Problem z Win32/Adware. Wirtumonde

rameda · 12 Luty 2008 10:44

Witam wszystkich użytkowników forum. Mam problem z wirusem z Win32/Adware. Wirtumonde w pamięci operacyjnej. Usunąłem wpisy programem hi jack , oraz uzyskałem Log z combofix, teraz nie wiem co mam zrobić żeby się go wreszcie pozbyć.

to log z combofix

ComboFix 08-02-12.1 - Mariusz 2008-02-12 11:14:06.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.167 [GMT 1:00]

Running from: C:\Documents and Settings\Mariusz\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\vtstu.dll

C:\WINDOWS\system32\utstv.ini

C:\WINDOWS\system32\utstv.ini2

C:\WINDOWS\system32\vtstu.dll

C:\WINDOWS\xpupdate.exe

.

((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))

.

2008-02-12 11:05 . 2004-08-03 23:44 395,776 --a------ C:\kmd.exe

2008-02-12 10:12 . 2008-02-12 10:12 40,960 --a------ C:\WINDOWS\system32\hggfcay.V01dll

2008-02-12 10:12 . 2008-02-12 10:12 40,960 --a------ C:\WINDOWS\system32\hggfcay.V00dll

2008-02-12 10:10 . 2008-02-12 10:10 40,960 --a------ C:\WINDOWS\system32\hggfcay.Vdll

2008-02-12 09:42 . 2008-02-12 09:42

2008-02-12 09:37 . 2008-02-12 11:05

2008-02-12 09:37 . 2008-02-12 09:37 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-02-12 09:37 . 2008-02-12 09:37 298,104 --a------ C:\WINDOWS\system32\imon.dll

2008-02-12 09:37 . 2008-02-12 09:37 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2008-02-12 08:47 . 2008-02-12 08:47 77,824 --a------ C:\WINDOWS\system32\xcomm.dll

2008-02-12 08:47 . 2008-02-12 08:47 73,728 --a------ C:\WINDOWS\system32\sockspy.dll

2008-02-12 08:46 . 2008-02-12 08:46 14 --a------ C:\WINDOWS\system32\getfile.dat

2008-02-12 08:43 . 2008-02-12 09:29

2008-02-12 08:25 . 2008-02-12 08:25

2008-02-12 07:34 . 2008-02-12 07:34

2008-02-12 07:33 . 2008-02-12 07:34

2008-02-11 13:58 . 2008-02-11 13:59

2008-02-11 13:58 . 2008-02-11 13:58

2008-02-11 13:57 . 2008-02-11 13:59 104,770 --a------ C:\WINDOWS\hpqins13.dat

2008-02-11 13:52 . 2008-02-11 13:52

2008-02-11 13:50 . 2007-04-09 12:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll

2008-02-11 13:50 . 2008-02-11 13:50 421 --a------ C:\WINDOWS\ODBC.INI

2008-02-11 13:46 . 2008-02-11 13:46

2008-02-11 13:44 . 2008-02-11 13:46

2008-02-11 13:37 . 2008-02-11 13:37

2008-02-11 13:35 . 2008-02-11 13:36

2008-02-11 13:17 . 2008-02-11 13:17

2008-02-11 10:34 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2008-02-11 10:34 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2008-02-11 10:20 . 2008-02-11 10:33

2008-02-11 09:31 . 2008-02-11 09:31

2008-02-11 09:31 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-02-11 09:31 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-02-11 09:31 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-02-11 09:31 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2008-02-11 09:31 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-02-11 09:31 . 2006-01-12 15:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-02-11 09:31 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-02-11 09:29 . 2008-02-11 09:29

2008-02-11 09:02 . 2008-02-11 09:02

2008-02-11 08:32 . 2008-02-11 08:41

2008-02-11 08:32 . 2008-02-11 08:40

2008-02-11 08:12 . 2008-02-11 08:12

2008-02-11 08:04 . 2008-02-11 08:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll

2008-02-11 08:04 . 2008-02-11 08:04 892,928 --a------ C:\WINDOWS\system32\iconv.dll

2008-02-11 08:04 . 2008-02-11 08:04 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax

2008-02-11 08:04 . 2008-02-11 08:04 237,568 --a------ C:\WINDOWS\system32\OggDS.dll

2008-02-11 07:54 . 2008-02-11 07:54

2008-02-11 07:23 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys

2008-02-11 07:23 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys

2008-02-11 06:19 . 2008-02-11 06:19

2008-02-11 06:18 . 2008-02-11 06:18

2008-02-11 06:16 . 2008-02-11 06:17

2008-02-11 06:15 . 2008-02-11 06:17

2008-02-11 06:15 . 2003-05-21 23:50 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll

