[Wirus] Win32 Trojan-gen {Other}

[shinmoteuchi 0]

Caly czas mi Avast ten badziew pokazuje...

 

Prosze log z ComboFIX:

ComboFix 10-01-04.01 - ShinMoteuchi 2010-01-05 13:52:57.2.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1250.48.1045.18.2047.1188 [GMT 1:00]

Uruchomiony z: c:\users\ShinMoteuchi\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((( Pliki utworzone od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))

.

 

2010-01-05 13:01 . 2010-01-05 13:02 -------- d-----w- c:\users\ShinMoteuchi\AppData\Local\temp

2010-01-05 13:01 . 2010-01-05 13:01 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-01-05 13:01 . 2010-01-05 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-05 01:08 . 2010-01-05 01:08 -------- d-----w- c:\users\ShinMoteuchi\AppData\Local\GHISLER

2010-01-05 01:00 . 2010-01-05 01:00 -------- d-----w- c:\program files\Freelancer Mod Manager

2010-01-05 00:57 . 2010-01-05 00:57 -------- d-----w- c:\users\ShinMoteuchi\AppData\Local\Freelancer

2010-01-04 22:35 . 2010-01-04 22:35 -------- d-----w- C:\Device

2010-01-04 21:50 . 2010-01-04 21:50 -------- d-----w- c:\programdata\F-Secure

2010-01-04 21:21 . 2010-01-04 21:21 117248 ----a-w- C:\dcpfswqb.exe

2010-01-04 15:40 . 2010-01-04 15:40 11168 ----a-w- c:\windows\system32\drivers\MijBThidt.sys

2010-01-04 15:31 . 2010-01-04 15:31 -------- d-----w- c:\programdata\Trymedia

2010-01-04 11:58 . 2010-01-04 11:58 -------- d-----w- c:\windows\system32\BestPractices

2010-01-04 11:58 . 2010-01-04 11:58 -------- d-----w- C:\inetpub

2010-01-04 02:01 . 2010-01-04 02:01 -------- d-----w- c:\program files\Gameforge4D

2010-01-03 13:04 . 2010-01-03 13:04 -------- d-----w- c:\users\ShinMoteuchi\.gstreamer-0.10

2010-01-03 12:58 . 2010-01-03 12:58 -------- d-----w- c:\program files\Matroska Pack

2010-01-03 12:03 . 2010-01-03 12:03 -------- d-----r- c:\program files\TC PowerPack 2

2010-01-03 11:41 . 2007-03-20 13:49 2781184 ----a-w- c:\users\ShinMoteuchi\AppData\Roaming\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll

2009-12-31 08:18 . 2009-12-31 08:18 -------- d-----w- c:\users\ShinMoteuchi\AppData\Local\PunkBuster

2009-12-30 04:21 . 2009-12-30 04:21 -------- d-----w- c:\windows\Sun

2009-12-30 03:51 . 2009-12-30 03:51 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-12-30 03:09 . 2009-12-30 03:09 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\UltraVNC

2009-12-30 02:36 . 2009-12-30 02:36 -------- d-----w- c:\program files\Sierra

2009-12-30 01:05 . 2009-10-30 11:25 288472 ------w- c:\windows\system32\cfosspeed.dll

2009-12-30 01:05 . 2009-12-30 02:28 -------- d-----w- c:\program files\cFosSpeed

2009-12-29 10:54 . 2009-12-29 10:54 21646456 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5F1E4C85-0E54-2FA1-4433-1583564647C1}-gg10.upgr.exe

2009-12-29 10:26 . 2009-12-29 10:35 -------- d-----r- c:\users\ShinMoteuchi\Virtual Machines

2009-12-28 23:14 . 2009-09-23 01:18 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll

2009-12-28 23:14 . 2009-09-23 01:19 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys

2009-12-28 23:14 . 2009-09-23 01:19 294912 ----a-w- c:\windows\system32\drivers\vpcvmm.sys

