Skocz do zawartości
barTTuss

Win32/afee.a

Przez barTTuss, w Centrum Bezpieczeństwa

Rekomendowane odpowiedzi

barTTuss Newbie

barTTuss

Opublikowano
Opublikowano (edytowane)

Witam.

 

Od niedawna po zainstalowaniu avasta home i włączeniu ochrony program wykrywa kazdy plik .*exe jako wirus.

 

SS:

http://img234.imageshack.us/img234/6458/beztytuuey2.jpg

 

Log z HijackThis:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log"
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:07:18, on 2008-10-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

F:\Program Files\Alwil Software\Avast4\ashServ.exe

F:\WINDOWS\Explorer.EXE

F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

F:\Program Files\Unlocker\UnlockerAssistant.exe

F:\Program Files\DAEMON Tools Lite\daemon.exe

F:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

F:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\system32\HPZipm12.exe

F:\WINDOWS\system32\PnkBstrA.exe

F:\WINDOWS\system32\PnkBstrB.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\wscntfy.exe

F:\Program Files\Winamp\winamp.exe

F:\Program Files\Mozilla Firefox\firefox.exe

F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - F:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [unlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: RocketDock.lnk = F:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = F:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: Y'z Shadow.lnk = F:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - F:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 4375 bytes

combofix:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "combofix"
ComboFix 08-10-23.08 - Admin 2008-10-24 14:19:10.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3189 [GMT 2:00]

Uruchomiony z: F:\Documents and Settings\Admin\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

Error: Cfiles.dat

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

F:\Documents and Settings\Admin\Dane aplikacji\inst.exe

F:\WINDOWS\system32\systeminfo3.dll

 

.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-24 do 2008-10-24 )))))))))))))))))))))))))))))))

.

 

2008-10-24 13:03 . 2008-10-24 13:06 <DIR> d-------- F:\Program Files\Yahoo!

2008-10-24 13:03 . 2008-10-24 13:03 <DIR> d-------- F:\Program Files\CCleaner

2008-10-23 20:09 . 1996-01-12 00:00 722,192 --a------ F:\WINDOWS\system32\VB40032.DLL

2008-10-23 20:09 . 1997-07-19 17:00 604,432 --a------ F:\WINDOWS\system32\COMCTL32.OCX

2008-10-23 20:09 . 1997-02-17 18:24 519,680 --a------ F:\WINDOWS\system32\DBGRID32.OCX

2008-10-23 20:09 . 1998-10-07 12:54 327,168 --a------ F:\WINDOWS\IsUn0415.exe

2008-10-23 20:09 . 1997-07-19 17:00 227,600 --a------ F:\WINDOWS\system32\MSFLXGRD.OCX

2008-10-23 20:09 . 1997-07-19 17:00 204,048 --a------ F:\WINDOWS\system32\DBLIST32.OCX

2008-10-23 20:09 . 1997-07-19 17:00 155,920 --a------ F:\WINDOWS\system32\COMCT232.OCX

2008-10-23 20:09 . 1997-07-19 17:00 129,808 --a------ F:\WINDOWS\system32\COMDLG32.OCX

2008-10-23 17:26 . 2008-10-23 17:26 <DIR> d-------- F:\Program Files\SubEdit-Player

2008-10-23 17:25 . 2008-10-23 17:25 <DIR> d-------- F:\Program Files\ffdshow

2008-10-23 16:11 . 2008-10-23 16:11 <DIR> d-------- F:\Program Files\DAEMON Tools Toolbar

2008-10-23 16:11 . 2008-10-23 16:11 <DIR> d-------- F:\Program Files\DAEMON Tools Lite

2008-10-23 15:49 . 2008-10-23 15:58 <DIR> d-------- F:\Documents and Settings\Admin\Dane aplikacji\Vso

2008-10-23 15:49 . 2008-10-23 15:49 47,360 --a------ F:\WINDOWS\system32\drivers\pcouffin.sys

