:\program files\SystemRequirementsLab

2009-04-18 14:23 . 2009-04-18 14:23 -------- d-----w c:\program files\GNU

2009-04-18 09:20 . 2009-04-29 04:59 -------- d-----w c:\program files\Norton Security Scan

2009-04-18 06:19 . 2009-04-18 06:32 -------- d-----w c:\windows\system32\Adobe

2009-04-17 03:54 . 2009-04-17 03:54 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\WEBREG

2009-04-17 03:52 . 2007-10-30 09:25 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys

2009-04-17 03:52 . 2007-10-30 09:25 49920 ----a-r c:\windows\system32\drivers\HPZid412.sys

2009-04-17 03:52 . 2009-04-17 03:52 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard

2009-04-17 03:52 . 2008-02-12 03:49 271704 ----a-r c:\windows\system32\hpzids01.dll

2009-04-17 03:52 . 2008-02-07 05:56 118272 ----a-w c:\windows\system32\hpz3l5mu.dll

2009-04-17 03:52 . 2007-10-30 09:25 21568 ----a-r c:\windows\system32\drivers\HPZius12.sys

2009-04-17 03:51 . 2007-10-30 09:25 309760 ----a-r c:\windows\system32\difxapi.dll

2009-04-17 03:51 . 2007-10-30 09:22 303104 ----a-r c:\windows\system32\hpovst14.dll

2009-04-17 03:51 . 2007-10-30 09:25 372736 ----a-r c:\windows\system32\hppldcoi.dll

2009-04-17 03:51 . 2007-10-30 09:22 970752 ----a-r c:\windows\system32\hpotiop6.dll

2009-04-17 03:51 . 2007-10-30 09:22 729088 ----a-r c:\windows\system32\hpowiax8.dll

2009-04-17 03:51 . 2004-08-03 18:28 15104 -c–a-w c:\windows\system32\dllcache\usbscan.sys

2009-04-17 03:51 . 2004-08-03 18:28 15104 ----a-w c:\windows\system32\drivers\usbscan.sys

2009-04-17 03:48 . 2009-04-17 03:49 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP

2009-04-17 03:48 . 2009-04-17 03:48 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant

2009-04-17 03:48 . 2009-04-17 03:48 -------- d-----w c:\program files\Common Files\HP

2009-04-17 03:47 . 2009-04-17 03:47 -------- d-----w c:\program files\Hewlett-Packard

2009-04-17 03:47 . 2009-04-17 03:47 -------- d-----w c:\program files\Common Files\Hewlett-Packard

2009-04-17 03:47 . 2009-04-17 03:53 -------- d-----w c:\program files\HP

2009-04-17 03:42 . 2004-08-03 18:38 26496 -c–a-w c:\windows\system32\dllcache\usbstor.sys

2009-04-17 03:41 . 2004-08-03 18:31 25856 -c–a-w c:\windows\system32\dllcache\usbprint.sys

2009-04-17 03:41 . 2004-08-03 18:31 25856 ----a-w c:\windows\system32\drivers\usbprint.sys

2009-04-17 03:41 . 2009-04-17 03:53 169313 ----a-w c:\windows\hpoins29.dat

2009-04-17 03:41 . 2008-02-20 04:36 986 ------w c:\windows\hpomdl29.dat

2009-04-17 03:41 . 2004-08-03 18:38 31616 -c–a-w c:\windows\system32\dllcache\usbccgp.sys

2009-04-17 03:41 . 2004-08-03 18:38 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys

2009-04-16 19:05 . 2009-04-16 19:05 -------- d-----w c:\program files\Nowe Gadu-Gadu

2009-04-15 19:40 . 2009-04-15 19:40 -------- d-----w c:\windows\Sun

2009-04-15 19:40 . 2009-04-15 19:40 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-15 19:40 . 2009-04-22 06:28 -------- d-----w c:\program files\Java

2009-04-15 05:41 . 2009-05-06 16:00 -------- d-----w c:\program files\World of Warcraft

2009-04-15 02:50 . 2009-05-06 13:28 10 ----a-w c:\windows\popcinfo.dat

2009-04-14 21:03 . 2009-04-14 21:03 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Blizzard

2009-04-14 14:37 . 2009-04-14 14:37 -------- d–h--w C:\Logs

2009-04-14 14:03 . 2009-04-16 03:36 -------- d-----w c:\program files\Common Files\Blizzard Entertainment

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-20 07:41 . 2009-04-14 12:36 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-04-20 07:40 . 2009-04-14 12:36 -------- d-----w c:\program files\AGEIA Technologies

