złapałem jakieś robaki typu WIN32:Trojano-1165 oraz Win32:Trojan-gen (czy jakoś tak). Proszę o pomoc w usunięciu tych robactw. Poniżej logi.
- Kod: Zaznacz wszystko
ComboFix 08-08-14.05 - CZESŁAW 2008-08-15 20:00:06.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1045.18.1124 [GMT 2:00]
Running from: C:\Users\CZESŁAW\Downloads\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.
2008-08-15 00:31 . 2008-08-15 00:31 <DIR> d-------- C:\Users\All Users\ESET
2008-08-15 00:31 . 2008-08-15 00:31 <DIR> d-------- C:\ProgramData\ESET
2008-08-14 23:37 . 2008-08-14 23:37 0 --ah----- C:\ntuser.dat.LOG2
2008-08-14 23:37 . 2008-08-14 23:37 0 --ah----- C:\ntuser.dat.LOG1
2008-08-14 23:37 . 2008-08-14 23:37 0 --a------ C:\ntuser.dat
2008-08-14 23:11 . 2008-08-14 23:11 <DIR> d-------- C:\VundoFix Backups
2008-07-24 22:46 . 2008-07-24 22:46 <DIR> d-------- C:\Program Files\Intel
2008-07-24 22:46 . 1998-11-18 16:33 144,384 --a------ C:\Windows\System32\Iacenc.dll
2008-07-24 22:46 . 1997-06-13 08:56 56,832 --a------ C:\Windows\System32\Iyvu9_32.dll
2008-07-24 22:42 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-07-24 22:40 . 2008-07-24 22:40 <DIR> d-------- C:\Windows\solcache
2008-07-24 16:52 . 2008-07-24 16:52 <DIR> d-------- C:\Users\CZESŁAW\AppData\Roaming\EnchantedCavern
2008-07-24 16:51 . 2008-07-24 16:51 <DIR> d-------- C:\Windows\Enchanted Cavern
2008-07-24 16:45 . 2008-07-24 16:45 <DIR> d-------- C:\Users\CZESŁAW\AppData\Roaming\iWin
2008-07-24 07:16 . 2008-07-24 14:07 <DIR> d-------- C:\Users\CZESŁAW\AppData\Roaming\Ahead
2008-07-23 23:41 . 2008-07-24 00:40 <DIR> d-------- C:\Users\CZESŁAW\AppData\Roaming\skypePM
2008-07-23 23:41 . 2008-07-23 23:41 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-07-23 23:41 . 2008-07-23 23:41 56 --ah----- C:\ProgramData\ezsidmv.dat
2008-07-23 23:37 . 2008-07-24 07:15 <DIR> d-------- C:\Users\CZESŁAW\AppData\Roaming\Skype
2008-07-23 23:36 . 2008-07-23 23:36 <DIR> d-------- C:\Users\All Users\Skype
2008-07-23 23:36 . 2008-07-23 23:36 <DIR> d-------- C:\ProgramData\Skype
2008-07-23 23:36 . 2008-07-23 23:36 <DIR> d-------- C:\Program Files\Skype
2008-07-23 23:36 . 2008-07-23 23:36 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-23 23:21 . 2008-08-14 19:00 <DIR> d-------- C:\Windows\BDOSCAN8
2008-07-23 22:47 . 2008-07-23 22:47 <DIR> d-------- C:\Users\CZESŁAW\AppData\Roaming\TuneUp Software
2008-07-23 22:47 . 2008-07-23 22:47 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-07-23 22:47 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-07-23 22:47 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-07-23 22:46 . 2008-07-23 22:46 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-07-23 22:46 . 2008-07-23 22:46 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-07-23 22:46 . 2008-07-23 22:47 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-23 22:46 . 2008-07-23 22:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 22:35 . 2008-08-15 18:59 <DIR> d-------- C:\AZEREK
2008-07-23 22:34 . 2008-08-15 19:56 <DIR> d-------- C:\Users\CZESŁAW\AppData\Roaming\uTorrent
2008-07-23 22:34 . 2008-07-23 22:34 <DIR> d-------- C:\Program Files\uTorrent
2008-07-21 19:22 . 2008-06-26 02:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-21 19:22 . 2008-06-26 02:33 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-21 19:20 . 2008-06-26 02:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll
2008-07-20 23:44 . 2004-03-22 16:17 24,816 --a------ C:\Windows\System32\mdimon.dll
2008-07-20 23:44 . 2008-07-20 23:44 412 --a------ C:\Windows\ODBC.INI
2008-07-20 23:37 . 2008-07-20 23:40 <DIR> d-------- C:\Windows\SHELLNEW
2008-07-20 23:36 . 2008-07-20 23:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-20 23:04 . 2008-07-20 23:04 0 --a------ C:\Windows\nsreg.dat
2008-07-20 22:51 . 2000-07-17 14:41 70,088 --a------ C:\Windows\System32\Project2-1.ocx
2008-07-20 22:31 . 2008-07-20 22:31 <DIR> d-------- C:\Windows\System32\Macromed
2008-07-20 20:28 . 2008-07-20 22:15 168 --a------ C:\Windows\adidsl.ini
2008-07-20 20:28 . 2008-07-20 20:28 21 --a------ C:\Windows\Fast800.ini
2008-07-20 20:23 . 2008-07-20 20:23 <DIR> d-------- C:\Users\CZESŁAW\AppData\Roaming\InstallShield
2008-07-20 20:23 . 2008-07-20 20:23 <DIR> d-------- C:\Program Files\SAGEM
2008-07-20 20:01 . 2008-08-15 17:43 65,536 --------- C:\Windows\System32\Ikeext.etl
2008-07-20 19:44 . 2008-07-20 20:28 990 --a------ C:\Windows\adiras.ini
2008-07-20 19:22 . 2008-06-30 17:13 242,704 --a------ C:\Windows\System32\drivers\afwcore.sys
2008-07-20 19:20 . 2008-08-15 18:43 <DIR> d-------- C:\Windows\System32\Filt
2008-07-20 19:20 . 2008-07-20 19:20 <DIR> d-------- C:\Users\All Users\Agnitum
2008-07-20 19:20 . 2008-07-20 19:20 <DIR> d-------- C:\ProgramData\Agnitum
2008-07-20 19:20 . 2008-07-20 19:20 <DIR> d-------- C:\Program Files\Agnitum