2008-10-23 15:49 . 2008-10-23 15:58 47,360 --a------ F:\Documents and Settings\Admin\Dane aplikacji\pcouffin.sys

2008-10-22 21:42 . 2008-10-22 21:42 <DIR> d-------- F:\WINDOWS\Logs

2008-10-22 21:42 . 2008-05-30 14:11 3,850,760 --a------ F:\WINDOWS\system32\D3DX9_38.dll

2008-10-22 21:42 . 2008-05-30 14:11 1,491,992 --a------ F:\WINDOWS\system32\D3DCompiler_38.dll

2008-10-22 21:42 . 2008-05-30 14:19 507,400 --a------ F:\WINDOWS\system32\XAudio2_1.dll

2008-10-22 21:42 . 2008-05-30 14:11 467,984 --a------ F:\WINDOWS\system32\d3dx10_38.dll

2008-10-22 21:42 . 2008-05-30 14:18 238,088 --a------ F:\WINDOWS\system32\xactengine3_1.dll

2008-10-22 21:42 . 2008-05-30 14:17 65,032 --a------ F:\WINDOWS\system32\XAPOFX1_0.dll

2008-10-22 21:42 . 2008-05-30 14:17 25,608 --a------ F:\WINDOWS\system32\X3DAudio1_4.dll

2008-10-22 21:41 . 2008-10-22 21:41 <DIR> d-------- F:\WINDOWS\system32\LogFiles

2008-10-22 21:41 . 2008-10-22 21:41 2,250,024 --a------ F:\WINDOWS\system32\pbsvc.exe

2008-10-22 21:41 . 2008-10-22 21:41 107,832 --a------ F:\WINDOWS\system32\PnkBstrB.exe

2008-10-22 21:41 . 2008-10-22 21:41 66,872 --a------ F:\WINDOWS\system32\PnkBstrA.exe

2008-10-22 21:41 . 2008-10-22 21:41 22,328 --a------ F:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-10-22 21:41 . 2008-10-22 21:41 22,328 --a------ F:\Documents and Settings\Admin\Dane aplikacji\PnkBstrK.sys

2008-10-22 18:40 . 2008-10-22 18:40 <DIR> d-------- F:\Program Files\EA Sports

2008-10-22 17:29 . 2008-10-23 15:43 <DIR> d-------- F:\Documents and Settings\Admin\Dane aplikacji\Nero

2008-10-22 17:16 . 2008-10-22 17:21 <DIR> d-------- F:\Program Files\Nero

2008-10-22 16:57 . 2008-10-22 17:21 4,767 --a------ F:\WINDOWS\Irremote.ini

2008-10-22 16:56 . 2008-10-22 16:56 <DIR> d-------- F:\Program Files\Windows Sidebar

2008-10-22 16:49 . 2008-10-22 17:27 <DIR> d-------- F:\Program Files\Common Files\Nero

2008-10-22 16:49 . 2008-10-22 16:53 <DIR> d-------- F:\Documents and Settings\All Users\Dane aplikacji\Nero

2008-10-22 15:49 . 2008-10-22 15:55 862,240 --ahs---- F:\WINDOWS\system32\drivers\fidbox.dat

2008-10-22 15:49 . 2008-10-22 15:55 14,312 --ahs---- F:\WINDOWS\system32\drivers\fidbox.idx

2008-10-21 18:24 . 2008-10-21 18:24 <DIR> d-------- F:\Program Files\Damian Pasternak

2008-10-21 17:34 . 2008-10-22 14:39 <DIR> d-------- F:\Program Files\Winamp

2008-10-21 17:34 . 2008-10-21 18:03 <DIR> d-------- F:\Documents and Settings\Admin\Dane aplikacji\Winamp

2008-10-20 16:29 . 2008-10-20 16:29 <DIR> dr-h----- F:\Documents and Settings\Admin\Dane aplikacji\SecuROM

2008-10-20 16:29 . 2008-10-22 21:44 107,888 --a------ F:\WINDOWS\system32\CmdLineExt.dll