2009-12-28 23:14 . 2009-09-23 01:18 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys

2009-12-28 23:14 . 2009-09-23 01:18 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys

2009-12-28 23:14 . 2009-09-23 01:18 2169856 ----a-w- c:\windows\system32\VPCWizard.exe

2009-12-28 23:14 . 2009-09-23 01:18 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll

2009-12-28 23:14 . 2009-09-23 01:18 3329536 ----a-w- c:\windows\system32\vpc.exe

2009-12-28 23:14 . 2009-09-23 01:18 1002496 ----a-w- c:\windows\system32\VMWindow.exe

2009-12-28 23:14 . 2009-09-23 01:18 1260032 ----a-w- c:\windows\system32\VPCSettings.exe

2009-12-28 23:14 . 2009-09-23 01:18 793600 ----a-w- c:\windows\system32\vmsal.exe

2009-12-28 23:09 . 2009-12-28 23:10 -------- d-----w- c:\program files\Windows XP Mode

2009-12-26 20:26 . 2007-03-23 03:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll

2009-12-26 20:06 . 2009-12-26 20:06 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-26 20:06 . 2009-12-26 20:06 -------- d-----w- c:\program files\Java

2009-12-26 18:12 . 2009-12-31 08:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-12-26 18:12 . 2009-12-26 18:12 138056 ----a-w- c:\users\ShinMoteuchi\AppData\Roaming\PnkBstrK.sys

2009-12-26 18:12 . 2009-12-31 08:18 103736 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-12-26 18:12 . 2009-12-26 18:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-12-26 18:12 . 2009-12-26 18:12 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe

2009-12-26 17:42 . 2009-12-26 17:42 -------- d-----w- c:\program files\EA Games

2009-12-24 16:39 . 2009-12-24 16:39 -------- d-----w- c:\program files\WinAVI MP4 Converter

2009-12-24 16:36 . 2009-12-24 16:36 -------- d-----w- c:\program files\Alcohol Soft

2009-12-22 16:49 . 2009-12-22 16:49 -------- d-----w- c:\program files\HLTooLz

2009-12-22 16:49 . 2009-12-22 16:49 249856 ------w- c:\windows\Setup1.exe

2009-12-22 16:49 . 2009-12-22 16:49 73216 ----a-w- c:\windows\ST6UNST.EXE

2009-12-21 10:33 . 2009-12-21 10:34 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\Braid

2009-12-21 10:23 . 2009-12-21 10:32 -------- d-----w- c:\program files\Braid

2009-12-17 00:11 . 2009-12-17 00:11 -------- d-----w- c:\program files\Eidos

2009-12-15 23:41 . 2009-12-15 23:41 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\Leadertech

2009-12-15 20:42 . 2009-12-15 20:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-13 14:33 . 2009-12-13 14:33 -------- d-----w- c:\program files\PlayReady

2009-12-13 13:43 . 2009-12-13 13:43 -------- d-----w- c:\users\ShinMoteuchi\AppData\Local\Electronic Arts

2009-12-13 11:49 . 2009-12-31 08:10 -------- d-----w- c:\program files\Electronic Arts

2009-12-13 02:15 . 2009-12-13 02:15 -------- d-----w- c:\programdata\Bluetooth

2009-12-13 02:14 . 2009-12-13 02:14 -------- d-----w- c:\program files\IVT Corporation

2009-12-13 01:37 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2009-12-13 01:37 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2009-12-13 01:37 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2009-12-11 22:25 . 2009-12-11 22:25 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2009-12-11 22:05 . 2009-12-13 01:32 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\Microsoft Games

2009-12-11 22:05 . 2009-12-11 22:05 -------- d-----w- c:\program files\Common Files\Microsoft Games

2009-12-11 22:04 . 2009-12-11 22:04 -------- d-----w- c:\windows\system32\xlive

2009-12-11 21:46 . 2010-01-05 00:52 -------- d-----w- c:\program files\Microsoft Games