2008-07-20 19:20 . 2008-07-04 16:56 672,928 --a------ C:\Windows\System32\drivers\SandBox.sys
2008-07-20 19:20 . 2008-06-30 17:13 28,688 --a------ C:\Windows\System32\drivers\afw.sys
2008-07-20 19:20 . 2007-10-25 19:17 49 --a------ C:\Windows\transp.gif
2008-07-19 19:00 . 2008-07-19 19:00 <DIR> d-------- C:\Users\All Users\TERMINAL Studio
2008-07-19 19:00 . 2008-07-19 19:00 <DIR> d-------- C:\ProgramData\TERMINAL Studio
2008-07-19 18:59 . 2008-07-19 18:59 <DIR> d-------- C:\Users\All Users\Trymedia
2008-07-19 18:59 . 2008-07-19 18:59 <DIR> d-------- C:\ProgramData\Trymedia
2008-07-19 18:59 . 2008-07-19 18:59 <DIR> d-------- C:\Program Files\BFG
2008-07-19 18:56 . 2008-07-19 18:57 <DIR> d-------- C:\Users\CZESŁAW\AppData\Roaming\SolSuite
2008-07-19 18:56 . 2008-07-19 18:56 <DIR> d-------- C:\Users\All Users\TreeCardGames
2008-07-19 18:56 . 2008-07-19 18:56 <DIR> d-------- C:\ProgramData\TreeCardGames
2008-07-19 18:48 . 2008-08-15 09:20 <DIR> d-------- C:\GRY
2008-07-19 17:47 . 2008-07-19 17:47 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-19 17:47 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-07-19 13:40 . 2008-07-19 13:40 <DIR> dr------- C:\Users\CZESŁAW\Searches
2008-07-19 13:40 . 2008-07-19 13:40 <DIR> dr------- C:\Users\CZESŁAW\Searches
2008-07-19 13:40 . 2008-07-19 13:40 <DIR> d-------- C:\Users\CZESŁAW\AppData\Roaming\ATI
2008-07-19 13:39 . 2008-07-19 13:40 <DIR> dr------- C:\Users\CZESŁAW\Videos
2008-07-19 13:39 . 2008-07-19 13:40 <DIR> dr------- C:\Users\CZESŁAW\Videos
2008-07-19 13:39 . 2008-07-24 16:47 <DIR> dr------- C:\Users\CZESŁAW\Saved Games
2008-07-19 13:39 . 2008-07-24 16:47 <DIR> dr------- C:\Users\CZESŁAW\Saved Games
2008-07-19 13:39 . 2008-07-19 13:40 <DIR> dr------- C:\Users\CZESŁAW\Pictures
2008-07-19 13:39 . 2008-07-19 13:40 <DIR> dr------- C:\Users\CZESŁAW\Pictures
2008-07-19 13:39 . 2008-07-19 13:40 <DIR> dr------- C:\Users\CZESŁAW\Music
2008-07-19 13:39 . 2008-07-19 13:40 <DIR> dr------- C:\Users\CZESŁAW\Music
2008-07-19 13:39 . 2008-07-19 13:40 <DIR> dr------- C:\Users\CZESŁAW\Links
2008-07-19 13:39 . 2008-07-19 13:40 <DIR> dr------- C:\Users\CZESŁAW\Links
2008-07-19 13:39 . 2008-08-15 19:58 <DIR> dr------- C:\Users\CZESŁAW\Downloads
2008-07-19 13:39 . 2008-08-15 19:58 <DIR> dr------- C:\Users\CZESŁAW\Downloads
2008-07-19 13:39 . 2008-08-15 18:57 <DIR> dr------- C:\Users\CZESŁAW\Documents
2008-07-19 13:39 . 2008-08-15 18:57 <DIR> dr------- C:\Users\CZESŁAW\Documents
2008-07-19 13:39 . 2008-07-19 13:39 <DIR> dr------- C:\Users\CZESŁAW\Contacts
2008-07-19 13:39 . 2008-07-19 13:39 <DIR> dr------- C:\Users\CZESŁAW\Contacts
2008-07-19 13:39 . 2008-07-19 13:40 <DIR> d--h----- C:\Users\CZESŁAW\AppData
2008-07-19 13:39 . 2008-07-19 13:40 <DIR> d--h----- C:\Users\CZESŁAW\AppData
2008-07-19 13:39 . 2008-07-24 15:45 <DIR> d-------- C:\Users\CZESŁAW
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 18:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-21 17:14 174 --sha-w C:\Program Files\desktop.ini
2008-07-20 22:11 --------- d-----w C:\Program Files\Windows Mail
2008-07-20 20:15 476 ----a-w C:\Windows\system32\drivers\cmvep.txt
2008-07-20 20:15 32 ----a-w C:\Windows\system32\drivers\adidsl.cfg
2008-07-20 18:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-20 17:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-20 17:11 --------- d-----w C:\ProgramData\Symantec
2008-07-20 17:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-19 12:44 --------- d-----w C:\Program Files\Windows Live
2008-07-19 12:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-26 11:01 --------- d-----w C:\ProgramData\ATI
2008-06-26 10:59 --------- d-----w C:\Program Files\ATI Technologies
2008-06-26 09:13 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-26 07:18 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-26 07:13 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-26 05:06 --------- d-----w C:\ProgramData\Ahead
2008-06-26 05:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-26 05:05 --------- d-----w C:\ProgramData\Nero
2008-06-26 05:05 --------- d-----w C:\Program Files\Nero
2008-06-26 04:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-26 04:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 04:46 --------- d-----w C:\ProgramData\WLInstaller
2008-06-26 04:26 --------- d-----w C:\Program Files\Analog Devices
2008-06-26 01:29 --------- d-----w C:\Program Files\Windows Defender
2008-06-26 01:29 --------- d-----w C:\Program Files\Windows Calendar
