Micz3l Opublikowano 19 Stycznia 2009 Zgłoś Opublikowano 19 Stycznia 2009 (edytowane) Witam, proszę o sprawdzenie loga z ComboFix. Komputer po skanowaniu ArcaVirem nadal jest zainfekowany. Spyware Doctor także nie pomaga. ComboFix usuwa robactwo ale po restarcie systemu większość problemów wraca np. dyski otwierające się w nowych oknach i brak możliwości odkrycia ukrytych plików i plików systemowych. Proszę o pomoc. » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log combofix." [size="1"]ComboFix 09-01-18.03 - Bboy JOHN 2009-01-19 12:54:45.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.592 [GMT 1:00]Uruchomiony z: c:\documents and settings\Bboy JOHN\Pulpit\ComboFix.exeAV: ArcaVir *On-access scanning disabled* (Updated)FW: ArcaFirewall 2008 *disabled* * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\autorun.infC:\j60osk9.cmdD:\Autorun.infD:\j60osk9.cmdE:\Autorun.infE:\j60osk9.cmdF:\Autorun.infF:\j60osk9.cmdG:\Autorun.infG:\j60osk9.cmd.((((((((((((((((((((((((( Pliki utworzone od 2008-12-19 do 2009-01-19 ))))))))))))))))))))))))))))))).2009-01-19 11:25 . 2009-01-19 11:27 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Creative2009-01-18 22:00 . 2009-01-18 22:00 162,816 --a------ c:\windows\system32\fmod.dll2009-01-18 19:42 . 2009-01-18 19:42 <DIR> d-------- c:\documents and settings\Bboy JOHN\Dane aplikacji\Crayon Physics Deluxe2009-01-18 13:00 . 2009-01-18 13:34 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ArcaBit2009-01-18 12:58 . 2009-01-18 12:58 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\ArcaBit2009-01-18 12:57 . 2009-01-18 12:57 <DIR> d-------- c:\windows\system32\config\systemprofile\Dane aplikacji\ArcaBit2009-01-18 12:55 . 2009-01-18 12:55 <DIR> d-------- c:\documents and settings\Bboy JOHN\Dane aplikacji\ArcaBit2009-01-18 12:53 . 2009-01-19 12:34 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll2009-01-18 12:52 . 2009-01-19 12:42 108,753 -r-hs---- c:\windows\system32\olhrwef.exe2009-01-18 12:52 . 2009-01-19 12:42 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll2009-01-18 12:51 . 2008-04-14 22:51 70,144 --a------ c:\windows\AhnRpta.exe2009-01-17 22:11 . 2009-01-17 22:11 <DIR> d-------- c:\program files\MDM2009-01-17 22:07 . 2008-02-15 12:30 8,342,798 --a------ C:\mariosncopera9.cab2009-01-17 21:59 . 2009-01-17 21:59 <DIR> d-------- c:\program files\GoDBGames2009-01-17 19:27 . 2009-01-17 19:27 <DIR> d-------- c:\program files\MagicISO2009-01-17 19:16 . 2009-01-17 19:16 <DIR> d-------- c:\documents and settings\Bboy JOHN\Dane aplikacji\Ahead2009-01-17 18:48 . 2009-01-18 12:44 107,289 -r-hs---- C:\v63enh.exe2009-01-16 16:50 . 2009-01-17 21:40 <DIR> d-------- c:\program files\Microsoft ActiveSync2009-01-16 16:50 . 2009-01-16 16:50 <DIR> d-------- c:\program files\AvantGo Connect2009-01-16 16:49 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe2009-01-16 16:49 . 2009-01-16 16:50 2,510 --a------ c:\windows\Microsoft.MIF2009-01-16 08:46 . 2009-01-16 20:55 106,047 -r-hs---- C:\982um3s9.exe2009-01-16 08:46 . 2009-01-18 12:44 89,600 -r-hs---- c:\windows\system32\optyhww1.dll2009-01-15 15:08 . 2009-01-15 15:07 107,336 -r-hs---- C:\lel3cx.com2009-01-15 15:08 . 2009-01-18 12:44 107,289 -r-hs---- c:\windows\system32\urretnd.exe2009-01-15 15:08 . 2009-01-19 12:32 89,600 -r-hs---- c:\windows\system32\optyhww0.dll2009-01-12 20:29 . 2008-12-26 00:08 206,755 --a------ c:\windows\system32\nvapps.nvb2009-01-10 19:04 . 2009-01-10 19:04 <DIR> d-------- c:\program files\Ultra MPEG-4 Converter2009-01-10 19:04 . 