2009-12-11 21:11 . 2009-12-11 21:17 47616 ----a-w- c:\windows\system32\drivers\MijXfilt.sys

2009-12-11 21:11 . 2009-12-11 21:11 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\MotioninJoy

2009-12-11 21:11 . 2009-11-24 14:29 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys

2009-12-11 21:11 . 2009-11-24 14:29 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2009-12-11 21:11 . 2009-03-30 15:44 90112 ----a-w- c:\windows\system32\MijFrc.dll

2009-12-11 21:11 . 2009-12-11 21:11 -------- d-----w- c:\program files\MotioninJoy

2009-12-11 20:33 . 2005-03-09 19:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys

2009-12-11 20:33 . 2005-03-09 19:50 46592 ----a-w- c:\windows\system32\libusb0.dll

2009-12-10 16:44 . 2009-12-10 16:44 3067904 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{300DCFFD-80CB-BE0D-F396-02602F5D4437}-Greed.exe

2009-12-10 16:33 . 2009-12-10 16:33 -------- d-----w- c:\program files\Headup Games

2009-12-09 10:16 . 2009-12-09 10:18 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\ImgBurn

2009-12-08 10:26 . 2009-12-08 10:26 -------- d-----w- c:\users\ShinMoteuchi\AppData\Local\World in Conflict

2009-12-07 18:21 . 2009-12-07 18:21 67584 ----a-w- c:\programdata\MotioninJoy\DS3tool\update\DS3_Tool.exe

2009-12-07 18:20 . 2009-12-07 18:21 17408 ----a-w- c:\programdata\MotioninJoy\DS3tool\update\drivers\MijUfilt.sys

2009-12-07 18:20 . 2009-12-07 18:20 24576 ----a-w- c:\programdata\MotioninJoy\DS3tool\update\drivers\MijBThid.sys

2009-12-07 18:03 . 2009-12-07 18:03 -------- d-----w- c:\programdata\MotioninJoy

2009-12-07 17:48 . 2009-01-03 13:23 15616 ----a-w- c:\windows\system32\drivers\dualshock3.sys

2009-12-06 16:40 . 2009-12-06 16:40 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2009-12-06 16:40 . 2009-12-06 16:40 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2009-12-06 16:40 . 2009-12-06 16:40 -------- d-----w- c:\program files\OpenAL

2009-12-06 16:38 . 2009-12-06 16:41 -------- d-----w- c:\program files\Zombie Driver

2009-12-06 16:18 . 2010-01-05 10:50 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\ipla

2009-12-06 16:18 . 2010-01-03 12:40 -------- d-----w- c:\programdata\ipla

2009-12-06 16:18 . 2009-12-06 16:18 -------- d-----w- c:\program files\ipla

2009-12-06 16:18 . 2009-12-06 16:18 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2009-12-06 15:29 . 2009-12-06 16:19 -------- d-----w- c:\users\ShinMoteuchi\AppData\Local\RapidShare

2009-12-06 15:18 . 2009-12-06 15:18 -------- d-----w- C:\Downloads

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-05 12:50 . 2009-12-02 17:29 -------- d-----w- c:\program files\Steam

2010-01-05 12:49 . 2009-11-26 13:53 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\foobar2000

2010-01-05 12:48 . 2009-11-26 14:45 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\uTorrent

2010-01-04 21:18 . 2009-11-26 14:12 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-04 11:58 . 2009-07-14 08:07 721420 ----a-w- c:\windows\system32\perfh015.dat

2010-01-04 11:58 . 2009-07-14 08:07 142118 ----a-w- c:\windows\system32\perfc015.dat

2010-01-03 14:28 . 2009-12-02 19:12 -------- d-----w- c:\programdata\OpenFM

2010-01-02 21:26 . 2009-11-26 15:20 -------- d-----w- c:\programdata\FLEXnet

2010-01-02 00:34 . 2009-11-27 00:03 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\Skype