2008-06-26 01:28 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-26 01:21 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-06-26 01:21 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-06-26 01:21 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-06-26 01:20 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-06-26 01:20 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-06-26 01:20 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-06-26 01:20 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-06-26 01:20 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-06-26 01:20 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-06-26 01:20 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-06-26 01:20 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-06-26 01:20 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-06-26 01:20 2,923,520 ----a-w C:\Windows\explorer.exe
2008-06-26 01:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-06-26 01:20 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-06-26 01:19 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-06-26 01:19 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-06-26 01:17 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-06-26 01:17 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-06-26 01:17 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-06-26 01:16 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-06-26 01:13 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-06-26 01:13 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-06-26 01:13 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-06-26 01:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-06-26 01:13 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-06-26 01:13 20,024 ----a-w C:\Windows\system32\drivers\viaide.sys
2008-06-26 01:13 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-06-26 01:13 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-06-26 01:13 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-06-26 01:13 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-06-26 01:13 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-06-26 01:12 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-06-26 01:12 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-06-26 01:12 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-06-26 01:12 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-06-26 01:12 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-06-26 01:12 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-06-26 01:12 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-06-26 01:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-06-26 01:11 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-06-26 01:11 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-06-26 01:11 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-06-26 01:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-06-26 01:09 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-06-26 01:07 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-06-26 01:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-06-26 01:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-26 01:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-26 01:05 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-26 01:05 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-26 01:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-26 01:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-26 01:05 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-06-26 01:05 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-06-26 01:04 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-06-26 01:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-06-26 01:04 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-06-26 01:04 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-06-26 01:04 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-06-26 01:04 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-06-26 01:04 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-06-26 01:04 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-06-26 01:03 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-06-26 01:03 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-06-26 01:03 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-06-26 01:03 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-06-26 01:03 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-06-26 01:02 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 01:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-26 01:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-26 01:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 01:01 750,080 ----a-w C:\Windows\System32\qmgr.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-15_ 0.59.34.