2008-10-20 16:22 . 2008-03-05 15:56 3,786,760 --a------ F:\WINDOWS\system32\D3DX9_37.dll

2008-10-20 16:22 . 2008-03-05 15:56 1,420,824 --a------ F:\WINDOWS\system32\D3DCompiler_37.dll

2008-10-20 16:22 . 2008-03-05 16:03 479,752 --a------ F:\WINDOWS\system32\XAudio2_0.dll

2008-10-20 16:22 . 2008-02-05 23:07 462,864 --a------ F:\WINDOWS\system32\d3dx10_37.dll

2008-10-20 16:22 . 2008-03-05 16:03 238,088 --a------ F:\WINDOWS\system32\xactengine3_0.dll

2008-10-20 16:22 . 2008-03-05 16:00 25,608 --a------ F:\WINDOWS\system32\X3DAudio1_3.dll

2008-10-20 16:21 . 2008-10-20 16:21 <DIR> d-------- F:\WINDOWS\system32\AGEIA

2008-10-20 16:21 . 2008-10-22 21:38 <DIR> d-------- F:\Program Files\Ubisoft

2008-10-20 16:21 . 2008-10-20 16:21 <DIR> d-------- F:\Program Files\Common Files\Wise Installation Wizard

2008-10-20 16:21 . 2008-10-20 16:21 <DIR> d-------- F:\Program Files\AGEIA Technologies

2008-10-20 16:21 . 2007-10-12 15:14 3,734,536 --a------ F:\WINDOWS\system32\d3dx9_36.dll

2008-10-20 16:21 . 2007-07-19 18:14 3,727,720 --a------ F:\WINDOWS\system32\d3dx9_35.dll

2008-10-20 16:21 . 2007-10-12 15:14 1,374,232 --a------ F:\WINDOWS\system32\D3DCompiler_36.dll

2008-10-20 16:21 . 2007-07-19 18:14 1,358,192 --a------ F:\WINDOWS\system32\D3DCompiler_35.dll

2008-10-20 16:21 . 2007-10-02 09:56 444,776 --a------ F:\WINDOWS\system32\d3dx10_36.dll

2008-10-20 16:21 . 2007-07-19 18:14 444,776 --a------ F:\WINDOWS\system32\d3dx10_35.dll

2008-10-20 16:21 . 2007-10-22 03:39 267,272 --a------ F:\WINDOWS\system32\xactengine2_10.dll

2008-10-20 16:21 . 2007-07-20 00:57 267,112 --a------ F:\WINDOWS\system32\xactengine2_9.dll

2008-10-20 14:43 . 2008-10-20 14:43 <DIR> d-------- F:\Documents and Settings\Admin\Dane aplikacji\ESET

2008-10-20 14:43 . 2008-03-03 14:25 5,702 --ah----- F:\WINDOWS\nod32restoretemdono.reg

2008-10-20 14:43 . 2008-03-03 18:21 568 --ah----- F:\WINDOWS\nod32fixtemdono.reg

2008-10-20 14:42 . 2008-10-20 14:42 <DIR> d-------- F:\Program Files\ESET

2008-10-20 14:42 . 2008-10-20 14:42 <DIR> d-------- F:\Documents and Settings\All Users\Dane aplikacji\ESET

2008-10-19 19:51 . 2008-10-23 15:58 <DIR> d-------- F:\Documents and Settings\Admin\Dane aplikacji\skypePM

2008-10-19 19:51 . 2008-10-19 19:51 56 --ah----- F:\WINDOWS\system32\ezsidmv.dat

2008-10-19 19:50 . 2008-10-19 19:50 <DIR> d-------- F:\Program Files\Skype

2008-10-19 19:50 . 2008-10-19 19:50 <DIR> d-------- F:\Program Files\Common Files\Skype

2008-10-19 19:50 . 2008-10-19 19:50 <DIR> d-------- F:\Documents and Settings\All Users\Dane aplikacji\Skype

2008-10-19 19:50 . 2008-10-23 15:58 <DIR> d-------- F:\Documents and Settings\Admin\Dane aplikacji\Skype

