Win32:Kavos[Trj]


(rafalski) #1

Witam!

Avast wykrył u mnie Win32:Kavos[Trj]. Proszę o pomoc i z góry dziękuje.

-- Dodane 27.07.2009 (Pn) 1:13 --

Oto log z combofix

ComboFix 09-07-25.08 - Darek 2009-07-27 0:51:23.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2047.1243 [GMT 2:00]

Uruchomiony z: C:\Users\Darek\Desktop\ComboFix1.exe

AV: avast! antivirus 4.8.1229 [VPS 081123-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1229 [VPS 081123-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500

C:\$RECYCLE.BIN\S-1-5-21-216627001-1471573860-738629386-500

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk


.

((((((((((((((((((((((((( Pliki utworzone od 2009-06-26 do 2009-07-26 )))))))))))))))))))))))))))))))

.


2009-07-26 23:08:02 . 2009-07-26 23:08:02	0	d-----w-	C:\Users\Ula\AppData\Local\temp

2009-07-26 23:03:55 . 2009-07-26 23:03:55	0	d-----w-	C:\Users\Iwona\AppData\Local\temp

2009-07-26 23:00:44 . 2009-07-26 23:00:44	0	d-----w-	C:\Users\IUSR_NMPR\AppData\Local\temp

2009-07-26 22:46:46 . 2009-07-26 22:49:54	0	d-s---w-	C:\ComboFix

2009-07-19 19:57:11 . 2009-07-19 19:57:11	0	d-----w-	C:\Program Files\Vstplugins

2009-07-19 19:57:07 . 2009-07-19 19:57:07	0	d-----w-	C:\ProgramData\Sony

2009-07-19 19:56:00 . 2009-07-19 19:56:00	0	d-----w-	C:\Program Files\Sony Setup

2009-07-17 20:01:19 . 2009-07-17 20:02:33	5132604	----a-w-	C:\ProgramData\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe

2009-07-16 15:51:40 . 2009-07-18 10:47:51	0	d-----w-	C:\Users\Ula\AppData\Roaming\ArcSoft

2009-07-16 14:06:33 . 2009-07-16 14:13:22	0	d-----w-	C:\Users\Iwona\AppData\Roaming\ArcSoft

2009-07-16 14:05:57 . 2009-07-16 14:05:57	0	d-sh--we	C:\Windows\system32\config\systemprofile\Ustawienia lokalne

2009-07-16 14:05:57 . 2009-07-16 14:05:57	0	d-sh--we	C:\Windows\system32\config\systemprofile\Dane aplikacji

2009-07-16 13:55:46 . 2009-07-16 15:49:26	0	d-----w-	C:\Users\Iwona\AppData\Local\Microsoft Games

2009-07-15 06:06:52 . 2009-06-15 14:53:52	156672	----a-w-	C:\Windows\system32\t2embed.dll

2009-07-15 06:06:52 . 2009-06-15 14:52:42	23552	----a-w-	C:\Windows\system32\lpk.dll

2009-07-15 06:06:52 . 2009-06-15 14:52:19	72704	----a-w-	C:\Windows\system32\fontsub.dll

2009-07-15 06:06:52 . 2009-06-15 14:51:38	10240	----a-w-	C:\Windows\system32\dciman32.dll

2009-07-15 06:06:52 . 2009-06-15 12:42:30	289792	----a-w-	C:\Windows\system32\atmfd.dll

2009-07-06 07:38:48 . 2009-07-06 07:39:03	0	d-----w-	C:\Windows\system32\ca-ES

2009-07-06 07:38:48 . 2009-07-06 07:39:02	0	d-----w-	C:\Windows\system32\eu-ES

2009-07-06 07:38:47 . 2009-07-06 07:39:01	0	d-----w-	C:\Windows\system32\vi-VN

2009-07-06 07:16:52 . 2009-07-06 07:16:53	0	d-----w-	C:\Windows\system32\EventProviders

2009-07-06 07:12:59 . 2009-04-11 06:32:49	3549672	----a-w-	C:\Windows\system32\ntoskrnl.exe

2009-07-06 07:11:59 . 2009-04-11 06:28:24	376832	----a-w-	C:\Windows\system32\rasplap.dll

2009-07-06 07:10:30 . 2009-04-11 06:28:18	247808	----a-w-	C:\Windows\system32\drvstore.dll