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-14 21:40:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-15 15:43:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-14 21:40:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-15 15:43:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-14 21:42:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-15 15:45:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-15 15:45:43 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-14 21:42:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-15 15:45:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-15 15:45:38 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-14 22:54:56 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-15 17:59:56 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-15 17:59:56 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-08-14 21:47:43 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-15 15:50:25 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-14 21:47:43 86,210 ----a-w C:\Windows\System32\perfc015.dat
+ 2008-08-15 15:50:25 86,210 ----a-w C:\Windows\System32\perfc015.dat
- 2008-08-14 21:47:43 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-15 15:50:25 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-14 21:47:43 535,330 ----a-w C:\Windows\System32\perfh015.dat
+ 2008-08-15 15:50:25 535,330 ----a-w C:\Windows\System32\perfh015.dat
- 2008-08-14 21:42:14 6,982 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1838086464-2761458527-2426371215-1001_UserData.bin
+ 2008-08-15 15:45:19 7,006 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1838086464-2761458527-2426371215-1001_UserData.bin
- 2008-08-14 21:42:14 63,278 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-15 15:45:19 64,382 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-14 21:42:13 30,040 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-15 15:45:15 30,474 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-07-20 18:56 883528]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-07-04 14:38 435528]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"adiras"="adiras.exe" [2007-02-13 16:19 194128 C:\Windows\adiras.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2006-12-18 15:34 868352 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-06-26 03:18 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FFB084AA-4E2F-40E2-9553-E86A4BEB645F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{38FA1299-3C99-47BD-BD36-B0687373D967}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{14FF5C4C-49AD-454E-8940-479A9C07F9FC}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{874C59E4-3A0A-4587-AD78-73B5B5D6B9AF}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{F6D48A89-4AB6-4B16-A93D-455DE4271A07}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D838707B-3535-43E9-8033-091B0044DD4E}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{183A37CA-FF8A-49ED-BC09-9C426EC95C50}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{99F45421-11C4-43D8-B996-B2BAF2758997}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 ViBus;ViBus;C:\Windows\system32\DRIVERS\ViBus.sys [2007-12-07 12:13]
R0 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\DRIVERS\ViPrt.sys [2007-12-07 12:12]
R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys [2008-06-30 17:13]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 SandBox;SandBox;C:\Windows\system32\DRIVERS\SandBox.sys [2008-07-04 16:56]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 afwcore;afwcore;C:\Windows\system32\drivers\afwcore.sys [2008-06-30 17:13]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-07-23 22:47]
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-07-20 18:55]
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\Windows\system32\Drivers\adildr.sys [2007-02-07 16:50]
S2 is-LHBDM;is-LHBDM;C:\Users\Public\Desktop\Kaspersky Lab Tool\is-LHBDM\is-LHBDM.exe []
S3 ASWFilt;ASWFilt;C:\Windows\system32\Filt\ASWFilt.dll [2008-07-04 16:57]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{528916b6-55a9-11dd-9798-001e8c5f5ec0}]
\shell\Auto\command - UFO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-15 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\CZESŁAW\AppData\Roaming\Mozilla\Firefox\Profiles\h3v7mqub.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.onet.pl
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 20:02:33
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-15 20:03:38
ComboFix-quarantined-files.txt 2008-08-15 18:03:31
ComboFix2.txt 2008-08-14 23:00:14
Pre-Run: 197,792,518,144 bajtów wolnych
Post-Run: 197,757,960,192 bajtów wolnych
323 --- E O F --- 2008-07-21 17:25:31
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:53, on 2008-08-15
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Internet ADSL.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A82E2F7B-7E00-4FAF-86CF-45E89CD09243}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: is-LHBDM - Unknown owner - C:\Users\Public\Desktop\Kaspersky Lab Tool\is-LHBDM\is-LHBDM.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 5233 bytes
Dziękuję i Pozdrawiam
