Skocz do zawartości
mendelmax

Prawdopodobnie trojan?

Rekomendowane odpowiedzi

Witam wszystkich i proszę serdecznie o pomoc. Parę dni temu zrobiłem coś czego nigdy nie robię- odruchowo otwarłem nieznany plik exe. Ten oto plik nazywający się core10k spowodował mrugnięcie ekranu na szaro po czym znikł.

 

Od tego czasu, przy każdym otwarciu Google Chrome otwiera mi się w nowym oknie pusta strona http://rts.pgmediaserve.com/5d432f6384/

Nie zauważyłem aby otwierała się ona przy włączaniu internet explorera.

 

Niestety w google nie znalazłem żadnego wyjaśnienia problemu, ani wyszukując nazwę samej aplikacji, ani konkretnie tej strony. Nie mam pojęcia jak namierzyć ten problem, gdyż w procesach w managerze zadań nie znalazłem nic co przykułoby moją uwagę.

 

Skanowanie AVG nie przyniosło żadnych wyników, zarówno po skanowaniu całego kompa jak i samego pliku który podejrzewam o infekcję.

 

System mój to Windows 7. Zgodnie z zaleceniami forum, log z DDS:

 

.DDS (Ver_2011-06-03.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Maciek at 11:00:55 on 2011-06-09Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.4095.2121 [GMT 2:00].AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG10\avgchsva.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\lxdwcoms.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files\P4G\BatteryLife.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exeC:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\AVG\AVG10\avgnsa.exeC:\Program Files (x86)\AVG\AVG10\avgemca.exeC:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exeC:\Windows\system32\conhost.exeC:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exeC:\Program Files (x86)\Lexmark 7600 Series\ezprint.exeC:\Program Files (x86)\Steam\steam.exeC:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exeC:\Program Files (x86)\ASUS\ATK Media\DMedia.exeC:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exeC:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exeC:\Program Files (x86)\AVG\AVG10\avgtray.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\CyberLink\Shared files\brs.exeC:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\PROGRA~2\AVG\AVG10\avgrsa.exeC:\Program Files (x86)\AVG\AVG10\avgcsrva.exeC:\Program Files (x86)\AVG\AVG10\avgsrmax.exeC:\Windows\SysWOW64\rundll32.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\taskmgr.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\Downloads\wh3kw2kn.exeC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\splwow64.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllmWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllBHO: Lexmark : {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dllBHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dlluRun: [Google Update] "C:\Users\Maciek\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [<NO NAME>] uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -traymRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exemRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exemRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exemRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startupmRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exemRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exemRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"StartupFolder: C:\Users\Maciek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1 192.168.1.1TCP: Interfaces\{8FAE5020-152B-4FE6-9338-47E588EE48F0} : DhcpNameServer = 192.168.1.1 192.168.1.1Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL{18DF081C-E8AD-4283-A596-FA578C2EBDC3}{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}{A3BC75A2-1F87-4686-AA43-5347D756017C}{D2C5E510-BE6D-42CC-9F61-E4F939078474}{DBC80044-A445-435b-BC74-9C25C1C588A9}{CCC7A320-B3CA-4199-B1A6-9F516DD69829}mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exemRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exemRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exemRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startupmRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exemRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exemRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0".