win32 aucrypt
dziś z google złapałem na komp. win32 aucrypt
prosze o pomoc przeskanowałem combo fixem i chyba jest ok.
w załączniku log
ComboFix 08-05-08.1 - brzezoo 2008-05-09 21:39:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.169 [GMT 2:00]
Running from: C:\Documents and Settings\brzezoo\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
D:\Autorun.inf
E:\Autorun.inf
H:\Autorun.inf
I:\Autorun.inf
J:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
2008-05-08 18:54 . 2008-05-08 18:54 9,522 --a------ C:\WINDOWS\Retaften.bmp
2008-05-08 18:54 . 2008-05-08 18:54 0 --a------ C:\WINDOWS\system32\drivers\IsPubDrv.sys
2008-05-08 18:54 . 2008-05-08 18:54 0 --a------ C:\WINDOWS\system32\drivers\IsDrv118.sys
2008-05-08 18:53 . 2008-05-08 18:53 49,152 --a------ C:\WINDOWS\infoservice.exe
2008-05-04 18:48 . 2008-05-04 18:48 d-------- C:\Documents and Settings\brzezoo\Dane aplikacji\PCF-VLC
2008-05-04 18:41 . 2008-05-04 18:41 d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-04 13:20 . 2008-05-04 13:27 d-------- C:\Documents and Settings\brzezoo\Dane aplikacji\Joost
2008-05-04 13:12 . 2008-05-04 19:01 d-------- C:\Documents and Settings\brzezoo\Dane aplikacji\Azureus
2008-05-04 13:12 . 2008-05-04 13:12 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2008-05-03 17:24 . 2005-01-14 09:32 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe
2008-05-03 17:20 . 2008-05-03 17:20 d-------- C:\WINDOWS\PixArt
2008-05-03 17:20 . 2008-05-03 17:20 d-------- C:\Program Files\PC Camera
2008-05-03 17:20 . 2008-05-03 17:20 d-------- C:\Program Files\Common Files\PCCamera
2008-05-03 16:31 . 2008-05-03 16:31 d-------- C:\Program Files\Intel
2008-05-03 16:11 . 2008-05-03 16:11 d-------- C:\Documents and Settings\brzezoo\Dane aplikacji\Ulead Systems
2008-05-03 16:09 . 1999-11-10 11:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-05-03 16:04 . 2008-05-03 16:04 d-------- C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
2008-05-03 16:03 . 2008-05-03 16:04 d-------- C:\Program Files\Common Files\Ulead Systems
2008-05-03 16:03 . 2008-05-03 16:04 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-05-03 16:02 . 2008-05-03 16:02 d-------- C:\Program Files\mikroskop-Ulead Systems
2008-04-28 20:24 . 2008-04-28 20:25 d-------- C:\Program Files\MegauploadToolbar
2008-04-28 20:24 . 2008-05-09 19:29 d-------- C:\Documents and Settings\brzezoo\Dane aplikacji\MegauploadToolbar
2008-04-26 13:16 . 2008-04-26 13:16 d-------- C:\Program Files\Sun
2008-04-26 13:15 . 2008-04-26 13:15 d-------- C:\Program Files\Java
2008-04-26 13:15 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-26 13:13 . 2008-04-26 13:13 d-------- C:\Program Files\Common Files\Java
2008-04-25 15:39 . 2008-04-25 15:40 d-------- C:\Documents and Settings\brzezoo\Dane aplikacji\MiniDm
2008-04-25 14:40 . 2008-02-08 20:10 303,104 --a------ C:\WINDOWS\Uninstall_tkexe.exe
2008-04-25 14:38 . 2008-04-25 14:38 d-------- C:\Documents and Settings\brzezoo\Dane aplikacji\TRIWORKS
2008-04-25 14:35 . 2008-04-25 14:35 d-------- C:\Program Files\DriverMax 3.4
2008-04-25 14:30 . 2008-04-25 14:30 d-------- C:\Program Files\Realtek
2008-04-25 14:30 . 2007-07-26 17:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-04-25 14:30 . 2008-04-25 14:30 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-04-25 14:27 . 2008-04-25 14:27 d-------- C:\Program Files\RogueRemover FREE
2008-04-25 14:18 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-19 13:30 . 2008-05-09 21:24 d-------- C:\Documents and Settings\brzezoo\Dane aplikacji\Skype
2008-04-19 13:29 . 2008-04-19 13:29 d-------- C:\Program Files\Skype
2008-04-19 13:29 . 2008-04-19 13:29 d-------- C:\Program Files\Common Files\Skype
2008-04-19 13:28 . 2008-04-19 13:29 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 12:09 --------- d-----w C:\Program Files\HD Tune-diagnosta dysku
2008-05-03 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 17:53 --------- d-----w C:\Documents and Settings\brzezoo\Dane aplikacji\DMCache
2008-04-25 06:48 --------- d-----w C:\Program Files\Opera
2008-04-04 13:56 --------- d-----w C:\Documents and Settings\brzezoo\Dane aplikacji\vlc
2008-04-04 13:42 --------- d-----w C:\Program Files\Quick StartUp
2008-04-04 12:49 --------- d-----w C:\Program Files\IEPro
2008-04-04 12:49 --------- d-----w C:\Documents and Settings\brzezoo\Dane aplikacji\IEPro
2008-04-04 12:45 --------- d-----w C:\Documents and Settings\brzezoo\Dane aplikacji\Participatory Culture Foundation
2008-04-04 12:44 --------- d-----w C:\Documents and Settings\brzezoo\Dane aplikacji\JLC's Software
2008-04-04 12:33 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-03 19:45 --------- d-----w C:\Program Files\Aktualizacje-Windows Up Down