2004-01-11 08:02 258,048 --a------ c:\windows\system32\GplMpgDec.ax2009-01-10 19:04 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll2009-01-10 19:04 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll2009-01-10 16:32 . 2009-01-10 16:32 34 --ah----- c:\windows\system32\Converter_sysquict.dat2009-01-10 16:27 . 2009-01-10 16:27 <DIR> d-------- c:\program files\Aerograffects - Convert v5.202009-01-10 16:27 . 2009-01-10 16:27 249,856 --------- c:\windows\Setup1.exe2009-01-10 16:27 . 2009-01-10 16:27 73,216 --a------ c:\windows\ST6UNST.EXE2009-01-10 13:25 . 2009-01-10 13:25 <DIR> d-------- c:\program files\Common Files\DirectX2009-01-10 12:20 . 2009-01-10 12:20 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\FLEXnet2009-01-10 12:04 . 2009-01-10 12:04 <DIR> d-------- c:\program files\Bonjour2009-01-10 11:45 . 2009-01-10 11:45 <DIR> d-------- c:\program files\Common Files\Macrovision Shared2009-01-10 11:07 . 2009-01-19 10:49 <DIR> dr------- c:\documents and settings\Administrator\Ulubione2009-01-10 11:07 . 2009-01-19 11:33 <DIR> d-------- c:\documents and settings\Administrator\Pulpit2009-01-10 11:07 . 2009-01-19 10:49 <DIR> dr------- c:\documents and settings\Administrator\Moje dokumenty2009-01-10 11:07 . 2009-01-10 11:07 <DIR> dr------- c:\documents and settings\Administrator\Menu Start2009-01-10 11:05 . 2009-01-19 12:56 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne2009-01-10 11:05 . 2009-01-10 11:07 <DIR> d--h----- c:\documents and settings\Administrator\Szablony2009-01-10 11:05 . 2009-01-19 12:17 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji2009-01-10 11:05 . 2009-01-10 11:07 <DIR> d-------- c:\documents and settings\Administrator2009-01-09 20:06 . 2009-01-09 20:06 0 --a------ c:\windows\graphedit.INI2009-01-09 19:20 . 2008-04-14 22:50 159,232 --a------ c:\windows\system32\ptpusd.dll2009-01-09 19:20 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys2009-01-09 19:20 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys2009-01-09 19:20 . 2001-10-26 17:29 5,632 --a------ c:\windows\system32\ptpusb.dll2009-01-09 18:26 . 2009-01-15 16:56 2,330,240 --a------ c:\windows\system32\TUKernel.exe2009-01-09 18:11 . 2009-01-09 18:11 603,904 --a------ c:\windows\system32\TUProgSt.exe2009-01-09 18:11 . 2009-01-09 18:11 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe2009-01-09 18:11 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll2009-01-09 18:09 . 2009-01-09 18:09 <DIR> d-------- c:\documents and settings\Bboy JOHN\Dane aplikacji\TuneUp Software2009-01-09 18:08 . 2009-01-18 13:34 <DIR> d-------- c:\program files\TuneUp Utilities 20092009-01-09 18:08 . 2009-01-09 18:08 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software2009-01-09 18:08 . 2009-01-09 18:08 <DIR> d--hs---- c:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}2009-01-09 17:29 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll2009-01-09 17:29 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll2009-01-09 17:29 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll2009-01-09 17:29 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll2009-01-09 17:29 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll2009-01-09 17:29 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll2009-01-09 17:29 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll2009-01-09 17:29 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll2009-01-09 17:29 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll2009-01-09 17:29 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll2009-01-09 17:29 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll2009-01-09 17:29 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll2009-01-09 17:28 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll2009-01-09 17:27 . 