Skocz do zawartości
Zaloguj się, aby obserwować  
mendelmax

Prawdopodobnie trojan?

Polecane posty

Witam wszystkich i proszę serdecznie o pomoc. Parę dni temu zrobiłem coś czego nigdy nie robię- odruchowo otwarłem nieznany plik exe. Ten oto plik nazywający się core10k spowodował mrugnięcie ekranu na szaro po czym znikł.

 

Od tego czasu, przy każdym otwarciu Google Chrome otwiera mi się w nowym oknie pusta strona http://rts.pgmediaserve.com/5d432f6384/

Nie zauważyłem aby otwierała się ona przy włączaniu internet explorera.

 

Niestety w google nie znalazłem żadnego wyjaśnienia problemu, ani wyszukując nazwę samej aplikacji, ani konkretnie tej strony. Nie mam pojęcia jak namierzyć ten problem, gdyż w procesach w managerze zadań nie znalazłem nic co przykułoby moją uwagę.

 

Skanowanie AVG nie przyniosło żadnych wyników, zarówno po skanowaniu całego kompa jak i samego pliku który podejrzewam o infekcję.

 

System mój to Windows 7. Zgodnie z zaleceniami forum, log z DDS:

 

.DDS (Ver_2011-06-03.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Maciek at 11:00:55 on 2011-06-09Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.4095.2121 [GMT 2:00].AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG10\avgchsva.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\lxdwcoms.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files\P4G\BatteryLife.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exeC:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\AVG\AVG10\avgnsa.exeC:\Program Files (x86)\AVG\AVG10\avgemca.exeC:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exeC:\Windows\system32\conhost.exeC:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exeC:\Program Files (x86)\Lexmark 7600 Series\ezprint.exeC:\Program Files (x86)\Steam\steam.exeC:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exeC:\Program Files (x86)\ASUS\ATK Media\DMedia.exeC:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exeC:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exeC:\Program Files (x86)\AVG\AVG10\avgtray.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\CyberLink\Shared files\brs.exeC:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\PROGRA~2\AVG\AVG10\avgrsa.exeC:\Program Files (x86)\AVG\AVG10\avgcsrva.exeC:\Program Files (x86)\AVG\AVG10\avgsrmax.exeC:\Windows\SysWOW64\rundll32.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\taskmgr.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Maciek\Downloads\wh3kw2kn.exeC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\splwow64.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllmWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllBHO: Lexmark : {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dllBHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dlluRun: [Google Update] "C:\Users\Maciek\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [<NO NAME>] uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -traymRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exemRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exemRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exemRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startupmRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exemRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exemRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"StartupFolder: C:\Users\Maciek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1 192.168.1.1TCP: Interfaces\{8FAE5020-152B-4FE6-9338-47E588EE48F0} : DhcpNameServer = 192.168.1.1 192.168.1.1Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL{18DF081C-E8AD-4283-A596-FA578C2EBDC3}{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}{A3BC75A2-1F87-4686-AA43-5347D756017C}{D2C5E510-BE6D-42CC-9F61-E4F939078474}{DBC80044-A445-435b-BC74-9C25C1C588A9}{CCC7A320-B3CA-4199-B1A6-9F516DD69829}mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exemRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exemRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exemRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startupmRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exemRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exemRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0".