ComboFix.txt

Wirus Win32:AuCrypt [Cryp]. Jak się go pozbyć?

Juz wiem co jest nie tak, zrobilem nowe logo


ComboFix 08-03-25.4 - Maciej 2008-03-26 19:13:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.616 [GMT 1:00]
Running from: C:\Documents and Settings\Maciej\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-25 11:08 . 2008-03-25 11:08 & lt; DIR & gt; d-------- C:\Documents and Settings\Maciej\Dane aplikacji\InstallShield
2008-03-15 09:00 . 2008-03-15 09:00 & lt; DIR & gt; d-------- C:\Program Files\Alwil Software
2008-03-15 09:00 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-15 09:00 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-15 09:00 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-03-15 09:00 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-15 09:00 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-15 09:00 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-15 09:00 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-15 09:00 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-15 08:58 . 2008-03-15 08:58 716 --a------ C:\WINDOWS\unins000.dat
2008-03-10 19:00 . 2008-03-10 19:00 & lt; DIR & gt; d-------- C:\Program Files\MSBuild
2008-03-10 19:00 . 2008-03-10 19:00 & lt; DIR & gt; d-------- C:\Program Files\Microsoft Works
2008-03-10 18:58 . 2008-03-10 18:58 & lt; DIR & gt; d-------- C:\Program Files\Microsoft.NET
2008-03-10 18:53 . 2008-03-10 18:59 & lt; DIR & gt; d-------- C:\WINDOWS\SHELLNEW
2008-03-08 11:34 . 2008-03-08 12:17 & lt; DIR & gt; d-------- C:\Documents and Settings\Maciej\Dane aplikacji\GanymedeNet
2008-03-08 11:31 . 2008-03-26 15:27 & lt; DIR & gt; d-------- C:\Program Files\Ganymede
2008-03-05 21:53 . 2002-05-09 15:12 155,648 --a------ C:\WINDOWS\system32\adadix32.dll
2008-03-05 21:53 . 2003-06-24 13:55 127,497 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys
2008-03-05 21:53 . 2001-07-27 13:25 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe
2008-03-05 21:53 . 2003-08-08 18:55 11,961 --a------ C:\WINDOWS\system32\drivers\adiusbaw.cat
2008-03-05 21:53 . 2003-02-17 11:36 342 --a------ C:\WINDOWS\adiras.ini
2008-03-05 21:53 . 2008-03-05 21:54 154 --a------ C:\WINDOWS\adidsl.ini
2008-03-05 21:53 . 2008-03-05 21:53 21 --a------ C:\WINDOWS\Fast800.ini
2008-03-05 21:52 . 2008-03-05 21:52 & lt; DIR & gt; d-------- C:\Program Files\SAGEM
2008-02-27 18:17 . 2008-02-27 18:17 & lt; DIR & gt; d-------- C:\Program Files\Elfin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 18:12 --------- d-----w C:\Program Files\Neostrada TP
2008-03-25 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 18:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-03-05 20:53 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-02-13 18:50 23,552 ----a-w C:\WINDOWS\system32\winwim32.dll
2008-02-13 18:49 23,552 ----a-w C:\WINDOWS\system32\winccf32.dll
2008-02-09 21:57 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-02-03 19:59 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-02-02 17:34 --------- d-----w C:\Program Files\sXe Injected
2008-01-11 17:14 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-19 15:07 22,328 ----a-w C:\Documents and Settings\Maciej\Dane aplikacji\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\ctfmon.exe " [2004-08-03 23:44 15360]
" ares " = " C:\Program Files\Ares\Ares.exe " [ ]
" DAEMON Tools Pro Agent " = " C:\Program Files\DAEMON Tools Pro\DTProAgent.exe " [2007-09-06 14:08 136136]
" Steam " = " D:\Gry\Steam\Steam.exe " [2007-12-05 20:13 1266936]
" wsctf.exe " = " wsctf.exe " []
" EXPLORER.EXE " = " EXPLORER.EXE " [2004-08-03 23:44 1033728 C:\WINDOWS\explorer.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" ATICCC " = " C:\Program Files\ATI Technologies\ATI.ACE\cli.exe " [2004-11-30 23:25 32768]
" Logitech Utility " = " Logi_MwX.Exe " [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
" Share-to-Web Namespace Daemon " = " C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe " [2002-04-11 04:19 69632]
" WooCnxMon " = " C:\PROGRA~1\NEOSTR~1\CnxMon.exe " [2003-10-16 19:07 24576]
" WOOWATCH " = " C:\PROGRA~1\NEOSTR~1\Watch.exe " [2003-10-16 19:07 20480]
" WOOTASKBARICON " = " C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe " [2003-10-16 19:07 53248]
" GrooveMonitor " = " E:\Programy\Microsoft Office\Office12\GrooveMonitor.exe " [2006-10-27 00:47 31016]
" avast! " = " C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe " [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\CTFMON.EXE " [2004-08-03 23:44 15360]
" ATICCC " = " C:\Program Files\ATI Technologies\ATI.ACE\cli.exe " [2004-11-30 23:25 32768]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26 29696]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-11-30 23:25:14 32768]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-03-05 21:52:59 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winepi32]
winepi32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" E:\\Programy\\BitComet\\BitComet.exe " =
" E:\\Programy\\Gadu-Gadu\\gg.exe " =
" E:\\Programy\\NAPI-PROJEKT\\napisy.exe " =
" D:\\Gry\\Steam\\SteamApps\\_lewy_\\counter-strike\\hl.exe " =
" D:\\Gry\\Steam\\Steam.exe " =
" D:\\Gry\\Microsoft Games\\Age of Empires III\\age3y.exe " =
" D:\\Gry\\Microsoft Games\\Age of Empires III\\age3x.exe " =
" C:\\WINDOWS\\system32\\PnkBstrA.exe " =
" C:\\WINDOWS\\system32\\PnkBstrB.exe " =
" D:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe " =
" D:\\Gry\\Metin2_PL\\metin2.bin " =
" C:\\Program Files\\Media Player Classic\\mplayerc.exe " =
" C:\\WINDOWS\\system32\\winver.exe " =
" E:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE " =
" E:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE " =
" E:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE " =

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
" 18312:TCP " = 18312:TCP:BitComet 18312 TCP
" 18312:UDP " = 18312:UDP:BitComet 18312 UDP

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\system32\{DEF85C80-216A-43ab-AF70-1665EDBE2780} []
S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys [2008-01-23 06:53]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-07-05 03:42]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 19:15:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
" ImagePath " = " \??\C:\WINDOWS\system32\{DEF85C80-216A-43ab-AF70-1665EDBE2780} "
.
Completion time: 2008-03-26 19:15:59
ComboFix-quarantined-files.txt 2008-03-26 18:15:37


Pobierz plik - link do postu
  Szukaj w 5mln produktów