2009-01-09 17:27 <DIR> d----c--- c:\windows\system32\DRVSTORE2009-01-09 17:27 . 2009-01-09 17:27 <DIR> d-------- c:\windows\system32\AGEIA2009-01-09 17:27 . 2009-01-18 12:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard2009-01-09 17:27 . 2009-01-09 17:27 <DIR> d-------- c:\program files\AGEIA Technologies2009-01-06 16:05 . 2009-01-06 16:05 <DIR> d-------- c:\program files\Microsoft Works2009-01-06 16:04 . 2009-01-06 16:04 <DIR> d-------- c:\program files\Microsoft.NET2009-01-06 16:01 . 2009-01-06 16:02 <DIR> d-------- c:\windows\SHELLNEW2009-01-06 16:00 . 2009-01-06 16:06 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-01-04 20:38 . 2009-01-19 12:34 <DIR> d-------- c:\program files\BearShare2009-01-04 20:38 . 2009-01-18 12:48 <DIR> d-------- C:\My Downloads2009-01-03 17:39 . 2003-06-23 02:44 1,415,680 --a------ c:\windows\system32\WMV9VCM.dll2009-01-03 17:39 . 2002-07-08 00:14 1,294,336 --a------ c:\windows\system32\vorbis.acm2009-01-03 17:39 . 2006-04-06 20:11 1,044,480 --a------ c:\windows\system32\libdivx.dll2009-01-03 17:39 . 2004-01-27 13:53 1,024,000 --a------ c:\windows\system32\3ivx.dll2009-01-03 17:39 . 2006-04-22 22:11 568,850 --a------ c:\windows\system32\x264vfw.dll2009-01-03 17:39 . 2004-01-27 13:53 286,720 --a------ c:\windows\system32\3ivxVfWCodec.dll2009-01-03 17:39 . 2006-04-06 20:11 200,704 --a------ c:\windows\system32\ssldivx.dll2009-01-03 17:39 . 2006-04-08 03:13 200,704 --a------ c:\windows\system32\dtu100.dll2008-12-29 21:49 . 2008-12-29 21:49 61 --a------ c:\windows\sbwin.ini2008-12-29 21:44 . 2008-12-29 21:44 <DIR> d--h----- c:\program files\Creative Installation Information2008-12-29 21:44 . 2008-12-29 21:44 <DIR> d-------- c:\program files\Common Files\Creative2008-12-29 21:22 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd2008-12-29 14:14 . 2008-12-29 14:18 <DIR> d-------- c:\documents and settings\Bboy JOHN\Dane aplikacji\Creative2008-12-29 14:12 . 1999-12-13 01:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE2008-12-29 14:12 . 1999-11-18 01:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE2008-12-29 13:40 . 2009-01-19 12:32 10 --a------ c:\windows\system32\ANIWZCSUSERNAME{82077103-8204-4861-96EE-79973A067800}2008-12-29 12:46 . 2008-04-14 22:50 21,504 --a------ c:\windows\system32\hidserv.dll2008-12-29 12:46 . 2008-04-14 22:50 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll2008-12-29 12:45 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys2008-12-29 12:45 . 2008-04-14 00:15 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys2008-12-29 12:45 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys2008-12-29 12:45 . 2008-04-14 00:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys2008-12-28 18:55 . 2009-01-18 15:33 2,073 --a------ c:\windows\bestplayer.ini2008-12-28 18:55 . 2009-01-18 15:33 375 --a------ c:\windows\bestplayer.bbt2008-12-28 18:55 . 2009-01-18 15:33 55 --a------ c:\windows\bestplayer.bpp2008-12-26 16:47 . 2008-12-26 16:47 <DIR> dr-h----- c:\documents and settings\Bboy JOHN\Dane aplikacji\SecuROM2008-12-26 14:48 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll2008-12-26 14:48 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll2008-12-26 14:48 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll2008-12-26 14:48 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll2008-12-26 14:48 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll2008-12-26 14:48 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll2008-12-26 14:48 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll2008-12-26 14:47 . 