============= SERVICES / DRIVERS ===============.R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/06/06 01:52:24];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 146928]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]R2 lxdw_device;lxdw_device;C:\Windows\system32\lxdwcoms.exe -service --> C:\Windows\system32\lxdwcoms.exe -service [?]R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]S2 CLKMSVC10_90970B6B;CyberLink Product - 2011/06/06 01:53:29;C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [2010-11-9 246256]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Usługa Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-2 136176]S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdwserv.exe [2011-6-2 33960]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-6-1 984392]S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2011-06-08 20:57:18	--------	d-----w-	C:\Program Files (x86)\YouTube Downloader2011-06-07 19:56:32	--------	d-----w-	C:\Users\Maciek\AppData\Local\Diagnostics2011-06-06 06:38:15	--------	d-----w-	C:\Users\Maciek\AppData\Local\Power2Go2011-06-05 23:54:50	77824	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll2011-06-05 23:54:50	32768	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll2011-06-05 23:54:50	225280	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll2011-06-05 23:54:50	176128	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll2011-06-05 23:54:48	610436	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe2011-06-05 23:50:23	29480	----a-w-	C:\Windows\SysWow64\msxml3a.dll2011-06-05 23:50:22	505128	----a-w-	C:\Windows\SysWow64\msvcp71.dll2011-06-05 23:50:22	353576	----a-w-	C:\Windows\SysWow64\msvcr71.dll2011-06-05 23:45:19	--------	d-----w-	C:\Users\Maciek\AppData\Local\Cyberlink2011-06-04 20:09:21	--------	d-----w-	C:\Users\Maciek\AppData\Roaming\VitySoft2011-06-02 19:36:11	--------	d-----w-	C:\ProgramData\Lx_cats2011-06-02 19:32:56	186880	----a-w-	C:\Windows\System32\Spool\prtprocs\x64\lxdwdrpp.dll2011-06-02 19:32:10	109056	----a-w-	C:\Windows\System32\lxdwvs.dll2011-06-02 19:30:58	987648	----a-w-	C:\Windows\System32\lxdwpmui.dll2011-06-02 19:29:02	--------	d-----w-	C:\Program Files\Lexmark 7600 Series2011-06-02 19:27:32	745984	----a-w-	C:\Windows\System32\lxdwcoin.dll2011-06-02 19:27:32	1462272	----a-w-	C:\Windows\System32\lxdwg.dll2011-06-02 19:27:27	--------	d-----w-	C:\drivers2011-06-02 19:26:02	--------	d-----w-	C:\Users\Maciek\AppData\Local\Adobe2011-06-02 10:41:40	42176	----a-w-	C:\Windows\System32\drivers\sncduvc.sys2011-06-02 10:41:40	386	----a-w-	C:\Windows\Uninstuxga.reg2011-06-02 10:41:40	386	----a-w-	C:\Windows\Uninstsxga.reg2011-06-02 10:41:40	384	----a-w-	C:\Windows\Uninstvga.reg2011-06-02 10:41:40	2266	----a-w-	C:\Windows\Uninstvga.bat2011-06-02 10:41:40	2008	----a-w-	C:\Windows\Uninstsxga.bat2011-06-02 10:41:40	19008	----a-w-	C:\Windows\DrvInst.exe2011-06-02 10:41:40	1806400	----a-w-	C:\Windows\System32\drivers\snp2uvc.sys2011-06-02 10:41:40	1682	----a-w-	C:\Windows\Uninstuxga.bat2011-06-02 10:38:18	--------	d-----w-	C:\ProgramData\Skype Extras2011-06-01 22:06:49	--------	d-----w-	C:\Windows\System32\SPReview2011-06-01 22:05:35	--------	d-----w-	C:\Windows\System32\EventProviders2011-06-01 22:02:59	90112	----a-w-	C:\Windows\SysWow64\olepro32.dll2011-06-01 22:00:56	577536	----a-w-	C:\Windows\System32\WSDApi.dll2011-06-01 21:59:48	7680	----a-w-	C:\Windows\System32\drivers\pl-PL\luafv.sys.mui2011-06-01 19:01:16	--------	d-----w-	C:\Program Files (x86)\MSXML 4.02011-06-01 18:54:42	83968	----a-w-	C:\Windows\System32\ff_vfw.dll2011-06-01 18:54:41	--------	d-----w-	C:\Program Files\ffdshow2011-06-01 18:45:43	--------	d-----r-	C:\Program Files (x86)\Skype2011-06-01 15:23:24	--------	d-----w-	C:\Users\Maciek\AppData\Roaming\AVG102011-06-01 13:45:46	--------	d--h--w-	C:\ProgramData\Common Files2011-06-01 13:45:40	--------	d-----w-	C:\ProgramData\AVG Security Toolbar2011-06-01 13:45:26	--------	d-----w-	C:\Windows\SysWow64\drivers\AVG2011-06-01 13:44:48	--------	d-----w-	C:\Windows\System32\drivers\AVG2011-06-01 13:44:48	--------	d-----w-	C:\ProgramData\AVG102011-06-01 13:44:01	--------	d-----w-	C:\Program Files (x86)\AVG2011-06-01 13:31:04	--------	d-----w-	C:\ProgramData\MFAData2011-06-01 09:25:13	--------	d-----w-	C:\ProgramData\NokiaAccount2011-06-01 09:22:02	--------	d-----w-	C:\Users\Maciek\AppData\Roaming\OpenOffice.org2011-06-01 09:18:25	--------	d-----w-	C:\Users\Maciek\AppData\Local\Nokia2011-06-01 09:17:22	--------	d-----w-	C:\Program Files (x86)\Common Files\Nokia2011-06-01 09:17:09	25600	