Lekka infekcja, pozostałości po wirusach

(Mail) #1

Witam. Ostatnio koledzy bawili sie u mnie OTSami (bez mojej wiedzy…) i zainstalowały mi się trojany, rootkity które już powolutku usunąłem.

Nie jestem pewien czy wszystko jest czyste, więc daje log:

http://wklej.org/id/1c54a5e748

PS: Nieciekawi mnie ta część:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{4809F5B6-8805-4B8A-A73B-010DDD12646C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{377ABBE3-7E9C-422F-9814-AE9D6A16B8EE}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows

"UDP Query User{C347572D-8EC8-4AE0-94F7-DDCBB547C4EC}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

"{806E9236-A5F7-4206-A3E5-2927DC84C1E6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{4F993CEA-F3AA-47E2-8AF2-CD82D7FB7394}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{ABE37430-EA7C-4DEA-BB5C-8F56867F3B5D}C:\\program files\\wapster\\wapster aqq\\aqq.exe"= UDP:C:\program files\wapster\wapster aqq\aqq.exe:AQQ

"UDP Query User{1FE0EBFB-5D7F-4F89-95E1-C916BE18A21B}C:\\program files\\wapster\\wapster aqq\\aqq.exe"= TCP:C:\program files\wapster\wapster aqq\aqq.exe:AQQ

"TCP Query User{27FED971-4B24-4738-82D9-06E0AC174E34}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{81AFA9E9-EC01-4D3A-A603-49A6ADC96FB9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{5DA458C9-FD36-44F4-86F9-34075AEDC146}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{D8ED6060-F7A4-4EF4-B4CF-8BD68564106C}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser

"{C7BC9A5E-7048-415E-9B81-FD18942B00F6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{0EC793DD-F35E-4CD0-BE1E-A789F0A0F43E}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes

"UDP Query User{679A6058-4E7C-4D18-9671-C3C511C4B090}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes

"TCP Query User{E6605089-17BD-4BAA-B930-703C9C296374}C:\\program files\\valve\\steam\\steamapps\\piwollo\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\piwollo\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{F30F0EC8-7FD1-4F15-BA19-8C1A9D1C39A1}C:\\program files\\valve\\steam\\steamapps\\piwollo\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\piwollo\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{8B781838-FB2D-4D11-9039-7510C29CFD0E}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{F3FB12E0-5110-408A-8DC8-7210B5F8B600}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{B42A0F84-B9C5-4DE4-B85D-DCCE45993B01}C:\\program files\\a\\aqq.exe"= UDP:C:\program files\a\aqq.exe:AQQ

"UDP Query User{63604BE3-38B0-423D-A03E-FD449BE3DE87}C:\\program files\\a\\aqq.exe"= TCP:C:\program files\a\aqq.exe:AQQ

"TCP Query User{DE6A7C10-85A6-41B4-A30D-F9F8C22AC618}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows

"UDP Query User{91A0DB64-78D4-4BE8-ACFE-E791885E7954}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows

"TCP Query User{9CC28164-0ACC-40AA-B47C-4A938241599F}C:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:C:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client

"UDP Query User{C8BD544F-F7E4-4205-9F9C-B82C12165BCE}C:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:C:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client

"TCP Query User{FD04ECF6-7003-43F1-9DA1-B8B40F907F2B}C:\\program files\\miranda im\\miranda32.exe"= UDP:C:\program files\miranda im\miranda32.exe:Miranda IM

"UDP Query User{E3D447FA-CAC9-4BCC-A61A-0504905C0DCF}C:\\program files\\miranda im\\miranda32.exe"= TCP:C:\program files\miranda im\miranda32.exe:Miranda IM

"TCP Query User{C1146253-BEB4-4D2C-A038-ED7F15D3B6A2}C:\\program files\\miranda im\\miranda32.exe"= UDP:C:\program files\miranda im\miranda32.exe:Miranda IM

"UDP Query User{D9B709BE-5A90-42F9-85EE-F3F38B047367}C:\\program files\\miranda im\\miranda32.exe"= TCP:C:\program files\miranda im\miranda32.exe:Miranda IM

"TCP Query User{C9B18A1F-0210-43AF-9E6E-20274529146D}C:\\users\\piwollo\\desktop\\evolution by vendeto\\evolution by vendeto\\evolution 2.0 by aciek & sidd.exe"= UDP:C:\users\piwollo\desktop\evolution by vendeto\evolution by vendeto\evolution 2.0 by aciek & sidd.exe:evolution 2.0 by aciek & sidd.exe

"UDP Query User{7CF98489-1AC5-4007-A013-34824BEC4B25}C:\\users\\piwollo\\desktop\\evolution by vendeto\\evolution by vendeto\\evolution 2.0 by aciek & sidd.exe"= TCP:C:\users\piwollo\desktop\evolution by vendeto\evolution by vendeto\evolution 2.0 by aciek & sidd.exe:evolution 2.0 by aciek & sidd.exe

"TCP Query User{D1A3A88E-6873-4228-A8DB-F4D3796578ED}C:\\users\\piwollo\\desktop\\evolution 8.1 - by aciek\\evolution 8.1 - by aciek\\aciek ots.exe"= UDP:C:\users\piwollo\desktop\evolution 8.1 - by aciek\evolution 8.1 - by aciek\aciek ots.exe:aciek ots.exe

"UDP Query User{4C26C601-7D82-4060-A550-8B4375FA7315}C:\\users\\piwollo\\desktop\\evolution 8.1 - by aciek\\evolution 8.1 - by aciek\\aciek ots.exe"= TCP:C:\users\piwollo\desktop\evolution 8.1 - by aciek\evolution 8.1 - by aciek\aciek ots.exe:aciek ots.exe

"TCP Query User{BD8BF499-383B-4915-8A9C-58EDB53F4730}C:\\users\\piwollo\\desktop\\evo mega edycja by aciek, zastrzegam prawa co do mojego nicku\\by aciek.exe"= UDP:C:\users\piwollo\desktop\evo mega edycja by aciek, zastrzegam prawa co do mojego nicku\by aciek.exe:by aciek.exe

"UDP Query User{4DD28BEF-82CA-41E7-8D9C-64CE441BD68E}C:\\users\\piwollo\\desktop\\evo mega edycja by aciek, zastrzegam prawa co do mojego nicku\\by aciek.exe"= TCP:C:\users\piwollo\desktop\evo mega edycja by aciek, zastrzegam prawa co do mojego nicku\by aciek.exe:by aciek.exe

"TCP Query User{9D4EC0AA-01C9-4AC6-A945-3F23F91FCC66}C:\\users\\piwollo\\desktop\\ots\\by aciek.exe"= UDP:C:\users\piwollo\desktop\ots\by aciek.exe:by aciek.exe

"UDP Query User{4B4CCC16-E03E-4F44-A1B9-C7CABCBA095B}C:\\users\\piwollo\\desktop\\ots\\by aciek.exe"= TCP:C:\users\piwollo\desktop\ots\by aciek.exe:by aciek.exe

Co wy na to? :slight_smile:

(huber2t) #2

W logu nic nie widzę

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!