2008-10-19 18:55 . 2008-10-19 18:55 3,888,054 --a------ F:\WINDOWS\BricoPack Wallpaper.bmp

2008-10-19 18:55 . 2008-10-19 18:55 65,109 --a------ F:\WINDOWS\BricoPackUninst.cmd

2008-10-19 18:55 . 2008-10-19 18:55 6,114 --a------ F:\WINDOWS\BricoPackFoldersDelete.cmd

2008-10-19 18:54 . 2008-10-19 18:54 <DIR> d-------- F:\WINDOWS\BricoPacks

2008-10-19 18:47 . 2008-10-19 18:47 <DIR> d-------- F:\WINDOWS\system32\VIRepair

2008-10-19 18:45 . 2008-10-19 18:45 <DIR> d-------- F:\Documents and Settings\Admin\Dane aplikacji\ViStart

2008-10-19 18:44 . 2008-10-19 18:48 <DIR> d-------- F:\WINDOWS\system32\VITrans

2008-10-19 18:44 . 2008-10-19 18:44 <DIR> d-------- F:\VTPFiles

2008-10-19 18:44 . 2008-10-19 18:44 <DIR> d-------- F:\Program Files\WinFlip

2008-10-19 18:44 . 2008-10-19 18:44 <DIR> d-------- F:\Program Files\TrueTransparency

2008-10-19 18:44 . 2008-10-19 18:47 <DIR> d-------- F:\Program Files\Styler

2008-10-19 18:44 . 2008-10-19 18:44 <DIR> d-------- F:\Documents and Settings\Admin\Dane aplikacji\Styler

2008-10-19 18:44 . 2006-12-03 17:15 111,104 --a------ F:\WINDOWS\system32\Uharc.exe

2008-10-19 18:44 . 2004-11-27 19:00 94,208 --a------ F:\WINDOWS\system32\pskill.exe

2008-10-19 18:44 . 2006-12-03 17:15 69,632 --a------ F:\WINDOWS\system32\moveex.exe

2008-10-19 18:44 . 2006-12-03 17:15 19,968 --a------ F:\WINDOWS\system32\reico.exe

2008-10-19 18:44 . 2006-12-03 17:14 8,636 --a------ F:\WINDOWS\system32\modifype.exe

2008-10-18 22:18 . 2008-10-18 22:18 <DIR> d-------- F:\Program Files\Trend Micro

2008-10-18 18:53 . 2008-10-18 18:53 <DIR> d-------- F:\Program Files\Common Files\HP

2008-10-18 18:53 . 2008-10-18 18:53 <DIR> d-------- F:\Documents and Settings\All Users\Dane aplikacji\HP

2008-10-18 18:53 . 2008-10-18 18:53 <DIR> d-------- F:\Documents and Settings\Admin\Dane aplikacji\HP

2008-10-18 18:52 . 2008-10-18 18:52 <DIR> d-------- F:\Program Files\Hewlett-Packard

2008-10-18 18:52 . 2008-10-18 18:52 <DIR> d-------- F:\Program Files\Common Files\Hewlett-Packard

2008-10-18 18:52 . 2006-04-12 12:04 49,664 -ra------ F:\WINDOWS\system32\drivers\HPZid412.sys

2008-10-18 18:52 . 2006-04-12 12:04 16,496 -ra------ F:\WINDOWS\system32\drivers\HPZipr12.sys

2008-10-18 18:51 . 1998-10-29 16:45 306,688 --a------ F:\WINDOWS\IsUninst.exe

2008-10-18 18:51 . 2006-03-03 21:03 282,680 --a------ F:\WINDOWS\system32\HPZidr12.dll

2008-10-18 18:51 . 2006-03-03 21:02 204,800 --a------ F:\WINDOWS\system32\HPZipr12.dll

2008-10-18 18:51 . 2006-03-03 21:02 94,208 --a------ F:\WINDOWS\system32\HPZipt12.dll

