Wirus Win32:Trojan-gen {Other} we wczesniej uruchamianym


(antiferno) #1

...pliku.

Niby usunięty...

Jest możliwosć ze mam jakiś syf ?

LOG

Log created by WinPatrol PLUS version 12.0.2007.5:12.0.2007.5

Scan saved at 6:29:06 PM, on 11/27/2007

Platform: Windows XP SP2 Dodatek Service Pack 2 (Build 2600)

MSIE: Internet Explorer (7.00.6000.20583)

Boot mode: Normal


Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

F:\Avira\ANTIVIR PERSONALEDITION PREMIUM\avguard.exe

C:\WINDOWS\explorer.exe

F:\Avira\ANTIVIR PERSONALEDITION PREMIUM\avgnt.exe

F:\BILLP STUDIOS\WINPATROL\WINPATROL.EXE

F:\Winamp\winampa.exe

F:\CFOSSPEED\CFOSSPEED.EXE

F:\SAGEM\SAGEM F@ST 800-840\dslmon.exe

F:\Avira\ANTIVIR PERSONALEDITION PREMIUM\sched.exe

F:\CFOSSPEED\spd.exe

F:\SUNBELT SOFTWARE\PERSONAL FIREWALL\kpf4ss.exe

F:\SUNBELT SOFTWARE\PERSONAL FIREWALL\kpf4gui.exe

F:\RAPIDUPLOADER.EXE

C:\WINDOWS\system32\ctfmon.exe

F:\Opera\Opera.exe

F:\Winamp\winamp.exe

F:\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 127.0.0.

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [avgnt]F:\Avira\AntiVir PersonalEdition Premium\avgnt.exe /min

O4 - HKLM\..\Run: [WinPatrol PLUS]F:\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [WinampAgent]F:\Winamp\winampa.exe

O4 - HKLM\..\Run: [cFosSpeed]F:\cFosSpeed\cFosSpeed.exe

O4 - Global Startup: DSLMON.lnk=F:\SAGEM\SAGEM F@st 800-840\dslmon.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O11 - Options group: [] - 

O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%

O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%

O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%

O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%

O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_02) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: AntiVir PersonalEdition Premium MailGuard - Avira GmbH - F:\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: AntiVir PersonalEdition Premium Scheduler - Avira GmbH - F:\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: AntiVir PersonalEdition Premium Guard - Avira GmbH - F:\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: avast! iAVS4 Control Service - ALWIL Software - F:\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - F:\Alwil Software\Avast4\ashServ.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service - Avira GmbH - F:\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: cFosSpeed System Service - - F:\cFosSpeed\spd.exe -service

O23 - Service: Dostęp do urządzeń interfejsu HID - - C:\WINDOWS\System32\hidserv.dll

O23 - Service: Sunbelt Personal Firewall 4 - Sunbelt Software - F:\Sunbelt Software\Personal Firewall\kpf4ss.exe

O24 - Desktop Component 0: Bieżąca strona główna - About:Home


--- Additional WinPatrol Info ---

Browser: Unable to find default browser.

MSIE: Internet Explorer (7.00.6000.20583)

0 IE Cookies in Folder: C:\Profiles\User\Cookies\


WP00 - HKLM\CS1: BootExecute = autocheck autochk *

WP00 - HKLM\CCS: BootExecute = autocheck autochk *

WP00 - HKLM\CS2: BootExecute = autocheck autochk *

WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\Temp\irsetup.exe

WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\Temp\irsetup.exe

WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe




WP32 - Hidden File: C:\boot.ini

WP32 - Hidden File: C:\Bootfont.bin

WP32 - Hidden File: C:\hiberfil.sys

WP32 - Hidden File: C:\IO.SYS

WP32 - Hidden File: C:\MSDOS.SYS

WP32 - Hidden File: C:\NTDETECT.COM

WP32 - Hidden File: C:\ntldr

WP32 - Hidden File: C:\pagefile.sys

WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest

WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest

WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG

WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG

WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG

WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG

WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG

WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG

WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG

WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest

WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest

WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest

WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest

WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest

WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest


WP33 - File Type .BAT: [Plik wsadowy MS-DOS]%1 %*

WP33 - File Type .CAB: [WinRAR archive]F:\WinRAR\WinRAR.exe %1

WP33 - File Type .CAT: [Wykaz zabezpieczeń]rundll32.exe cryptext.dll,CryptExtOpenCAT %1

WP33 - File Type .CHM: [Skompilowany plik HTML Help]C:\WINDOWS\hh.exe %1

WP33 - File Type .COM: [Aplikacja MS-DOS]%1 %*

WP33 - File Type .CMD: [Skrypt poleceń Windows NT]%1 %*

WP33 - File Type .DOC: [Dokument WordPad]F:\\Windows NT\Accessories\WORDPAD.EXE %1

WP33 - File Type .EML: [Wiadomość pocztowa programu Outlook Express]F:\Outlook Express\msimn.exe /eml:%1

WP33 - File Type .EXE: [Aplikacja]%1 %*

WP33 - File Type .INF: [Informacje Instalatora]C:\WINDOWS\System32\NOTEPAD.EXE %1

WP33 - File Type .JS: [Plik skryptu JScript]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .LOG: [Dokument tekstowy]C:\WINDOWS\system32\NOTEPAD.EXE %1

WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*

WP33 - File Type .MID: [Winamp media file]F:\Winamp\winamp.exe %1

WP33 - File Type .MP3: [Winamp media file]F:\Winamp\winamp.exe %1

WP33 - File Type .MP3: [Winamp media file]F:\Winamp\winamp.exe %1

WP33 - File Type .PIF: [Skrót do programu MS-DOS]%1 %*

WP33 - File Type .REG: [Wpisy Rejestru]regedit.exe %1

WP33 - File Type .SCR: [Wygaszacz ekranu]%1 /S

WP33 - File Type .TXT: [Dokument tekstowy]C:\WINDOWS\system32\NOTEPAD.EXE %1

WP33 - File Type .URL: [Skrót internetowy]rundll32.exe ieframe.dll,OpenURL %l

WP33 - File Type .VBS: [Plik skryptu VBScript]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .VBE: [Kodowany plik skryptu VBScript]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .WSF: [Plik skryptu Windows]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .WSH: [Plik ustawień hosta skryptów systemu Windows]C:\WINDOWS\System32\WScript.exe %1 %*


Memory currently in use: 74%

Physical Memory Free: 100,012 KB

Paging File Free: 1,009,680 KB

Virtual Memory Free: 2,045,796 KB



--

End of file

(Gutek) #2

Daj log z ComboFix


(antiferno) #3

(Gutek) #4

Przeczyść wszystkie lokalizacje tymczasowe przez ATF Cleaner