2008-12-26 14:47 <DIR> d-------- c:\windows\Logs2008-12-26 14:46 . 2008-12-26 14:46 2,250,024 --a------ c:\windows\system32\pbsvc.exe2008-12-26 14:46 . 2008-12-26 14:46 107,832 --a------ c:\windows\system32\PnkBstrB.exe2008-12-26 14:46 . 2008-12-26 14:46 66,872 --a------ c:\windows\system32\PnkBstrA.exe2008-12-26 14:46 . 2008-12-26 14:46 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys2008-12-26 14:46 . 2008-12-26 14:46 22,328 --a------ c:\documents and settings\Bboy JOHN\Dane aplikacji\PnkBstrK.sys2008-12-26 12:28 . 2008-12-26 12:28 <DIR> d-------- c:\program files\K-Lite Codec Pack2008-12-26 12:28 . 2006-04-06 20:11 3,596,288 --a------ c:\windows\system32\qt-dx331.dll2008-12-26 12:28 . 2008-07-04 07:34 860,160 --a------ c:\windows\system32\lameACM.acm.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-19 11:52 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP2009-01-18 17:25 --------- d-----w c:\program files\Spyware Doctor2009-01-17 21:11 --------- d--h--w c:\program files\InstallShield Installation Information2008-12-29 20:45 --------- d-----w c:\program files\Creative2008-12-29 12:01 409,600 ----a-w c:\windows\system32\wrap_oal.dll2008-12-29 12:01 114,688 ----a-w c:\windows\system32\OpenAL32.dll2008-12-26 11:31 --------- d-----w c:\program files\Common Files\InstallShield2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE2008-12-21 15:20 --------- d-----w c:\documents and settings\Bboy JOHN\Dane aplikacji\DAEMON Tools Pro2008-12-21 15:20 --------- d-----w c:\documents and settings\Bboy JOHN\Dane aplikacji\DAEMON Tools Lite2008-12-21 15:20 --------- d-----w c:\documents and settings\Bboy JOHN\Dane aplikacji\DAEMON Tools2008-12-21 15:19 --------- d-----w c:\program files\DAEMON Tools Toolbar2008-12-21 15:19 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite2008-12-21 14:58 717,296 ----a-w c:\windows\system32\drivers\sptd.sys2008-12-21 14:57 --------- d-----w c:\documents and settings\Bboy JOHN\Dane aplikacji\PC Tools2008-12-21 14:38 --------- d-----w c:\program files\Intel2008-12-21 14:35 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles2008-12-21 14:27 --------- d-----w c:\program files\microsoft frontpage2008-12-21 14:23 --------- d-----w c:\program files\Usługi online2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite"="g:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2006-02-17 2396160]"Google Update"="c:\documents and settings\Bboy JOHN\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-12-21 133104]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 68856]"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]"cbvcs"="c:\windows\system32\urretnd.exe" [2009-01-18 107289]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]"cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-19 108753][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]"D-Link AirPlus G"="g:\program files\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]"RemoteControl8"="g:\program files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]"PDVD8LanguageShortcut"="g:\program files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe" [2007-12-14 50472]"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]"AvMenu"="g:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2009-01-18 514568]"ABRegmon"="g:\program files\ArcaBit\ArcaVir\ABregmon.exe" [2007-10-23 348160]"ArcaCheck"="g:\program files\ArcaBit\ArcaVir\ArcaCheck.exe" [2009-01-18 630784]"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\Bboy