2008-10-18 18:51 . 2006-01-03 19:12 77,824 -ra------ F:\WINDOWS\system32\HPZIDS01.dll

2008-10-18 18:51 . 2006-03-03 21:03 69,632 --a------ F:\WINDOWS\system32\HPZipm12.exe

2008-10-18 18:51 . 2006-03-03 21:03 65,536 --a------ F:\WINDOWS\system32\HPZinw12.exe

2008-10-18 18:51 . 2006-03-03 21:02 57,344 --a------ F:\WINDOWS\system32\HPZisn12.dll

2008-10-18 18:51 . 2006-04-10 14:03 48,128 --a------ F:\WINDOWS\system32\hpzll054.dll

2008-10-18 18:50 . 2008-10-18 18:52 <DIR> d-------- F:\Program Files\HP

2008-10-18 18:49 . 2008-10-18 18:54 120,250 --a------ F:\WINDOWS\hpoins11.dat

2008-10-18 18:49 . 2004-08-03 23:08 31,616 --a------ F:\WINDOWS\system32\drivers\usbccgp.sys

2008-10-18 18:49 . 2004-08-03 23:08 31,616 --a--c--- F:\WINDOWS\system32\dllcache\usbccgp.sys

2008-10-18 18:49 . 2004-08-03 23:01 25,856 --a------ F:\WINDOWS\system32\drivers\usbprint.sys

2008-10-18 18:49 . 2004-08-03 23:01 25,856 --a--c--- F:\WINDOWS\system32\dllcache\usbprint.sys

2008-10-18 17:19 . 2007-04-09 13:23 28,040 --a------ F:\WINDOWS\system32\mdimon.dll

2008-10-18 17:19 . 2008-10-18 17:19 421 --a------ F:\WINDOWS\ODBC.INI

2008-10-18 17:18 . 2008-10-18 17:18 <DIR> d-------- F:\WINDOWS\SHELLNEW

2008-10-18 17:18 . 2008-10-18 17:18 <DIR> d-------- F:\Program Files\Microsoft.NET

2008-10-18 16:30 . 2008-10-22 15:43 <DIR> d-------- F:\Program Files\A-Ray Scanner

2008-10-18 15:02 . 2008-10-18 15:02 <DIR> d-------- F:\Program Files\Sierra Entertainment

2008-10-18 14:58 . 2008-10-18 14:58 <DIR> d-------- F:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools Pro

2008-10-18 14:57 . 2008-10-18 14:59 <DIR> d-------- F:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro

2008-10-18 14:55 . 2004-08-03 23:08 26,496 --a--c--- F:\WINDOWS\system32\dllcache\usbstor.sys

2008-10-18 14:48 . 2008-10-18 14:48 <DIR> d-------- F:\Program Files\NSIS

2008-10-18 14:17 . 2004-08-04 00:44 159,232 --a------ F:\WINDOWS\system32\ptpusd.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-24 11:07 --------- d-----w F:\Program Files\Lineage II

2008-10-23 19:47 --------- d-----w F:\Documents and Settings\Admin\Dane aplikacji\uTorrent

2008-10-22 19:38 --------- d--h--w F:\Program Files\InstallShield Installation Information

2008-10-19 16:55 219,648 ----a-w F:\WINDOWS\system32\uxtheme.dll

2008-10-19 16:22 --------- d-----w F:\Program Files\Tlen.pl

2008-10-17 14:35 --------- d-----w F:\Program Files\Unlocker

2008-10-17 14:10 --------- d-----w F:\Program Files\uTorrent

2008-10-17 13:55 --------- d-----w F:\Program Files\Common Files\Adobe

2008-10-17 13:45 --------- d-----w F:\Program Files\Alwil Software

2008-10-17 13:45 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\tlen.pl

2008-10-17 13:45 --------- d-----w F:\Documents and Settings\Admin\Dane aplikacji\Tlen.pl