2010-01-01 23:06 . 2009-11-27 00:04 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\skypePM

2009-12-29 10:53 . 2009-11-26 14:08 -------- d-----w- c:\program files\Gadu-Gadu 10

2009-12-29 02:16 . 2009-12-29 02:16 -------- d-----w- c:\program files\Windows Virtual PC

2009-12-21 11:20 . 2009-11-26 13:53 -------- d-----w- c:\program files\foobar2000

2009-12-15 22:47 . 2009-11-26 14:37 -------- d-----w- c:\program files\DAEMON Tools Lite

2009-12-11 21:14 . 2009-12-11 21:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf

2009-12-11 21:14 . 2009-12-11 21:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_MijXfilt_01009.Wdf

2009-12-09 02:01 . 2009-12-02 07:47 -------- d-----w- c:\programdata\Microsoft Help

2009-12-07 18:33 . 2009-12-07 18:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_MijUfilt_01009.Wdf

2009-12-06 16:41 . 2009-11-26 15:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-12-06 16:41 . 2009-11-26 15:27 -------- d-----w- c:\program files\AGEIA Technologies

2009-12-04 11:26 . 2009-12-02 17:29 -------- d-----w- c:\program files\Common Files\Steam

2009-12-04 11:26 . 2009-11-26 13:43 110080 ----a-w- c:\users\ShinMoteuchi\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-04 02:04 . 2009-12-02 07:50 -------- d-----w- c:\program files\Microsoft Works

2009-12-02 19:12 . 2009-12-02 19:12 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\OpenFM

2009-12-02 07:49 . 2009-12-02 07:49 -------- d-----w- c:\program files\Microsoft.NET

2009-12-01 21:12 . 2009-12-01 21:12 -------- d-----w- c:\program files\SystemRequirementsLab

2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll

2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe

2009-11-28 02:18 . 2009-11-26 15:50 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-28 00:12 . 2009-11-28 00:12 -------- d-----w- c:\program files\ND Games

2009-11-27 23:05 . 2009-11-27 23:04 109 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat

2009-11-27 23:05 . 2009-11-27 23:05 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWMP\unins000.exe

2009-11-27 23:04 . 2009-11-27 23:04 -------- d-----w- c:\programdata\Last.fm

2009-11-27 23:04 . 2009-11-27 23:04 683801 ----a-w- c:\programdata\Last.fm\Client\UninstFoo3\unins000.exe

2009-11-27 23:03 . 2009-11-27 23:03 -------- d-----w- c:\program files\Last.fm

2009-11-27 00:03 . 2009-11-27 00:03 -------- d-----w- c:\program files\Common Files\Skype

2009-11-27 00:03 . 2009-11-27 00:03 -------- d-----r- c:\program files\Skype

2009-11-27 00:03 . 2009-11-27 00:03 -------- d-----w- c:\programdata\Skype

2009-11-27 00:01 . 2009-11-27 00:01 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\MAXON

2009-11-27 00:00 . 2009-11-27 00:00 -------- d-----w- c:\program files\MAXON

2009-11-26 23:28 . 2009-11-26 23:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2009-11-26 23:02 . 2009-11-26 23:02 -------- d-----w- c:\program files\Guitar Pro 5

2009-11-26 22:53 . 2009-11-26 22:53 -------- d-----w- c:\program files\AP Tuner

2009-11-26 15:49 . 2009-11-26 15:47 -------- d-----w- c:\program files\Windows Live

2009-11-26 15:49 . 2009-11-26 15:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-11-26 15:48 . 2009-11-26 15:48 -------- d-----w- c:\program files\Microsoft

2009-11-26 15:47 . 2009-11-26 15:47 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-11-26 15:14 . 2009-11-26 15:14 -------- d-----w- c:\program files\2K Games

2009-11-26 15:11 . 2009-11-26 14:36 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-26 15:10 . 2009-11-26 15:10 -------- d-----w- c:\program files\Common Files\Control Panels