JOHN\Menu Start\Programy\Autostart\Spyware Doctor Updater.exe [2008-10-30 29228]Stardock ObjectDock.lnk - g:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-12-21 3444008][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2008-04-14 78848][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"UIHost"="c:\documents and settings\All Users\Dane aplikacji\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.X264"= x264vfw.dll"VIDC.3iv2"= 3ivxVfWCodec.dll"MSACM.CEGSM"= mobilev.acm[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="e:\\Program Files\\Counter-Strike 1.6\\hl.exe"="g:\\Program Files\\uTorrent\\uTorrent.exe"="g:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"="g:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"="g:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"="g:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="g:\\Program Files\\THQ\\Saints Row 2\\SR2_pc.exe"="c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]R1 ABTDI;ABTDI;g:\program files\ArcaBit\ArcaVir\ABTDI.sys [2008-02-26 51208]R3 ABFLT;ArcaBit File Monitor Driver;g:\progra~1\ArcaBit\ArcaVir\ABFLT.sys [2007-12-10 37896]R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;g:\program files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2008-01-30 200704]R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};g:\program files\CyberLink\PowerDVD8\PowerDVD8\[u]0[/u]00.fcl [2008-10-07 20:31:38 61424]R4 ABFileMon;ArcaBit FileMonitor;g:\program files\ArcaBit\ArcaVir\FileMonSV.exe [2008-05-14 158216]R4 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;g:\program files\ArcaBit\Common\taskscheduler.exe [2007-10-25 151552]R4 AVUpdate;ArcaBit Update Service;g:\progra~1\ArcaBit\ARCAUP~1\update.exe [2008-03-29 117256]R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-09 603904]S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;g:\program files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2008-01-30 241664]S3 EJFKLXG;EJFKLXG;c:\docume~1\BBOYJO~1\USTAWI~1\Temp\EJFKLXG.exe --> c:\docume~1\BBOYJO~1\USTAWI~1\Temp\EJFKLXG.exe [?]S3 EQBDCKJ;EQBDCKJ;c:\docume~1\BBOYJO~1\USTAWI~1\Temp\EQBDCKJ.exe --> c:\docume~1\BBOYJO~1\USTAWI~1\Temp\EQBDCKJ.exe [?]S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\BBOYJO~1\USTAWI~1\Temp\RarSFX5\kerneld.wnt --> c:\docume~1\BBOYJO~1\USTAWI~1\Temp\RarSFX5\kerneld.wnt [?]S3 GEPG;GEPG;c:\docume~1\BBOYJO~1\USTAWI~1\Temp\GEPG.exe --> c:\docume~1\BBOYJO~1\USTAWI~1\Temp\GEPG.exe [?]S3 JGKLOHHS;JGKLOHHS;c:\docume~1\BBOYJO~1\USTAWI~1\Temp\JGKLOHHS.exe --> c:\docume~1\BBOYJO~1\USTAWI~1\Temp\JGKLOHHS.exe [?]S3 JZ;JZ;c:\docume~1\BBOYJO~1\USTAWI~1\Temp\JZ.exe --> c:\docume~1\BBOYJO~1\USTAWI~1\Temp\JZ.exe [?]S3 RB;RB;c:\docume~1\BBOYJO~1\USTAWI~1\Temp\RB.exe --> c:\docume~1\BBOYJO~1\USTAWI~1\Temp\RB.exe [?]S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-21 356920]S3 WWHBBNRHV;WWHBBNRHV;c:\docume~1\BBOYJO~1\USTAWI~1\Temp\WWHBBNRHV.exe --> c:\docume~1\BBOYJO~1\USTAWI~1\Temp\WWHBBNRHV.exe [?]--- Inne Usługi/Sterowniki w Pamięci ---*Deregistered* - mchInjDrvHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41c3911d-cfa3-11dd-8ffe-001cf01291b6}]\Shell\AutoRun\command - K:\j60osk9.cmd\Shell\open\Command - K:\j60osk9.cmd[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb8bcd0a-d509-11dd-902d-001cf01291b6}]\Shell\AutoRun\command - K:\v63enh.exe\Shell\open\Command - K:\v63enh.