2008-10-17 13:36 --------- d-----w F:\Program Files\Java

2008-10-17 13:35 --------- d-----w F:\Program Files\Common Files\Java

2008-10-17 13:17 --------- d-----w F:\Program Files\My Company Name

2008-10-17 13:15 --------- d-----w F:\Program Files\Common Files\InstallShield

2008-10-17 13:12 --------- d-----w F:\Program Files\Realtek

2008-10-17 13:12 --------- d-----w F:\Documents and Settings\Admin\Dane aplikacji\InstallShield

2008-10-17 13:11 16,608 ----a-w F:\WINDOWS\gdrv.sys

2008-10-17 13:10 315,392 ----a-w F:\WINDOWS\HideWin.exe

2008-10-17 13:08 --------- d-----w F:\Program Files\Intel

2008-10-17 13:02 --------- d-----w F:\Program Files\microsoft frontpage

2008-10-17 13:00 --------- d-----w F:\Program Files\Usługi online

.

 

------- Sigcheck -------

 

2004-08-04 02:44 693248 7d46293106e58ca7878509ccc4071f2f F:\WINDOWS\system32\wininet.dll

2004-08-04 02:44 693248 7d46293106e58ca7878509ccc4071f2f F:\WINDOWS\system32\dllcache\wininet.dll

 

2004-08-04 02:44 975872 196c130d31317fe53de984220b5e13b9 F:\WINDOWS\explorer.exe

2004-08-04 02:44 975872 196c130d31317fe53de984220b5e13b9 F:\WINDOWS\system32\dllcache\explorer.exe

 

2004-08-04 02:44 101888 6db9ebc8d26603f3b04c7c2809aaf935 F:\WINDOWS\system32\wuauclt.exe

2004-08-04 02:44 101888 6db9ebc8d26603f3b04c7c2809aaf935 F:\WINDOWS\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="F:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2008-03-11 13520896]

"UnlockerAssistant"="F:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-10-19 24434]

 

F:\Documents and Settings\Admin\Menu Start\Programy\Autostart\

RocketDock.lnk - F:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]

TransBar.lnk - F:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]

Y'z Shadow.lnk - F:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= F:\Program Files\ffdshow\ffdshow.ax

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"F:\\Program Files\\Tlen.pl\\tlen.exe"=

"F:\\Program Files\\uTorrent\\uTorrent.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"F:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"F:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"F:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"F:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"F:\\WINDOWS\\system32\\PnkBstrA.exe"=

"F:\\WINDOWS\\system32\\PnkBstrB.exe"=

"F:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;F:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]

S2 NOD32FiXTemDono;Eset Nod32 Boot;F:\WINDOWS\system32\regedt32.exe [2001-10-26 3584]

 

*Newly Created Service* - PROCEXP90

.

.

------- Skan uzupełniający -------

.

FireFox -: Profile - F:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\llf8wtdf.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - google.pl

FF -: plugin - F:\Program Files\Yahoo!\Common\npyaxmpb.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-24 14:20:03

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

Czas ukończenia: 2008-10-24 14:20:22

ComboFix-quarantined-files.txt 2008-10-24 12:20:20

 

Przed: 25 721 729 024 bajtów wolnych

Po: 27,639,959,552 bajtów wolnych

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

F:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

248

 

Prosze pomóżcie mi to usunąć.

 

Pozdrawiam.

Edytowane przez barTTuss

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

Dołącz do dyskusji

Możesz dodać zawartość już teraz a zarejestrować się później. Jeśli posiadasz już konto, zaloguj się aby dodać zawartość za jego pomocą.

Gość
Dodaj odpowiedź do tematu...

×   Wklejono zawartość z formatowaniem.   Przywróć formatowanie

  Dozwolonych jest tylko 75 emoji.

×   Odnośnik został automatycznie osadzony.   Przywróć wyświetlanie jako odnośnik

×   Przywrócono poprzednią zawartość.   Wyczyść edytor

×   Nie możesz bezpośrednio wkleić grafiki. Dodaj lub załącz grafiki z adresu URL.

Ładowanie
×
Tematy
×
×
  • Dodaj nową pozycję...