2009-07-03 22:04:00 . 2009-07-03 22:04:00	0	d-----w-	C:\Program Files\Yamicsoft

2009-06-28 17:07:16 . 2009-06-28 17:07:16	0	d-----w-	C:\ProgramData\PC Suite

2009-06-28 17:06:00 . 2009-06-28 17:06:00	0	d-----w-	C:\ProgramData\Nokia

2009-06-28 17:01:11 . 2009-06-28 16:53:50	24549928	----a-w-	C:\ProgramData\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_pl.exe

2009-06-28 17:01:06 . 2009-06-28 17:01:06	36864	----a-w-	C:\ProgramData\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe

2009-06-28 17:01:06 . 2009-06-28 17:01:06	3351812	----a-w-	C:\ProgramData\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe

2009-06-28 17:01:06 . 2009-06-28 17:01:06	3181612	----a-w-	C:\ProgramData\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe

2009-06-28 17:00:48 . 2009-06-28 17:00:48	0	d-----w-	C:\ProgramData\Installations


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-26 22:27:09 . 2007-06-23 10:22:03	704102	----a-w-	C:\Windows\system32\perfh015.dat

2009-07-26 22:27:09 . 2007-06-23 10:22:03	148654	----a-w-	C:\Windows\system32\perfc015.dat

2009-07-26 12:12:38 . 2008-10-13 21:01:31	12	----a-w-	C:\Windows\bthservsdp.dat

2009-07-22 19:55:27 . 2009-03-03 21:05:43	0	d-----w-	C:\Program Files\Microsoft Silverlight

2009-07-19 19:56:59 . 2009-06-17 16:28:12	0	d-----w-	C:\Program Files\Sony

2009-07-19 14:57:09 . 2009-05-07 08:27:21	0	d-----w-	C:\Users\Darek\AppData\Roaming\ArcSoft

2009-07-17 20:04:43 . 2007-06-23 00:49:26	0	d--h--w-	C:\Program Files\InstallShield Installation Information

2009-07-17 20:01:17 . 2009-05-04 15:15:32	0	d-----w-	C:\ProgramData\ArcSoft

2009-07-16 22:05:33 . 2009-06-05 11:35:12	0	d-----w-	C:\ProgramData\OpenFM

2009-07-15 09:39:05 . 2006-11-02 11:18:33	0	d-----w-	C:\Program Files\Windows Mail

2009-07-06 07:39:10 . 2006-11-02 12:37:34	0	d-----w-	C:\Program Files\Windows Calendar

2009-07-06 07:39:09 . 2006-11-02 12:37:34	0	d-----w-	C:\Program Files\Windows Sidebar

2009-07-06 07:39:09 . 2006-11-02 12:37:34	0	d-----w-	C:\Program Files\Windows Photo Gallery

2009-07-06 07:39:09 . 2006-11-02 12:37:34	0	d-----w-	C:\Program Files\Windows Journal

2009-07-06 07:39:09 . 2006-11-02 12:37:34	0	d-----w-	C:\Program Files\Windows Collaboration

2009-07-06 07:39:05 . 2006-11-02 12:37:34	0	d-----w-	C:\Program Files\Windows Defender

2009-07-06 07:38:40 . 2006-11-02 10:25:05	665600	----a-w-	C:\Windows\inf\drvindex.dat

2009-07-06 07:22:23 . 2006-11-02 12:37:35	37665	----a-w-	C:\Windows\Fonts\GlobalUserInterface.CompositeFont

2009-07-05 10:53:45 . 2009-04-19 19:19:11	0	d-----w-	C:\Program Files\Pity 2008

2009-07-05 10:53:31 . 2009-06-09 06:17:05	0	d-----w-	C:\Program Files\Nokia

2009-07-02 09:25:23 . 2008-10-13 19:50:54	0	d-----w-	C:\Program Files\Spybot - Search & Destroy

2009-07-02 09:25:22 . 2008-10-13 19:50:54	0	d-----w-	C:\ProgramData\Spybot - Search & Destroy

2009-07-01 12:10:23 . 2008-10-13 19:22:22	0	d-----w-	C:\ProgramData\DVD Shrink

2009-06-28 17:15:21 . 2009-06-28 17:15:21	0	---ha-w-	C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-06-19 11:47:33 . 2009-06-19 11:46:23	0	d-----w-	C:\Program Files\AVI ReComp