----a-w-	C:\Windows\System32\drivers\pccsmcfdx64.sys2011-06-01 09:17:05	--------	d-----w-	C:\Program Files (x86)\PC Connectivity Solution2011-06-01 09:16:54	57856	----a-w-	C:\Windows\System32\nmwcdclsX64.dll2011-06-01 09:16:13	--------	d-----w-	C:\ProgramData\NokiaInstallerCache2011-06-01 09:16:13	--------	d-----w-	C:\Program Files (x86)\Nokia2011-06-01 09:10:43	--------	d-----w-	C:\Program Files (x86)\VideoLAN2011-06-01 08:52:46	--------	d-----w-	C:\Program Files (x86)\Winamp Detect2011-06-01 08:52:21	--------	d-----w-	C:\Program Files (x86)\Common Files\PX Storage Engine2011-06-01 08:26:20	--------	d-----w-	C:\Program Files (x86)\ASUS2011-06-01 08:16:12	--------	d-----w-	C:\ProgramData\P4G2011-06-01 08:16:12	--------	d-----w-	C:\Program Files\P4G2011-06-01 08:12:46	--------	d-----w-	C:\Program Files\Elantech2011-06-01 08:12:44	4638720	----a-w-	C:\Windows\System32\ETDUI.cpl2011-06-01 08:12:44	140800	----a-w-	C:\Windows\System32\drivers\ETD.sys2011-06-01 08:02:42	--------	d-----w-	C:\Program Files\MainConcept2011-06-01 07:43:39	--------	d-----w-	C:\Program Files (x86)\OpenOffice.org 32011-06-01 07:41:40	1048576	------w-	C:\N61Vn.BIN2011-06-01 07:41:38	408600	----a-w-	C:\Windows\System32\drivers\iaStor.sys2011-06-01 07:41:38	15416	----a-w-	C:\Windows\System32\drivers\kbfiltr.sys2011-06-01 07:41:37	15928	----a-w-	C:\Windows\System32\drivers\ATK64AMD.sys2011-06-01 07:38:51	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll2011-06-01 05:03:31	--------	d-----w-	C:\Users\Maciek\AppData\Local\Thunderbird2011-05-31 23:44:54	321024	----a-w-	C:\Windows\System32\d3d10_1core.dll2011-05-31 23:44:54	219136	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll2011-05-31 23:44:54	197120	----a-w-	C:\Windows\System32\d3d10_1.dll2011-05-31 23:44:54	161792	----a-w-	C:\Windows\SysWow64\d3d10_1.dll2011-05-31 23:44:29	31232	----a-w-	C:\Windows\SysWow64\prevhost.exe2011-05-31 23:44:29	31232	----a-w-	C:\Windows\System32\prevhost.exe2011-05-31 23:36:20	--------	d-sh--w-	C:\Windows\Installer2011-05-31 23:36:05	539168	----a-w-	C:\Windows\System32\nvuninst.exe2011-05-31 22:48:45	--------	d-----w-	C:\Windows\SysWow64\Wat2011-05-31 22:48:45	--------	d-----w-	C:\Windows\System32\Wat2011-05-31 22:41:51	90624	----a-w-	C:\Windows\System32\drivers\bowser.sys2011-05-31 22:41:51	287744	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys2011-05-31 22:41:51	158208	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys2011-05-31 22:41:51	128000	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys2011-05-31 22:38:29	--------	d-----w-	C:\Users\Maciek\AppData\Local\Google2011-05-31 22:38:13	--------	d-----w-	C:\Users\Maciek\AppData\Local\Deployment2011-05-31 22:38:13	--------	d-----w-	C:\Users\Maciek\AppData\Local\Apps2011-05-31 22:34:36	8718160	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DC39D33-4B3B-4991-82EB-00B4ACEEB1B7}\mpengine.dll2011-05-31 22:34:36	270720	------w-	C:\Windows\System32\MpSigStub.exe2011-05-31 22:31:33	294912	----a-w-	C:\Windows\System32\browserchoice.exe2011-05-31 22:30:00	976896	----a-w-	C:\Windows\System32\inetcomm.dll2011-05-31 22:30:00	741376	----a-w-	C:\Windows\SysWow64\inetcomm.dll2011-05-31 22:13:29	--------	d-----w-	C:\Users\Maciek\AppData\Local\VirtualStore.==================== Find3M  ====================.2011-06-01 22:15:43	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll2011-06-01 22:15:42	175616	----a-w-	C:\Windows\System32\msclmd.dll2011-06-01 08:01:39	956416	----a-w-	C:\Windows\System32\drivers\dvb7700all.sys2011-06-01 08:01:39	206848	----a-w-	C:\Windows\System32\avfcp.ax2011-04-22 22:15:29	27520	----a-w-	C:\Windows\System32\drivers\Diskdump.sys2011-04-14 19:28:24	118864	----a-w-	C:\Windows\System32\drivers\AVGIDSDriver.sys2011-04-09 07:02:55	5562240	----a-w-	C:\Windows\System32\ntoskrnl.exe2011-04-09 06:58:56	142336	----a-w-	C:\Windows\System32\poqexec.exe2011-04-09 06:02:25	3967872	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe2011-04-09 06:02:25	3912576	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe2011-04-09 05:56:38	123904	----a-w-	C:\Windows\SysWow64\poqexec.exe2011-04-04 22:59:54	377936	----a-w-	C:\Windows\System32\drivers\avgtdia.sys2011-03-16 14:03:18	37456	----a-w-	C:\Windows\System32\drivers\avgrkx64.sys2011-03-12 12:08:49	1465344	----a-w-	C:\Windows\System32\XpsPrint.dll2011-03-12 11:23:45	870912	----a-w-	C:\Windows\SysWow64\XpsPrint.dll.============= FINISH: 11:02:11,07 ===============