2009-11-26 15:08 . 2009-11-26 15:08 -------- d-----w- c:\programdata\ALM

2009-11-26 15:04 . 2009-11-26 15:04 -------- d-----w- c:\program files\QuickTime

2009-11-26 15:03 . 2009-11-26 15:03 -------- d-----w- c:\program files\Common Files\Windows Live

2009-11-26 14:55 . 2009-11-26 14:11 -------- d-----w- c:\program files\Common Files\InstallShield

2009-11-26 14:55 . 2009-11-26 14:37 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\DAEMON Tools Lite

2009-11-26 14:45 . 2009-11-26 14:45 -------- d-----w- c:\program files\uTorrent

2009-11-26 14:39 . 2009-11-26 14:39 -------- d-----w- c:\program files\Bonjour

2009-11-26 14:38 . 2009-11-26 14:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-11-26 14:37 . 2009-11-26 14:37 -------- d-----w- c:\programdata\DAEMON Tools Lite

2009-11-26 14:37 . 2009-11-26 14:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2009-11-26 14:33 . 2009-11-26 14:33 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\Media Player Classic

2009-11-26 14:32 . 2009-11-26 14:32 -------- d-----w- c:\program files\MPC

2009-11-26 14:22 . 2009-11-26 14:22 -------- d-----w- c:\program files\Alwil Software

2009-11-26 14:21 . 2009-11-26 14:21 -------- d-----w- c:\program files\7-Zip

2009-11-26 14:12 . 2009-11-26 14:08 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\Gadu-Gadu 10

2009-11-26 14:11 . 2009-11-26 14:11 -------- d-----w- c:\program files\VIA

2009-11-26 14:02 . 2009-11-26 14:02 -------- d-----w- c:\users\ShinMoteuchi\AppData\Roaming\ATI

2009-11-26 14:02 . 2009-11-26 14:02 -------- d-----w- c:\programdata\ATI

2009-11-26 14:02 . 2009-11-26 13:59 -------- d-----w- c:\program files\ATI Technologies

2009-11-26 14:01 . 2009-11-26 14:01 10134 ----a-r- c:\users\ShinMoteuchi\AppData\Roaming\Microsoft\Installer\{93F22EEC-DAD6-1D0D-E208-03FDA1B58F01}\ARPPRODUCTICON.exe

2009-11-26 13:59 . 2009-11-26 13:59 -------- d-----w- c:\program files\ATI

2009-11-26 13:39 . 2009-11-26 13:39 -------- d-sh--we c:\programdata\Ulubione

2009-11-26 13:39 . 2009-11-26 13:39 -------- d-sh--we c:\programdata\Szablony

2009-11-26 13:39 . 2009-11-26 13:39 -------- d-sh--we c:\programdata\Pulpit

2009-11-26 13:39 . 2009-11-26 13:39 -------- d-sh--we c:\programdata\Menu Start

2009-11-26 13:39 . 2009-11-26 13:39 -------- d-sh--we c:\programdata\Dokumenty

2009-11-26 13:39 . 2009-11-26 13:39 -------- d-sh--we c:\programdata\Dane aplikacji

2009-11-26 13:32 . 2009-11-26 13:32 0 ----a-w- c:\windows\ativpsrm.bin

2009-11-24 23:54 . 2009-11-26 14:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-24 23:50 . 2009-11-26 14:23 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-24 23:50 . 2009-11-26 14:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-24 23:49 . 2009-11-26 14:22 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-11-24 23:49 . 2009-11-26 14:23 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-24 23:48 . 2009-11-26 14:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-24 23:47 . 2009-11-26 14:23 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-23 10:53 . 2009-11-23 10:53 37376 ----a-w- c:\users\ShinMoteuchi\AppData\Roaming\Gadu-Gadu 10\_userdata\ggbho.2.dll

