Sprawdzałem jeszcze kompa programem Malwarebytes i wykrył mi 1 zainfekowany plik, a następnie po 1 minucie skan i cały program się zawiesił. Zawiecha następuje zawsze w tym samym momencie (C:\Windows\Installer\112dfff.msi)
Log z GMER:
- Kod: Zaznacz wszystko
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-23 19:22:14
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.HS10
Running: xqzlcvke.exe; Driver: C:\DOCUME~1\Bartek\USTAWI~1\Temp\kwkyqpob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8C54380, 0x37E6AD, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x92 0x61 0xB6 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x92 0x61 0xB6 0xA4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----
Logi z OTL:
http://www.przeklej.pl/plik/extras-txt-0023u74m0bq4
http://www.przeklej.pl/plik/otl-txt-0023u74uc2mv