============= SERVICES / DRIVERS ===============.R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/06/06 01:52:24];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 146928]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]R2 lxdw_device;lxdw_device;C:\Windows\system32\lxdwcoms.exe -service --> C:\Windows\system32\lxdwcoms.exe -service [?]R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]S2 CLKMSVC10_90970B6B;CyberLink Product - 2011/06/06 01:53:29;C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [2010-11-9 246256]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Usługa Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-2 136176]S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdwserv.exe [2011-6-2 33960]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-6-1 984392]S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2011-06-08 20:57:18	--------	d-----w-	C:\Program Files (x86)\YouTube Downloader2011-06-07 19:56:32	--------	d-----w-	C:\Users\Maciek\AppData\Local\Diagnostics2011-06-06 06:38:15	--------	d-----w-	C:\Users\Maciek\AppData\Local\Power2Go2011-06-05 23:54:50	77824	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll2011-06-05 23:54:50	32768	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll2011-06-05 23:54:50	225280	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll2011-06-05 23:54:50	176128	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll2011-06-05 23:54:48	610436	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe2011-06-05 23:50:23	29480	----a-w-	C:\Windows\SysWow64\msxml3a.dll2011-06-05 23:50:22	505128	----a-w-	C:\Windows\SysWow64\msvcp71.dll2011-06-05 23:50:22	353576	----a-w-	C:\Windows\SysWow64\msvcr71.dll2011-06-05 23:45:19	--------	d-----w-	C:\Users\Maciek\AppData\Local\Cyberlink2011-06-04 20:09:21	--------	d-----w-	C:\Users\Maciek\AppData\Roaming\VitySoft2011-06-02 19:36:11	--------	d-----w-	C:\ProgramData\Lx_cats2011-06-02 19:32:56	186880	----a-w-	C:\Windows\System32\Spool\prtprocs\x64\lxdwdrpp.dll2011-06-02 19:32:10	109056	----a-w-	C:\Windows\System32\lxdwvs.dll2011-06-02 19:30:58	987648	----a-w-	C:\Windows\System32\lxdwpmui.dll2011-06-02 19:29:02	--------	d-----w-	C:\Program Files\Lexmark 7600 Series2011-06-02 19:27:32	745984	----a-w-	C:\Windows\System32\lxdwcoin.dll2011-06-02 19:27:32	1462272	----a-w-	C:\Windows\System32\lxdwg.dll2011-06-02 19:27:27	--------	d-----w-	C:\drivers2011-06-02 19:26:02	--------	d-----w-	C:\Users\Maciek\AppData\Local\Adobe2011-06-02 10:41:40	42176	----a-w-	C:\Windows\System32\drivers\sncduvc.sys2011-06-02 10:41:40	386	----a-w-	C:\Windows\Uninstuxga.reg2011-06-02 10:41:40	386	----a-w-	C:\Windows\Uninstsxga.reg2011-06-02 10:41:40	384	----a-w-	C:\Windows\Uninstvga.reg2011-06-02 10:41:40	2266	----a-w-	C:\Windows\Uninstvga.bat2011-06-02 10:41:40	2008	----a-w-	C:\Windows\Uninstsxga.bat2011-06-02 10:41:40	19008	----a-w-	C:\Windows\DrvInst.exe2011-06-02 10:41:40	1806400	----a-w-	C:\Windows\System32\drivers\snp2uvc.sys2011-06-02 10:41:40	1682	----a-w-	C:\Windows\Uninstuxga.bat2011-06-02 10:38:18	--------	d-----w-	C:\ProgramData\Skype Extras2011-06-01 22:06:49	--------	d-----w-	C:\Windows\System32\SPReview2011-06-01 22:05:35	--------	d-----w-	C:\Windows\System32\EventProviders2011-06-01 22:02:59	90112	----a-w-	C:\Windows\SysWow64\olepro32.dll2011-06-01 22:00:56	577536	----a-w-	C:\Windows\System32\WSDApi.dll2011-06-01 21:59:48	7680	----a-w-	C:\Windows\System32\drivers\pl-PL\luafv.sys.mui2011-06-01 19:01:16	--------	d-----w-	C:\Program Files (x86)\MSXML 4.02011-06-01 18:54:42	83968	----a-w-	C:\Windows\System32\ff_vfw.dll2011-06-01 18:54:41	--------	d-----w-	C:\Program Files\ffdshow2011-06-01 18:45:43	--------	d-----r-	C:\Program Files (x86)\Skype2011-06-01 15:23:24	--------	d-----w-	C:\Users\Maciek\AppData\Roaming\AVG102011-06-01 13:45:46	--------	d--h--w-	C:\ProgramData\Common Files2011-06-01 13:45:40	--------	d-----w-	C:\ProgramData\AVG Security Toolbar2011-06-01 13:45:26	--------	d-----w-	C:\Windows\SysWow64\drivers\AVG2011-06-01 13:44:48	--------	d-----w-	C:\Windows\System32\drivers\AVG2011-06-01 13:44:48	--------	d-----w-	C:\ProgramData\AVG102011-06-01 13:44:01	--------	d-----w-	C:\Program Files (x86)\AVG2011-06-01 13:31:04	--------	d-----w-	C:\ProgramData\MFAData2011-06-01 09:25:13	--------	d-----w-	C:\ProgramData\NokiaAccount2011-06-01 09:22:02	--------	d-----w-	C:\Users\Maciek\AppData\Roaming\OpenOffice.org2011-06-01 09:18:25	--------	d-----w-	C:\Users\Maciek\AppData\Local\Nokia2011-06-01 09:17:22	--------	d-----w-	C:\Program Files (x86)\Common Files\Nokia2011-06-01 09:17:09	25600	----a-w-	