2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll

2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll

2009-11-02 19:42 . 2009-11-26 13:59 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 07:22 . 2009-11-28 02:00 2048 ----a-w- c:\windows\system32\tzres.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\users\ShinMoteuchi\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-26 135664]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2009-12-09 73728]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 1486848]

"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-26 149280]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-11-26 114768]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [2009-08-18 176128]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-11-26 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-11-26 53328]

R2 ftpsvc;Usługa FTP firmy Microsoft;c:\windows\system32\svchost.exe -k ftpsvc [2009-07-14 20992]

R2 MijBThidt;MijBThidt;c:\windows\System32\drivers\MijBThidt.sys [2010-01-04 11168]

R3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [2009-06-10 139776]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2009-11-26 1077760]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-11-26 691696]

S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\System32\drivers\dualshock3.sys [2009-12-07 15616]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\System32\drivers\libusb0.sys [2009-12-11 33792]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\System32\drivers\MijXfilt.sys [2009-12-11 47616]

S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 52080]

 

--- Inne Usługi/Sterowniki w Pamięci ---

 

*Deregistered* - xzpbgn

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

ftpsvc REG_MULTI_SZ ftpsvc

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Zawartość folderu 'Zaplanowane zadania'

 

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3534772978-3817647346-2319826740-1000Core.job

- c:\users\ShinMoteuchi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-26 13:43]

 

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3534772978-3817647346-2319826740-1000UA.job

- c:\users\ShinMoteuchi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-26 13:43]

.

.

------- Skan uzupełniający -------

.

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: {2E3B0CA4-87BA-4CF5-9063-3469C56DDFCE} = 194.204.159.1,194.204.152.34

.

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85B79841]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

IoDeviceObjectType -> DumpProcedure -> 0x50666c43

SecurityProcedure -> 0x89c05570

QueryNameProcedure -> 0x180018

user & kernel MBR OK

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xzpbgn]

 

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

 

[HKEY_USERS\S-1-5-21-3534772978-3817647346-2319826740-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Czas ukończenia: 2010-01-05 14:04:33

ComboFix-quarantined-files.txt 2010-01-05 13:04

ComboFix2.txt 2010-01-04 22:41

 

Przed: 82 412 949 504 bajtów wolnych

Po: 82 350 899 200 bajtów wolnych

 

- - End Of File - - 14F8CEBEB565CCC85AEF0A0CF025B0B4

 

Help plox?

[laik komputerowy 0]

Witam. Spędziłem dzisiaj mnóstwo czasu w poszukiwaniu jakiegoś sensownego rozwiązania problemu z trojanem win32 onlinegames. Wklejam log (ComboFix)i proszę o POMOC!!! zależy mi na odzyskaniu danych.

 

 

 

 

 

ComboFix 10-02-28.04 - Paweł 2010-03-01 15:40:12.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.255.125 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Paweł\Moje dokumenty\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

c:\docume~1\PAWE~1\USTAWI~1\Temp\cvasds0.dll

c:\docume~1\PAWE~1\USTAWI~1\Temp\herss.exe

C:\s1.exe

C:\wisf1.exe

E:\Autorun.inf

E:\s1.exe

 

.

((((((((((((((((((((((((( Pliki utworzone od 2010-02-01 do 2010-03-01 )))))))))))))))))))))))))))))))

.

 

2010-03-01 10:05 . 2010-03-01 10:05 -------- d-----w- C:\_OTL

2010-02-17 19:20 . 2010-02-17 19:24 -------- d-----w- c:\program files\Nowe Gadu-Gadu

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-28 08:46 . 2010-01-27 18:33 -------- d-----w- c:\program files\Notation

2010-01-21 18:19 . 2009-01-16 15:01 -------- d--h--w- c:\program files\InstallShield Installation Information

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-28 39408]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-08-15 1696256]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_15\bin\jusched.exe" [2008-02-09 75256]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port

 

R3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [2008-12-31 70528]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.wp.pl/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\mo8p2tep.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530240&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Softonic-Polska Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\documents and settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\mo8p2tep.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\mo8p2tep.default\extensions\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\components\RadioWMPCore.dll

FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJPI150_15.dll

FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPOJI610.dll

.