2009-06-19 11:47:29 . 2009-06-19 11:47:29	0	d-----w-	C:\Program Files\Gabest

2009-06-19 11:47:14 . 2009-03-11 16:24:22	0	d-----w-	C:\Program Files\XviD

2009-06-18 19:48:17 . 2009-06-18 19:48:11	0	d-----w-	C:\Users\Darek\AppData\Roaming\Image Zone Express

2009-06-18 19:48:16 . 2009-06-18 19:48:12	0	d-----w-	C:\Users\Darek\AppData\Roaming\Printer Info Cache

2009-06-18 09:14:10 . 2009-06-18 09:14:10	0	d-----w-	C:\Users\Ula\AppData\Roaming\Publish Providers

2009-06-18 09:13:57 . 2009-06-18 09:13:57	0	d-----w-	C:\Users\Ula\AppData\Roaming\Sony

2009-06-17 16:29:11 . 2009-06-17 16:29:11	0	d-----w-	C:\Program Files\iZotope

2009-06-13 21:49:51 . 2009-06-13 21:49:51	0	d-----w-	C:\Program Files\CardTest

2009-06-09 19:45:16 . 2008-10-06 20:01:10	0	d-----w-	C:\ProgramData\Microsoft Help

2009-06-09 19:44:20 . 2007-06-23 01:06:54	0	d-----w-	C:\Program Files\Microsoft Works

2009-06-09 18:09:54 . 2009-06-09 18:09:54	0	d-----w-	C:\Users\Ula\AppData\Roaming\PC Suite

2009-06-09 06:28:37 . 2009-06-09 06:28:37	0	d-----w-	C:\Users\Darek\AppData\Roaming\PC Suite

2009-06-09 06:27:55 . 2009-06-09 06:27:55	0	d-----w-	C:\Users\Darek\AppData\Roaming\Nokia

2009-06-09 06:26:59 . 2009-06-09 06:26:59	0	d-----w-	C:\ProgramData\NokiaMusic

2009-06-09 06:21:41 . 2009-06-09 06:21:41	0	d-----w-	C:\Program Files\DIFX

2009-05-31 13:32:54 . 2009-05-31 13:32:54	0	d-----w-	C:\Users\Ula\AppData\Roaming\Corel

2009-05-09 05:50:28 . 2009-06-09 19:40:14	915456	----a-w-	C:\Windows\system32\wininet.dll

2009-05-09 05:34:34 . 2009-06-09 19:40:13	71680	----a-w-	C:\Windows\system32\iesetup.dll

2009-05-07 14:16:24 . 2008-11-02 18:47:43	94944	----a-w-	C:\Users\Iwona\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-05 13:36:19 . 2008-11-02 17:37:14	94944	----a-w-	C:\Users\Ula\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-05 07:54:39 . 2008-10-22 17:41:26	94944	----a-w-	C:\Users\Darek\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-04 16:08:23 . 2009-05-04 16:08:23	56	---ha-w-	C:\ProgramData\ezsidmv.dat

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 15:07:58 1828136]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 10:03:38 868352]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CCUTRAYICON"="FactoryMode" [X]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 21:38:40 1008184]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 13:42:24 65536]

"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16:56 65536]

"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 10:59:00 118784]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 19:52:38 49152]

"DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2007-01-16 15:12:04 280576]

"HPUsageTracking"="C:\Program Files\HP\HP UT\bin\hppusg.exe" [2007-05-04 11:14:04 36864]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 21:08:45 81000]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 18:57:00 92704]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 18:57:00 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 18:57:00 88608]

"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 10:08:10 397312]

"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-01 23:46:00 215552]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 15:18:48 413696]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 16:10:28 35696]

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 03:19:17 148888]

"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 11:59:22 195072]

"RtHDVCpl"="RtHDVCpl.exe" - C:\WINDOWS\RtHDVCpl.exe [2007-03-01 15:38:48 4390912]

"SPIRunE"="SPIRunE.dll" - C:\WINDOWS\System32\SpiRunE.dll [2007-05-09 01:07:42 18432]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 09:09:52 44168]