2008-04-03 19:24 --------- d-----w C:\Program Files\HDD Health-DIAGNOSTA DYSKÓW
2008-04-03 19:17 --------- d-----w C:\Program Files\System-diagnosta
2008-04-03 19:02 --------- d-----w C:\Documents and Settings\brzezoo\Dane aplikacji\Canon
2008-04-03 18:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-04-03 18:54 --------- d-----w C:\Program Files\WinRAR 3.70
2008-04-03 18:40 --------- d-----w C:\Program Files\ATI Technologies
2008-04-03 18:36 --------- d-----w C:\Documents and Settings\brzezoo\Dane aplikacji\Winamp 5.5
2008-04-03 17:57 --------- d-----w C:\Program Files\Total Commander 1.7
2008-04-03 17:52 --------- d-----w C:\Program Files\Avast4
2008-04-02 18:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-02 18:15 --------- d-----w C:\Program Files\Burn4Free
2008-04-02 17:19 --------- d-----w C:\Program Files\Logitech
2008-04-02 17:19 --------- d-----w C:\Program Files\Common Files\FotoWire
2008-04-02 17:19 --------- d-----w C:\Documents and Settings\brzezoo\Dane aplikacji\FotoWire
2008-04-02 17:17 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-02 17:16 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-04-02 17:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-02 17:12 --------- d-----w C:\Program Files\Creative
2008-04-02 17:12 --------- d-----w C:\Documents and Settings\brzezoo\Dane aplikacji\Creative
2008-04-02 17:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-04-02 16:54 --------- d-----w C:\Documents and Settings\brzezoo\Dane aplikacji\Microsoft Web Folders
2008-04-02 16:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-02 16:48 --------- d-----w C:\Program Files\Canon
2008-04-02 16:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM
2008-04-02 16:45 --------- d-----w C:\Program Files\Common Files\CANON
2008-04-02 16:40 --------- d--h--w C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
2008-04-02 16:39 --------- d--h--w C:\Program Files\CanonBJ
2008-04-02 16:06 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 04:14 223,744 ----a-w C:\WINDOWS\system32\b4fm.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-04-02 19:16 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"HDDHealth"="C:\Program Files\HDD Health-DIAGNOSTA DYSKÓW\hddhealth.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-25 21:54 23090984]
"infoservice.exe1"="C:\WINDOWS\infoservice.exe" [2008-05-08 18:53 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696]
"CTHelper"="CTHELPER.EXE" [2003-08-28 10:45 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"WinampAgent"="D:\odtwarzacze\Winamp 5.5\winampa.exe" [2007-10-10 07:28 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\AutostartAdobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-02 19:16:13 450560]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Miro TV\\Miro_Downloader.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\Azureus TV\\Azureus.exe"=
"D:\\Miro TV\\xulrunner\\python\\Miro_Downloader.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 08:49]
S3 PAC207;SoC PC-Camera Beta3;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d508f31-1294-11dd-8526-000b2b12fab5}]
\Shell\AutoRun\command - K:\pa39xth.cmd
\Shell\explore\Command - K:\pa39xth.cmd
\Shell\open\Command - K:\pa39xth.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a59c5251-06de-11d6-84e5-000b2b12fab5}]
\Shell\AutoRun\command - K:\pa39xth.cmd
\Shell\explore\Command - K:\pa39xth.cmd
\Shell\open\Command - K:\pa39xth.cmd
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 21:42:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-09 21:43:43
ComboFix-quarantined-files.txt 2008-05-09 19:43:33
Pre-Run: 35,443,023,872 bajtów wolnych
Post-Run: 35,674,251,264 bajtów wolnych
182 --- E O F --- 2008-04-26 11:58:54
Odpowiedzi: 1
Wklej do [b]Notatnika[/b]:
[CODE]
File::
C:\WINDOWS\Retaften.bmp
C:\WINDOWS\system32\drivers\IsPubDrv.sys
C:\WINDOWS\system32\drivers\IsDrv118.sys
C:\WINDOWS\infoservice.exe
K:\pa39xth.cmd
D:\pa39xth.cmd
E:\pa39xth.cmd
H:\pa39xth.cmd
I:\pa39xth.cmd
J:\pa39xth.cmd
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDDHealth"=-
"infoservice.exe1"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d508f31-1294-11dd-8526-000b2b12fab5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a59c5251-06de-11d6-84e5-000b2b12fab5}]
[/code]
[b]>>Plik>>Zapisz jako... >>> [color=red]CFScript[/color][/b]
Przeciągnij i upuść plik [color=red][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b]
[b][color=blue]-->[/color][/b] [img]http://img.wklej.org/images/88953CFScript-createdbyMiekiemoes.gif[/img]
Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: [b]Po restarcie[/b] usuń ręcznie folder [b]C:\[color=red]Qoobox[/color][/b].
.
Strona 1 / 1