2008-02-11 06:15 . 2008-02-11 08:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

2008-02-11 06:15 . 2007-09-27 14:22 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll

2008-02-11 06:15 . 2007-09-27 14:22 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll

2008-02-11 06:15 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx

2008-02-11 06:15 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm

2008-02-11 06:15 . 2008-02-11 08:03 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2008-02-11 06:15 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm

2008-02-11 06:15 . 2003-05-21 12:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2008-02-11 06:15 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm

2008-02-11 06:03 . 2008-02-11 06:03

2008-02-11 05:56 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm

2008-02-11 05:56 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-02-11 05:56 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-02-11 05:56 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-02-11 05:55 . 2008-02-11 05:55

2008-02-11 05:55 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-02-11 05:55 . 2008-02-11 08:03 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-02-11 05:55 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll

2008-02-11 05:55 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-02-11 05:55 . 2007-09-27 14:22 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-02-11 05:55 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-02-11 05:55 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-02-11 05:55 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-02-11 05:54 . 2008-02-11 05:54

2008-02-10 19:40 . 2008-02-10 19:40 40,960 --------- C:\WINDOWS\system32\hggfcay.dll

2008-02-10 19:39 . 2008-02-10 19:39

2008-02-10 19:39 . 2008-02-11 07:26

2008-02-10 19:37 . 2008-02-10 19:37 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-02-10 19:30 . 2008-02-10 19:30 1,158 --a------ C:\WINDOWS\mozver.dat

2008-02-10 19:14 . 2008-02-10 19:14

2008-02-10 19:10 . 2008-02-10 19:10

2008-02-10 19:10 . 2008-02-11 14:00

2008-02-10 18:57 . 2008-02-10 18:57 0 --a------ C:\WINDOWS\nsreg.dat

2008-02-10 18:54 . 2008-02-10 18:54

2008-02-10 18:41 . 2007-05-16 12:00 42,368 --a------ C:\WINDOWS\system32\drivers\SiSGbeXP.sys

2008-02-10 18:31 . 2008-02-10 18:31

2008-02-10 18:06 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll

2008-02-10 18:05 . 2008-02-10 18:05

2008-02-10 18:04 . 2008-02-10 18:04

2008-02-10 18:04 . 2008-02-12 08:00

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-12 09:22 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\U3

2008-02-12 07:48 137 ----a-w C:\Program Files\INSTALL.LOG

2008-02-11 07:03 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll

2008-02-11 07:03 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-02-11 07:03 45,056 ----a-w C:\WINDOWS\system32\ogg.dll

2008-02-11 07:03 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll

2008-02-11 07:03 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll

2008-02-11 07:03 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll

2008-02-10 17:41 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-02-10 17:33 476 ----a-w C:\WINDOWS\system32\drivers\cmvep.txt

2008-02-10 17:33 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg

2008-02-10 16:51 --------- d-----w C:\Program Files\FSC

2008-02-10 16:51 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-02-10 16:51 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\InstallShield

2008-02-10 16:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield

2008-02-10 16:47 --------- d-----w C:\Program Files\Synaptics

2008-02-10 16:41 --------- d-----w C:\Program Files\SiS VGA Utilities V3.82

2008-02-10 16:40 --------- d-----w C:\Program Files\sisagp

2008-02-10 16:37 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-02-10 16:37 --------- d-----w C:\Program Files\Realtek

2008-02-10 15:54 --------- d-----w C:\Program Files\microsoft frontpage

2008-02-10 15:52 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]

2008-02-10 19:40 40960 --------- C:\WINDOWS\system32\hggfcay.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]

2007-12-10 13:46 1510424 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{ECDEE021-0D17-467F-A1FF-C7A115230949}”= C:\Program Files\free-downloads.net\tbfree.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

“{E180F496-8A4B-44E2-9FE0-0364E345DB7F}”= C:\WINDOWS\system32\hggfcay.dll [2008-02-10 19:40 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfcay]

hggfcay.dll 2008-02-10 19:40 40960 C:\WINDOWS\system32\hggfcay.dll

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e37cca73-d7f1-11dc-9e07-ce593fa311e9}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-12 11:18:45

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\hggfcay.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\savedump.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-02-12 11:19:51 - machine was rebooted [Mariusz]

ComboFix-quarantined-files.txt 2008-02-12 10:19:39

Proszę o porady i pozdrawiam.