Win32/adware.wirtumonde applikation


(Otkaczalka) #1

Mam problem, mam nadzieję, że znajdzie się osoba która mi pomorze, otóż mój problem polega na tym iż mój komputer zamieszkuje;)wirus :win32/adware.wirtumonde applikation . Od razu mówię że moja znajomość komputera jest bardzo słaba:). Ściągnęłam combofix, który dał mi poniższe informację. Jak ktoś będzie mi wstanie powiedzieć co dalej byłabym wdzięczna :slight_smile:

ComboFix 09-01-21.04 - Marek Pełka 2009-01-24 14:30:15.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1015.564 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Marek Pełka\Pulpit\ComboFix.exe

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

* Resident AV is active

.

((((((((((((((((((((((((( Pliki utworzone od 2008-12-24 do 2009-01-24 )))))))))))))))))))))))))))))))

.

2009-01-24 12:55 . 2009-01-24 12:55 37,376 --a------ c:\windows\system32\nnnlmKDW.V04dll

2009-01-24 12:55 . 2009-01-24 12:55 37,376 --a------ c:\windows\system32\nnnlmKDW.V03dll

2009-01-24 12:55 . 2009-01-24 12:55 37,376 --a------ c:\windows\system32\nnnlmKDW.V02dll

2009-01-24 12:44 . 2009-01-24 12:44 46,454 --a------ c:\windows\system32\wvUnOEWO.dll

2009-01-24 12:23 . 2009-01-24 12:23 37,376 --a------ c:\windows\system32\nnnlmKDW.Vdll

2009-01-24 12:23 . 2009-01-24 12:23 37,376 --a------ c:\windows\system32\nnnlmKDW.V01dll

2009-01-24 12:23 . 2009-01-24 12:23 37,376 --a------ c:\windows\system32\nnnlmKDW.V00dll

2009-01-22 19:52 . 2009-01-22 19:52 512,096 --a------ c:\windows\system32\drivers\amon.sys

2009-01-22 19:52 . 2009-01-22 19:52 298,104 --a------ c:\windows\system32\imon.dll

2009-01-22 19:52 . 2009-01-22 19:52 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys

2009-01-19 08:06 . 2009-01-19 08:06

2009-01-19 07:48 . 2007-01-13 08:24 770,048 --a------ c:\windows\system32\CDDBUISony.dll

2009-01-19 07:48 . 2007-01-13 08:22 655,360 --a------ c:\windows\system32\CDDBControlSony.dll

2009-01-19 07:48 . 2007-01-13 08:22 589,824 --a------ c:\windows\system32\CddbMusicIDSony.dll

2009-01-19 07:48 . 2007-01-13 08:25 532,480 --a------ c:\windows\system32\CddbPlaylist2Sony.dll

2009-01-19 07:48 . 2001-09-13 02:15 90,112 --------- c:\windows\snymsico.dll

2009-01-19 07:48 . 2007-01-13 08:24 73,728 --a------ c:\windows\system32\CddbLinkSony.dll

2009-01-19 07:48 . 2002-08-08 15:51 38,951 --------- c:\windows\system32\drivers\NETMDUSB.sys

2009-01-19 07:48 . 2005-10-31 10:46 36,679 --------- c:\windows\system32\drivers\NETMD052.sys

2009-01-19 07:48 . 2003-11-10 12:31 36,232 --------- c:\windows\system32\drivers\NETMD033.sys

2009-01-19 07:48 . 2003-04-01 18:55 35,319 --------- c:\windows\system32\drivers\NETMD031.sys

2009-01-19 07:47 . 2009-01-19 07:48

2009-01-19 07:47 . 2009-01-19 07:47

2009-01-19 07:46 . 2009-01-19 07:49

2009-01-19 07:46 . 2009-01-19 08:06

2009-01-07 08:06 . 2009-01-07 08:06 37,376 --------- c:\windows\system32\nnnlmKDW.dll

2009-01-05 20:25 . 2009-01-07 19:40 43,520 --a------ c:\windows\system32\CmdLineExt03.dll

2009-01-05 20:23 . 2009-01-05 20:23

2009-01-05 20:23 . 2001-06-14 10:30 1,044,480 --a------ c:\windows\system32\ROBOEX32.DLL

2009-01-05 20:23 . 1996-11-08 02:48 368,912 --a------ c:\windows\system32\vbar332.dll

2009-01-05 20:23 . 2004-02-04 14:16 163,840 --a------ c:\windows\system32\egusound.ocx

2009-01-05 20:23 . 1999-03-13 00:00 127,488 --a------ c:\windows\system32\Ccrpsld.ocx

2009-01-05 20:23 . 2004-05-12 09:31 49,152 --a------ c:\windows\system32\Inetwh32.dll

2008-12-29 16:47 . 2008-12-14 15:13 7,476 --a------ C:\readme.nfo

2008-12-29 09:03 . 1999-11-30 22:39 995,384 --a------ c:\program files\mfc42u.dll

2008-12-29 09:03 . 1999-04-23 21:22 995,383 --a------ c:\program files\mfc42.dll

2008-12-29 09:03 . 1999-04-23 21:22 266,293 --a------ c:\program files\msvcrt.dll

2008-12-29 09:03 . 2006-12-12 14:40 253,048 --a------ c:\program files\setup.exe

2008-12-29 09:03 . 2006-12-12 14:40 228,472 --a------ c:\program files\main.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-24 06:05 --------- d-----w c:\documents and settings\Marek Pełka\Dane aplikacji\foobar2000

2009-01-24 05:56 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\services

2009-01-24 05:53 --------- d-----w c:\program files\ESET

2009-01-23 21:14 --------- d-----w c:\program files\Soulseek

2009-01-23 21:14 --------- d-----w c:\documents and settings\Marek Pełka\Dane aplikacji\uTorrent