- - - - USUNIĘTO PUSTE WPISY - - - -

 

HKCU-Run-Expressivo - c:\program files\ivo\Expressivo Demo\expressivo.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-01 15:57

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

Czas ukończenia: 2010-03-01 16:03:22

ComboFix-quarantined-files.txt 2010-03-01 15:03

 

Przed: 13 089 898 496 bajtów wolnych

Po: 13 075 476 480 bajtów wolnych

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 87A783A6FA1C385A766BBF3F6DAFB5B9

[tehawanka 0]

Log wygląda OK

Skasuj kwarantannę od ComboFix - C:\Qoobox

Wyłącz na chwilę przywracanie systemu (punkt 19) - Klik

Foldery tymczasowe wyczyść za pomocą TFC

Zabezpiecz się przed infekcją z pendrive: Panda USB Vaccine lub Flash Disinfector

[laik komputerowy 0]

Dzięki za podpowiedzi jednak mam jeszcze pytanie. Jak uzyc tych programow do czyszczenia pen drive?? bo jak podłacze go do kompa to załączy się autorun i automatycznie trojany znowu zainfekują mi kompa.

[tehawanka 0]

Autoodtwarzanie nie działa, bo ta opcja została zablokowana przez ComboFix.

Zresztą Panda USB Vaccine też ma opcję wyłączenia autoodtwarzania - Vaccinate computer

Podłącz pendrive i użyj opcji Vaccinate USB lub uruchom Flash Disinfector.

[laik komputerowy 0]

Zrobilem tak jak mi radziłeś, ale mam jeszcze jedno pytanie, bo chyba tu jakiś niechciany problem wyszedł tzn. jak włączam komputer przed ładowaniem systemu wyświetla mi się informacja dotycząca systemu awaryjnego i za chwilę odpala się system domyślam się że coś z systemu poleciało.

[tehawanka 0]

Pewnie chodzi o konsolę odzyskiwania której instalację proponuje ComboFix.

Panel Sterowania >>> System >>> Zaawansowane >>> Uruchamianie i odzyskiwanie >>> Ustawienia >>> Uruchamianie systemu >>> Edytuj

Skasuj jedną linię i zapisz zmiany:

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

Resztę pozostaw bez zmian.

[laik komputerowy 0]

Znalazłem cos takiego i wydaje mi się że jest tak jak mi podałeś

 

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[tehawanka 0]

Masz usunąć linijkę o której napisałem wcześniej.

Usuń to, co zaznaczyłem na czerwono i zapisz zmiany.

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[laik komputerowy 0]

no faktycznie nie zrozumiałem poprzedniego posta. Oczywiście zrobiłem to jak trzeba i jest już wszystko w porządku. No i pierwsze takie czyszczonko mam za sobą uffff. Najgorsze że pozostał jeszcze drugi komputer z tym samym swiństwem. WIELKIE DZIĘKI

[laik komputerowy 0]

Witam ponownie. Robie kolejny komputer i proszę o sprawdzenie log-a

 

 

 

ComboFix 10-03-07.05 - Paweł 2010-03-08 13:02:28.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.675 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Paweł\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

c:\docume~1\PAWE~1\USTAWI~1\Temp\cvasds0.dll

c:\docume~1\PAWE~1\USTAWI~1\Temp\herss.exe

c:\documents and settings\Paweł\upded1.exe

C:\s1.exe

c:\windows\system32\ieuinit.inf

D:\autorun.inf

D:\s1.exe

 

.

((((((((((((((((((((((((( Pliki utworzone od 2010-02-08 do 2010-03-08 )))))))))))))))))))))))))))))))

.