C:\Windows\System32\drivers\pccsmcfdx64.sys2011-06-01 09:17:05	--------	d-----w-	C:\Program Files (x86)\PC Connectivity Solution2011-06-01 09:16:54	57856	----a-w-	C:\Windows\System32\nmwcdclsX64.dll2011-06-01 09:16:13	--------	d-----w-	C:\ProgramData\NokiaInstallerCache2011-06-01 09:16:13	--------	d-----w-	C:\Program Files (x86)\Nokia2011-06-01 09:10:43	--------	d-----w-	C:\Program Files (x86)\VideoLAN2011-06-01 08:52:46	--------	d-----w-	C:\Program Files (x86)\Winamp Detect2011-06-01 08:52:21	--------	d-----w-	C:\Program Files (x86)\Common Files\PX Storage Engine2011-06-01 08:26:20	--------	d-----w-	C:\Program Files (x86)\ASUS2011-06-01 08:16:12	--------	d-----w-	C:\ProgramData\P4G2011-06-01 08:16:12	--------	d-----w-	C:\Program Files\P4G2011-06-01 08:12:46	--------	d-----w-	C:\Program Files\Elantech2011-06-01 08:12:44	4638720	----a-w-	C:\Windows\System32\ETDUI.cpl2011-06-01 08:12:44	140800	----a-w-	C:\Windows\System32\drivers\ETD.sys2011-06-01 08:02:42	--------	d-----w-	C:\Program Files\MainConcept2011-06-01 07:43:39	--------	d-----w-	C:\Program Files (x86)\OpenOffice.org 32011-06-01 07:41:40	1048576	------w-	C:\N61Vn.BIN2011-06-01 07:41:38	408600	----a-w-	C:\Windows\System32\drivers\iaStor.sys2011-06-01 07:41:38	15416	----a-w-	C:\Windows\System32\drivers\kbfiltr.sys2011-06-01 07:41:37	15928	----a-w-	C:\Windows\System32\drivers\ATK64AMD.sys2011-06-01 07:38:51	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll2011-06-01 05:03:31	--------	d-----w-	C:\Users\Maciek\AppData\Local\Thunderbird2011-05-31 23:44:54	321024	----a-w-	C:\Windows\System32\d3d10_1core.dll2011-05-31 23:44:54	219136	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll2011-05-31 23:44:54	197120	----a-w-	C:\Windows\System32\d3d10_1.dll2011-05-31 23:44:54	161792	----a-w-	C:\Windows\SysWow64\d3d10_1.dll2011-05-31 23:44:29	31232	----a-w-	C:\Windows\SysWow64\prevhost.exe2011-05-31 23:44:29	31232	----a-w-	C:\Windows\System32\prevhost.exe2011-05-31 23:36:20	--------	d-sh--w-	C:\Windows\Installer2011-05-31 23:36:05	539168	----a-w-	C:\Windows\System32\nvuninst.exe2011-05-31 22:48:45	--------	d-----w-	C:\Windows\SysWow64\Wat2011-05-31 22:48:45	--------	d-----w-	C:\Windows\System32\Wat2011-05-31 22:41:51	90624	----a-w-	C:\Windows\System32\drivers\bowser.sys2011-05-31 22:41:51	287744	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys2011-05-31 22:41:51	158208	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys2011-05-31 22:41:51	128000	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys2011-05-31 22:38:29	--------	d-----w-	C:\Users\Maciek\AppData\Local\Google2011-05-31 22:38:13	--------	d-----w-	C:\Users\Maciek\AppData\Local\Deployment2011-05-31 22:38:13	--------	d-----w-	C:\Users\Maciek\AppData\Local\Apps2011-05-31 22:34:36	8718160	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DC39D33-4B3B-4991-82EB-00B4ACEEB1B7}\mpengine.dll2011-05-31 22:34:36	270720	------w-	C:\Windows\System32\MpSigStub.exe2011-05-31 22:31:33	294912	----a-w-	C:\Windows\System32\browserchoice.exe2011-05-31 22:30:00	976896	----a-w-	C:\Windows\System32\inetcomm.dll2011-05-31 22:30:00	741376	----a-w-	C:\Windows\SysWow64\inetcomm.dll2011-05-31 22:13:29	--------	d-----w-	C:\Users\Maciek\AppData\Local\VirtualStore.==================== Find3M  ====================.2011-06-01 22:15:43	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll2011-06-01 22:15:42	175616	----a-w-	C:\Windows\System32\msclmd.dll2011-06-01 08:01:39	956416	----a-w-	C:\Windows\System32\drivers\dvb7700all.sys2011-06-01 08:01:39	206848	----a-w-	C:\Windows\System32\avfcp.ax2011-04-22 22:15:29	27520	----a-w-	C:\Windows\System32\drivers\Diskdump.sys2011-04-14 19:28:24	118864	----a-w-	C:\Windows\System32\drivers\AVGIDSDriver.sys2011-04-09 07:02:55	5562240	----a-w-	C:\Windows\System32\ntoskrnl.exe2011-04-09 06:58:56	142336	----a-w-	C:\Windows\System32\poqexec.exe2011-04-09 06:02:25	3967872	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe2011-04-09 06:02:25	3912576	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe2011-04-09 05:56:38	123904	----a-w-	C:\Windows\SysWow64\poqexec.exe2011-04-04 22:59:54	377936	----a-w-	C:\Windows\System32\drivers\avgtdia.sys2011-03-16 14:03:18	37456	----a-w-	C:\Windows\System32\drivers\avgrkx64.sys2011-03-12 12:08:49	1465344	----a-w-	C:\Windows\System32\XpsPrint.dll2011-03-12 11:23:45	870912	----a-w-	C:\Windows\SysWow64\XpsPrint.dll.============= FINISH: 11:02:11,07 ===============