2009-01-19 06:49 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-21 09:23 --------- d-----w c:\documents and settings\Marek Pełka\Dane aplikacji\dvdcss

2008-12-20 17:40 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CyberLink

2008-12-14 08:15 --------- d-----w c:\program files\ffdshow

2008-12-10 05:16 --------- d-----w c:\program files\iolo

2008-12-09 17:17 --------- d-----w c:\program files\SHOUTcast Source

2008-12-09 17:16 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\iolo

2008-12-02 20:30 --------- d-----w c:\program files\SereneScreen

2008-12-02 18:15 --------- d-----w c:\program files\MediaCoder

2008-12-01 19:11 --------- d-----w c:\program files\RealMedia

2008-12-01 19:11 --------- d-----w c:\program files\CD Audio Reader Filter

2008-12-01 18:59 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys

2008-11-30 19:44 --------- d-----w c:\program files\WMV9_VCM

2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll

2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll

2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll

2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll

2006-12-12 13:52 562 ----a-w c:\program files\setup.xml

2006-12-12 13:49 859,928 ----a-w c:\program files\ntineten.nup

2006-12-12 13:49 2,161,669 ----a-w c:\program files\ntbaseen.nup

2006-12-12 13:49 1,421,444 ----a-w c:\program files\ntstden.nup

2006-12-12 09:37 5,458,856 ----a-w c:\program files\engine.nup

2006-12-09 02:43 6,091 ----a-w c:\program files\charon.nup

2006-12-09 02:43 402,071 ----a-w c:\program files\advheur.nup

2006-12-09 02:43 4,288 ----a-w c:\program files\pwscan.nup

2006-12-09 02:43 24,945 ----a-w c:\program files\utilmod.nup

2006-12-09 02:43 202,652 ----a-w c:\program files\archs.nup

2005-03-17 12:56 3,412 ----a-w c:\program files\readme.txt

2008-12-19 21:11 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-12-19 21:11 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-19 21:11 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-12-19 21:11 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-12-19 21:11 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

.

((((((((((((((((((((((((((((( snapshot_2009-01-24_12.46.48.25 )))))))))))))))))))))))))))))))))))))))))

.

  • 2009-01-24 11:09:44 62,678 ----a-w c:\windows\system32\perfc009.dat

  • 2009-01-24 12:12:26 62,678 ----a-w c:\windows\system32\perfc009.dat

  • 2009-01-24 11:09:44 79,606 ----a-w c:\windows\system32\perfc015.dat

  • 2009-01-24 12:12:26 79,606 ----a-w c:\windows\system32\perfc015.dat

  • 2009-01-24 11:09:44 401,398 ----a-w c:\windows\system32\perfh009.dat

  • 2009-01-24 12:12:26 401,398 ----a-w c:\windows\system32\perfh009.dat

  • 2009-01-24 11:09:44 458,260 ----a-w c:\windows\system32\perfh015.dat

  • 2009-01-24 12:12:26 458,260 ----a-w c:\windows\system32\perfh015.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

2009-01-07 08:06 37376 --------- c:\windows\system32\nnnlmKDW.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-22 949376]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Marek Peka\Menu Start\Programy\Autostart\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-05-02 192512]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\nnnlmKDW.dll" [2009-01-07 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlmKDW]

2009-01-07 08:06 37376 c:\windows\system32\nnnlmKDW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"c:\Program Files\uTorrent\uTorrent.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-01-22 15424]

S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]

S3 gtermddo;gtermddo;\??\c:\docume~1\MAREKP~1\USTAWI~1\Temp\gtermddo.sys --> c:\docume~1\MAREKP~1\USTAWI~1\Temp\gtermddo.sys [?]

S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-12-01 27904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{41e599e8-af18-11dd-8f68-001a6bdc3861}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{50581d9c-18d8-11dd-8d35-001a4b69f844}]

\Shell\AutoRun\command - I:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cd0727e6-5287-11dd-8df9-001a4b69f844}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cd0727e7-5287-11dd-8df9-001a4b69f844}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{eedab0e5-557f-11dd-8e06-001a73887298}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www2.iesearch.com/

uInternet Settings,ProxyOverride = *.local

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

LSP: c:\windows\system32\imon.dll

FF - ProfilePath - c:\documents and settings\Marek Pełka\Dane aplikacji\Mozilla\Firefox\Profiles\3z6q3v7t.default\

FF - component: c:\documents and settings\Marek Pełka\Dane aplikacji\Mozilla\Firefox\Profiles\3z6q3v7t.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

.

.

------- Skojarzenia plików -------

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-24 14:30:59

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • > 'winlogon.exe'(956)

c:\windows\system32\nnnlmKDW.dll

  • > 'lsass.exe'(1036)

c:\windows\system32\imon.dll

.

Czas ukończenia: 2009-01-24 14:32:13

ComboFix-quarantined-files.txt 2009-01-24 13:31:51

ComboFix2.txt 2009-01-24 13:09:15

ComboFix3.txt 2009-01-24 12:55:25

ComboFix4.txt 2009-01-24 12:23:16

ComboFix5.txt 2009-01-24 13:29:45

Przed: 2 528 083 968 bajtów wolnych

Po: 2,516,406,272 bajtów wolnych

206 --- E O F --- 2008-07-15 15:57:31

I co mam z tym zrobić :(((( Pomożcie!!


(Michaelp128) #2

Pobierz i zastosuj Malwarebytes' Anti-Malware Uruchom pełne skanowanie jeżeli coś znajdzie, to usuń. Następnie daj loga na forum.


(Kaka') #3

OTKACZALKA ,

Zmiana zasad wklejania logów na forum -> viewtopic.php?f=16&t=253052 Proszę o poprawienie wiadomości.