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3f24d9a-d068-11dd-9007-001cf01291b6}]\Shell\AutoRun\command - K:\982um3s9.exe\Shell\open\Command - K:\982um3s9.exe.Zawartość folderu 'Zaplanowane zadania'2009-01-19 c:\windows\Tasks\1-Click Maintenance.job- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]2009-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2000478354-839522115-1003.job- c:\documents and settings\Bboy JOHN\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-12-21 19:08].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe.------- Skan uzupełniający -------.uStart Page = hxxp://google.bearshare.com/pl/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &Download All by FlashGet - g:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htmIE: &Download by FlashGet - g:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htmIE: E&ksportuj do programu Microsoft Excel - g:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - g:\program files\ArcaBit\WebExtensions\ie\ArcaIEExt.dllc:\windows\Downloaded Program Files\CTSUEng.ocx - c:\windows\Downloaded Program Files\CTSUEngn.ocxO16 -: {6C269571-C6D7-4818-BCA4-32A035E8C884}hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cabc:\windows\Downloaded Program Files\CTSUEng.inf.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-19 12:56:57Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R??9~0?6~????*?6~??7~?w??w?8~????m???????????????????h???h?????????7~w?8~????m???????????????????k!?sw?8~????m?????????>w??????6~??f???????6~??????>w??6~???????s??????9~??6~??????6~??>w*?????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]"ImagePath"="\??\c:\docume~1\BBOYJO~1\USTAWI~1\Temp\RarSFX5\kerneld.wnt"[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]"ImagePath"="\??\g:\program files\CyberLink\PowerDVD8\PowerDVD8\[u]0[/u]00.fcl".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1960408961-2000478354-839522115-1003\Software\SecuROM\License information*]"datasecu"=hex:d6,d8,96,9f,2a,da,74,f4,34,2f,e1,d2,5c,a9,91,7d,de,2a,93,77,68, d1,e9,8d,dd,31,a0,b6,76,1a,9b,46,d4,a0,a6,85,59,8f,c1,24,5a,71,21,dc,59,a1,\"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb.Czas ukończenia: 2009-01-19 12:58:21ComboFix-quarantined-files.txt 2009-01-19 11:58:18ComboFix2.txt 2009-01-19 11:20:19Przed: 821 915 648 bajtów wolnychPo: 849,326,080 bajtów wolnych319 --- E O F --- 2009-01-15 13:31:14[/size] Edytowane 19 Stycznia 2009 przez Kolobos Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 19 Stycznia 2009 Zgłoś Opublikowano 19 Stycznia 2009 Podlacz zainfekowane nosniki i uzyj Flash Disinfector. Odinstaluj ArcaVir i zainstaluj Avire. Uzyj takiego CFScript.txt z combofix.exe: Driver:: EJFKLXG EQBDCKJ EverestDriver GEPG JGKLOHHS JZ RB WWHBBNRHV File:: c:\windows\system32\nmdfgds1.dll c:\windows\system32\optyhww1.dll c:\windows\system32\nmdfgds2.dll c:\windows\system32\optyhww2.dll c:\windows\system32\olhrwef.exe c:\windows\system32\urretnd.exe c:\windows\system32\optyhww0.dll c:\windows\system32\nmdfgds0.dll c:\windows\AhnRpta.exe c:\windows\system32\afmain0.dll c:\windows\system32\afmain1.dll c:\windows\system32\afmain2.dll C:\v63enh.exe C:\982um3s9.exe C:\lel3cx.com D:\v63enh.exe D:\982um3s9.exe D:\lel3cx.com E:\v63enh.exe E:\982um3s9.exe E:\lel3cx.com F:\v63enh.exe F:\982um3s9.exe F:\lel3cx.com G:\v63enh.exe G:\982um3s9.exe G:\lel3cx.com Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cbvcs"=- "cdoosoft"=- [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41c3911d-cfa3-11dd-8ffe-001cf01291b6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb8bcd0a-d509-11dd-902d-001cf01291b6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3f24d9a-d068-11dd-9007-001cf01291b6}] Po wykonaniu daj nowy log. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