 

2010-03-08 11:59 . 2010-03-08 11:59 -------- d-----r- C:\S-1-5-21-1486516501-1644491937-682103330-1013

2010-03-08 11:49 . 2010-03-08 11:49 -------- d-----w- c:\windows\LastGood

2010-03-05 16:24 . 2010-03-08 11:59 -------- d-----r- C:\S-1-5-21-1486576501-1644491937-682003330-1013

2010-02-26 18:50 . 2010-02-26 19:09 -------- d-----w- c:\program files\Skijumping 2007

2010-02-25 19:45 . 2010-02-25 19:45 -------- d-----r- C:\Ozzy

2010-02-14 17:01 . 2010-02-21 15:30 -------- d-----w- c:\program files\SimTractor 4.1

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-21 15:59 . 2010-01-31 19:33 -------- d-----w- c:\program files\IrfanView

2010-02-06 19:38 . 2009-03-05 17:18 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-01 14:04 . 2010-02-01 14:02 -------- d-----w- c:\program files\AVS4YOU

2010-02-01 14:03 . 2010-02-01 14:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVS4YOU

2010-02-01 14:02 . 2010-02-01 14:02 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-02-01 13:43 . 2010-02-01 13:41 -------- d-----w- c:\program files\Winamp

2010-02-01 13:41 . 2010-02-01 13:41 -------- d-----w- c:\program files\Winamp Detect

2010-01-31 19:35 . 2010-01-31 19:33 -------- d-----w- c:\program files\Google

2010-01-24 08:36 . 2010-01-24 08:36 -------- d-----w- c:\program files\Kolekcja Klasyki

2010-01-17 12:57 . 2009-04-14 06:58 -------- d-----w- c:\program files\Leksykonia

2010-01-10 14:42 . 2010-01-10 14:34 126861 ----a-w- c:\windows\HPHins12.dat

2010-01-10 14:38 . 2010-01-10 14:38 -------- d-----w- c:\program files\Common Files\HP

2010-01-10 14:38 . 2009-03-08 13:22 -------- d-----w- c:\program files\HP

2010-01-10 14:37 . 2010-01-10 14:37 -------- d-----w- c:\program files\Hewlett-Packard

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-31 39408]

"Internet Security Updates"="c:\s-1-5-21-1486516501-1644491937-682103330-1013\zupdate.exe" [2010-03-08 65536]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-01-09 65536]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-26 77824]

"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-08-15 1696256]

"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2009-03-17 434176]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2005-3-10 757760]

Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

 

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-03-06 685816]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://wp.pl/

uInternet Connection Wizard,ShellNext = hxxp://www.wp.pl/

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\vdvor6y7.default\

FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-08 13:08

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

Czas ukończenia: 2010-03-08 13:10:22

ComboFix-quarantined-files.txt 2010-03-08 12:10

 

Przed: 38 353 936 384 bajtów wolnych

Po: 40 286 724 096 bajtów wolnych

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 5C8B582D58C7AF4E6F80F186BDA365A7

[tehawanka 0]

Do usuwania prostej infekcji z pendrive nie używa się ComboFix.

1. Pobierz i uruchom OTL

Do okna Custom Scans/Fixes wklej:

:Files
C:\S-1-5-21-1486516501-1644491937-682103330-1013
C:\S-1-5-21-1486576501-1644491937-682003330-1013

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Internet Security Updates"=-

:Commands
[emptytemp]
[Reboot]

Kliknij Run Fix i zatwierdź restart.

 

2. Do okna Custom Scans/Fixes wklej:

netsvcs
C:\*.*
D:\*.*

Zaznacz opcje Scan All Users, LOP Check, Purity Check i kliknij Run Scan

Log umieść tutaj i podaj link.

[laik komputerowy 0]

Mam jeszcze jedno pytanie bo avast 5 znajduje mi win32 Malware gen, a znajduje sie on w Document and Setting/Paweł/update31

 

Może ktoś mi powiedzieć za co ten plik może odpowiadać i czy jest on groźny??