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):ad,cd,e8,95,0d,fe,c9,01


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A79A83BF-CB7E-4FD4-9AAC-AC85CE4287EE}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{95187053-5987-4630-9350-6566686D798E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{B913003D-7B77-41B3-A273-D108FF9765E2}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server

"{8F825EC1-17D2-40EC-A70A-BE78FA438992}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server

"{BCE6C658-40D7-4A35-87FF-95C4D606E7C4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service

"{76FAB58D-9F96-48DF-B4E6-4D258253EE87}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service

"{A2D36DD1-D6F0-4E92-99C3-9CE34DD22DA2}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery

"{FE4C5E69-B801-49BC-8B98-5795CE4DDACB}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery

"{15DD2DBF-61E4-472A-BD15-98FCA5B8ECAD}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE

"{CDE4D6F3-C5F7-4BF5-8360-882F9E09C7F2}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE

"{2A9062EF-BD05-4FCD-89C0-0FF8C673FA73}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3D9368F8-B4B4-4F75-9811-3EDD3618E1B9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{36A89111-3B3E-44E2-B2F1-2F9C779E6312}C:\\program files\\przydatne aplikacje\\emule\\emule.exe"= UDP:C:\program files\przydatne aplikacje\emule\emule.exe:eMule

"UDP Query User{A9454CDD-10FB-4C3B-958F-0FE9DF595E08}C:\\program files\\przydatne aplikacje\\emule\\emule.exe"= TCP:C:\program files\przydatne aplikacje\emule\emule.exe:eMule

"TCP Query User{968217CB-304A-4C56-8196-E0E32367C7FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{F354FABC-19F3-496C-AADA-5974AD2515B0}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{8AB57C02-E281-406F-BB5D-7A310A41CECD}C:\\program files\\przydatne aplikacje\\gadu-gadu\\gg.exe"= UDP:C:\program files\przydatne aplikacje\gadu-gadu\gg.exe:Gadu-Gadu - program główny

"UDP Query User{E0AD0F13-53CE-419A-B78E-EB37BCCCE40C}C:\\program files\\przydatne aplikacje\\gadu-gadu\\gg.exe"= TCP:C:\program files\przydatne aplikacje\gadu-gadu\gg.exe:Gadu-Gadu - program główny

"{67DA7F3B-6335-4C08-A642-8F584A1F40FA}"= UDP:C:\Program Files\DeviceLock\DLService.exe:DeviceLock Service

"{278BF1D6-FBF6-49B8-9530-FFF16889E287}"= TCP:C:\Program Files\DeviceLock\DLService.exe:DeviceLock Service

"TCP Query User{7C731DBA-3E34-4950-9878-A0E66B988233}C:\\program files\\przydatne aplikacje\\gadu-gadu\\nowe gadu-gadu\\gg.exe"= UDP:C:\program files\przydatne aplikacje\gadu-gadu\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"UDP Query User{D8047461-A585-49A7-9A4C-A1E50DA08A20}C:\\program files\\przydatne aplikacje\\gadu-gadu\\nowe gadu-gadu\\gg.exe"= TCP:C:\program files\przydatne aplikacje\gadu-gadu\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"TCP Query User{D4754C60-309F-460D-B930-3CC106119D35}C:\\program files\\novalogic\\delta force helikopter w ogniu\\dfbhd.exe"= UDP:C:\program files\novalogic\delta force helikopter w ogniu\dfbhd.exe:DFBHD

"UDP Query User{05988FCE-3E91-466A-982A-F6850B05AC7F}C:\\program files\\novalogic\\delta force helikopter w ogniu\\dfbhd.exe"= TCP:C:\program files\novalogic\delta force helikopter w ogniu\dfbhd.exe:DFBHD

"{0B36C78A-6CE5-4F6B-9DA7-6907585D16A0}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{A3DF5D77-0657-4A6F-8772-F13D8E229EF0}C:\\program files\\ipla\\ipla.exe"= UDP:C:\program files\ipla\ipla.exe:ipla

"UDP Query User{0096F27C-2742-48DF-91C8-D8C54B9A0773}C:\\program files\\ipla\\ipla.exe"= TCP:C:\program files\ipla\ipla.exe:ipla

"{E4E8009A-1824-4A27-A11D-E91B474984A4}"= UDP:C:\Program Files\BitComet\BitComet.exe:BitComet.exe