2009-04-15 19:37 . 2009-04-14 12:14 -------- d-----w c:\program files\Common Files\Adobe

2009-04-14 13:39 . 2009-04-14 13:39 -------- d-----w c:\program files\Alcohol Soft

2009-04-14 13:37 . 2009-04-14 13:27 715248 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-14 13:30 . 2009-04-14 11:37 86327 —ha-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-14 13:18 . 2009-04-14 13:18 -------- d-----w c:\program files\BFG

2009-04-14 13:14 . 2009-04-14 13:09 -------- d-----w c:\program files\GomPlayer

2009-04-14 13:01 . 2009-04-14 13:01 0 —ha-w c:\windows\nsreg.dat

2009-04-14 12:46 . 2009-04-14 12:42 -------- d-----w c:\program files\Creative

2009-04-14 12:45 . 2009-04-14 12:04 -------- d–h--w c:\program files\InstallShield Installation Information

2009-04-14 12:43 . 2009-04-14 12:43 -------- d–h--w c:\program files\Creative Installation Information

2009-04-14 12:43 . 2009-04-14 12:43 -------- d-----w c:\program files\Common Files\Creative

2009-04-14 12:42 . 2009-04-14 12:04 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-14 12:17 . 2001-10-26 16:15 49712 ----a-w c:\windows\system32\perfc015.dat

2009-04-14 12:17 . 2001-10-26 16:15 355830 ----a-w c:\windows\system32\perfh015.dat

2009-04-14 12:06 . 2009-04-14 12:06 -------- d-----w c:\program files\AMD

2009-04-14 12:04 . 2009-04-14 12:04 -------- d-----w c:\program files\Realtek

2009-04-14 12:04 . 2009-04-14 12:04 315392 —ha-w c:\windows\HideWin.exe

2009-04-14 11:39 . 2009-04-14 11:39 -------- d-----w c:\program files\microsoft frontpage

2009-04-14 11:38 . 2009-04-14 11:38 -------- d-----w c:\program files\MSXML 6.0

2009-04-14 11:38 . 2009-04-14 11:38 -------- d-----w c:\program files\MSXML 4.0

2009-04-14 11:37 . 2001-07-21 22:36 67 --sha-w c:\windows\Fonts\desktop.ini

2009-04-14 11:37 . 2009-04-14 11:37 -------- d-----w c:\program files\Usługi online

2009-04-14 11:35 . 2009-04-14 11:35 21856 ----a-w c:\windows\system32\emptyregdb.dat

2009-04-14 11:35 . 2009-04-14 11:35 -------- d-----w c:\program files\Windows Media Connect 2

2009-03-27 03:44 . 2009-04-14 12:35 453152 ----a-w c:\windows\system32\NVUNINST.EXE

2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w c:\windows\system32\msvcr71.dll

.

------- Sigcheck -------

[-] 2008-01-24 09:43 1548288 44A87287F63395AE9E7950D266A73160 c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-03 15360]

“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe” [2007-12-22 221568]

“Google Update”=“c:\documents and settings\Świat WOW\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe” [2009-04-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-03-27 13684736]

“UpdReg”=“c:\windows\UpdReg.EXE” [2000-05-10 90112]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-04-15 148888]

“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-10-14 49152]

“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe” [2007-08-22 80896]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-03-27 86016]

“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2007-09-27 16844800]

“SkyTel”=“SkyTel.EXE” - c:\windows\SkyTel.exe [2007-08-03 1826816]

“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

“P17Helper”=“P17.dll” - c:\windows\system32\P17.dll [2005-05-03 64512]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“nltide_2”=“shell32” [X]

“nltide_3”=“advpack.dll” - c:\windows\system32\advpack.dll [2008-01-24 124928]

c:\documents and settings\—wiat WOW\Menu Start\Programy\Autostart\

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“c:\Program Files\World of Warcraft\Launcher.exe”=

S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-04-21 50888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Zawartość folderu ‘Zaplanowane zadania’

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uInternet Connection Wizard,ShellNext = iexplore

DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx

FF - ProfilePath - c:\documents and settings\Świat WOW\Dane aplikacji\Mozilla\Firefox\Profiles\or7yt8w5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-06 19:04

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - > ‘explorer.exe’(1632)

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\CTSVCCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\rundll32.exe

c:\documents and settings\c:\program files\OpenOffice.org 2.4\program\soffice.exe

c:\program files\OpenOffice.org 2.4\program\soffice.bin

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Czas ukończenia: 2009-05-06 19:04 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-05-06 17:04

Przed: 23 958 458 368 bajtów wolnych

Po: 24 281 104 384 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect /usepmtimer

208