Anonim / 5 lat, 10 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
ComboFix 12-05-28.01 - Administrator 2012-05-28  12:24:31.2.4 - x64 NETWORK
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.48.1045.18.4008.3297 [GMT 2:00]
Uruchomiony z: c:\users\Administrator\Desktop\ComboFix.exe
Użyto następujących komend :: c:\users\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
FILE ::
"c:\program files\PCHealthCenter\0.exe"
"c:\program files\PCHealthCenter\1.exe"
"c:\program files\PCHealthCenter\3.exe"
"c:\program files\PCHealthCenter\4.exe"
"c:\program files\PCHealthCenter\5.exe"
"c:\program files\tmp0.exe"
"c:\program files\tmp1.exe"
"c:\program files\tmp2.exe"
"c:\windows\mrvtdpqe.exe"
"c:\windows\Sys30.exe"
"c:\windows\Sys31.exe"
"c:\windows\Sys32.exe"
"c:\windows\system32\fccdDTNh.dll"
"c:\windows\system32\lualtpjv.ini"
"c:\windows\system32\Setup_ver1.1351.25.exe"
"c:\windows\system32\vjptlaul.dll"
"c:\windows\system32\vkctdqbj.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\explorer.exe . . . jest zainfekowany!!
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-04-28 do 2012-05-28  )))))))))))))))))))))))))))))))
.
.
2012-05-28 10:28 . 2012-05-28 10:28	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-05-26 09:41 . 2012-05-14 23:41	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{20398ADC-9645-462D-98C6-87632AE9206E}\mpengine.dll
2012-05-26 09:18 . 2012-05-26 09:18	--------	d-----w-	c:\users\Darq\AppData\Local\adaware
2012-05-26 09:18 . 2012-05-26 09:18	--------	d-----w-	c:\programdata\Ad-Aware Browsing Protection
2012-05-26 09:18 . 2011-04-05 15:35	94296	----a-w-	c:\windows\system32\drivers\sbtis.sys
2012-05-26 09:18 . 2011-04-05 15:35	60504	----a-w-	c:\windows\system32\drivers\sbhips.sys
2012-05-26 09:17 . 2011-02-08 07:14	84568	----a-w-	c:\windows\system32\drivers\SbFwIm.sys
2012-05-26 09:17 . 2011-04-05 15:35	253528	----a-w-	c:\windows\system32\drivers\SbFw.sys
2012-05-26 09:17 . 2012-05-26 09:17	--------	d-----w-	c:\programdata\Lavasoft
2012-05-26 09:16 . 2012-05-26 09:16	--------	d-----w-	c:\users\Darq\AppData\Roaming\Ad-Aware Antivirus
2012-05-17 21:38 . 2012-05-17 21:38	--------	d-----w-	c:\users\Darq\AppData\Local\SKIDROW
2012-05-16 12:27 . 2012-04-25 10:42	--------	d-----w-	c:\users\Darq\AppData\Roaming\.spoutcraft
2012-05-12 19:46 . 2012-05-12 19:46	--------	d-----w-	c:\users\Darq\AppData\Local\BVRP Software
2012-05-12 19:46 . 2012-05-12 19:46	--------	d-----w-	c:\programdata\BVRP Software
2012-05-03 11:07 . 2012-05-03 11:07	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-03 11:07 . 2012-05-03 11:07	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 11:07 . 2012-05-03 11:07	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 21:20 . 2012-04-05 06:48	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:20 . 2011-09-10 05:43	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:20 . 2012-04-05 07:20	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 21:17 . 2011-09-09 15:13	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-03-23 14:16 . 2011-09-30 09:25	189480	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-03-23 14:16 . 2011-09-30 09:18	189480	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-03-06 23:15 . 2011-10-09 10:42	41184	----a-w-	c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-09 10:42	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-09 10:42	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-09 10:42	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-09 10:42	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-04-07 15:34	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-10-09 10:42	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-09 10:42	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-09 10:42	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-05 23:58 . 2011-09-30 09:18	75064	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-03-05 22:53 . 2011-09-30 09:18	3360624	----a-w-	c:\windows\SysWow64\pbsvc.exe
2012-03-01 18:37 . 2012-03-01 18:37	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-27 . 27E4CC287C32C38630C4C003CEB291BB . 2868224 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
(((((((((((((((((((((((((((((   SnapShot@2012-05-28_10.06.17   )))))))))))))))))))))))))))))))))))))))))
.
- 2012-05-28 09:41 . 2012-05-28 09:43	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-28 10:10 . 2012-05-28 10:11	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-28 10:10 . 2012-05-28 10:11	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-28 09:41 . 2012-05-28 09:43	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NI Background Service"="c:\program files (x86)\National Instruments\Shared\Update Service\niupdate.exe" [2010-08-10 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-27 494424]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-09 1431888]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-18 241488]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-22 2009704]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.