Oraz z GMER

 

GMER 1.0.15.15640 - [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]Rootkit scan 2011-06-09 12:00:28Windows 6.1.7601 Service Pack 1 Running: wh3kw2kn.exe---- Registry - GMER 1.0.15 ----Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c                      Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c@a87b3927ebd2         0x6C 0x6B 0x47 0x83 ...Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c (not active ControlSet)  Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c@a87b3927ebd2             0x6C 0x6B 0x47 0x83 ...---- EOF - GMER 1.0.15 ----
Edytowano przez mendelmax

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

O, chyba ten anti-malware to był dobry pomysł- znalazł zainfekowany plik w katalogach Chrome'a i wywalił go. Wskazał też na tego exe jako zainfekowany, więc wszystko wskazuje na to, że problem rozwiązany.

 

Co ciekawe korzystałem już z Malwarebytes wiele razy, a teraz najnormalniej w świecie o nim zapomniałem 8O

 

 

Będę obserwował czy problem nie wróci, jakby powrócił to dam znać! A jak narazie serdecznie dziękuję za ten pomysł 8O

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

Bądź aktywny! Zaloguj się lub utwórz konto

Tylko zarejestrowani użytkownicy mogą komentować zawartość tej strony

Utwórz konto

Zarejestruj nowe konto, to proste!

Zarejestruj nowe konto

Zaloguj się

Posiadasz własne konto? Użyj go!

Zaloguj się
Zaloguj się, aby obserwować  

Aktualności

Artykuły



×

Ważne informacje

Umieściliśmy pliki cookie na Twoim urządzeniu, aby pomóc Ci ulepszyć tę witrynę. Możesz dostosować ustawienia plików cookie, w przeciwnym razie zakładamy, że możesz kontynuować.