Oraz z GMER

 

GMER 1.0.15.15640 - [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]Rootkit scan 2011-06-09 12:00:28Windows 6.1.7601 Service Pack 1 Running: wh3kw2kn.exe---- Registry - GMER 1.0.15 ----Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c                      Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c@a87b3927ebd2         0x6C 0x6B 0x47 0x83 ...Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c (not active ControlSet)  Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c@a87b3927ebd2             0x6C 0x6B 0x47 0x83 ...---- EOF - GMER 1.0.15 ----
Edytowane przez mendelmax

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

O, chyba ten anti-malware to był dobry pomysł- znalazł zainfekowany plik w katalogach Chrome'a i wywalił go. Wskazał też na tego exe jako zainfekowany, więc wszystko wskazuje na to, że problem rozwiązany.

 

Co ciekawe korzystałem już z Malwarebytes wiele razy, a teraz najnormalniej w świecie o nim zapomniałem 8O

 

 

Będę obserwował czy problem nie wróci, jakby powrócił to dam znać! A jak narazie serdecznie dziękuję za ten pomysł 8O

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Dołącz do dyskusji

Możesz dodać zawartość już teraz a zarejestrować się później. Jeśli posiadasz już konto, zaloguj się aby dodać zawartość za jego pomocą.

Gość
Dodaj odpowiedź do tematu...

×   Wklejono zawartość z formatowaniem.   Przywróć formatowanie

  Dozwolonych jest tylko 75 emoji.

×   Odnośnik został automatycznie osadzony.   Przywróć wyświetlanie jako odnośnik

×   Przywrócono poprzednią zawartość.   Wyczyść edytor

×   Nie możesz bezpośrednio wkleić grafiki. Dodaj lub załącz grafiki z adresu URL.

Ładowanie


×
×
  • Dodaj nową pozycję...