"{C1B8FF71-C080-4B47-B521-B6AA25057DF4}"= TCP:C:\Program Files\BitComet\BitComet.exe:BitComet.exe

"TCP Query User{B706AB2F-3510-4EB3-95AF-1B11CF5BC25E}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"UDP Query User{39738302-C4E1-47BF-B8F6-6AAA81094F67}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater

"TCP Query User{F8CD1474-2085-4742-A73E-94ED6F3F1130}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process 

"UDP Query User{8A9F36FC-15B0-4153-AB70-B38BA7E83CAB}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process 


R0 pavboot;pavboot;C:\WINDOWS\System32\drivers\pavboot.sys [2008-10-13 22:52:19 28544]

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-10-06 22:27:04 114768]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\drivers\aswFsBlk.sys [2008-10-06 22:27:04 20560]

R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2008-10-06 22:26:46 51792]

R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 10:32:28 208896]

R3 athrusb;Atheros Wireless LAN USB device driver;C:\WINDOWS\System32\drivers\athrusb.sys [2008-07-29 04:45:00 904192]

R3 t3;Sound Blaster X-Fi Xtreme Audio (Vista);C:\WINDOWS\System32\drivers\t3.sys [2008-10-05 21:04:24 404992]

S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 09:13:52 29696]

S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\System32\drivers\WlanBZXP.sys [2008-07-28 23:41:26 450560]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc

bthsvcs	REG_MULTI_SZ BthServ

WindowsMobile	REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted	REG_MULTI_SZ WcesComm RapiMgr


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

Zawartość folderu 'Zaplanowane zadania'


2009-06-09 C:\Windows\Tasks\User_Feed_Synchronization-{58C205B9-E994-4905-93DC-CD88C3A8EEA9}.job

- C:\Windows\system32\msfeedssync.exe [2009-04-29 20:48:47 . 2009-03-08 11:31:52]


2009-07-26 C:\Windows\Tasks\User_Feed_Synchronization-{5E65685C-03EA-4553-A619-96034890EEBB}.job

- C:\Windows\system32\msfeedssync.exe [2009-04-29 20:48:47 . 2009-03-08 11:31:52]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.wp.pl/

IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx

DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} - hxxp://cached.gamedesire.com/g_bin/pl/navy_2_0_0_29.cab

DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} - hxxp://cached.gamedesire.com/g_bin/pl/soccer_2_0_0_20.cab

.

-- Dodane 27.07.2009 (Pn) 1:32 --

http://www.wklejto.pl/39275


(Henio Mazurek) #2

Na Kavosa ComboFix nie jest potrzebny, bo to słaba infekcja. Poza tym nie widać jej w logu. Gdzie to Avast wykrywa? Może w System Volume Information?

Start => Uruchom => wpisz Combofix /u.

Wyłącz na chwilę przywracanie systemu.

http://support.microsoft.com/kb/310405/pll

Wykonaj pełny skan Malwarebytes Anti-Malware, jeśli coś znajdzie - usuń i wklej log.

http://dobreprogramy.pl/index.php?dz=2& ... ntiMalware

Przeczyść dysk i rejestr CCleaner'em

Podepnij pamięci przenośne i zastosuj FlashDisinfector

http://www.searchengines.pl/index.php?s ... ntry369724


(rafalski) #3

posiadam Windows Vista więc komenda Combofix /u mi nie działa


(Henio Mazurek) #4

Ta komenda działa tylko chodzi tutaj o brak uprawnień.

Wobec tego zastosuj OTC

http://oldtimer.geekstogo.com/OTC.exe

Z prawego na program => Uruchom jako Administrator, jest tylko jeden przycisk, potem klikasz Tak.


(rafalski) #5

Przeskanowałem komputer i nie wykryło zainfekowanych plików, natomiast ściągnąłem FlashDisinfector i nie chce mi się zainstalować.


(Henio Mazurek) #6

Uruchom tak jak OTC, czyli, prawym na pliku => Uruchom jako Administrator.


(rafalski) #7

Tak próbowałem, po czym pojawia się komunikat, że niezidentyfikowany program i pyta mnie czy anulować czy zezwolić, jak zezwalam, to dalej nic się nie dzieje.


(Henio Mazurek) #8

Alternatywnie do FlashDisinfector zastosuj jeden z tych

http://www.searchengines.pl/Zabezpiecze ... 23572.html