Jaac

Wszystko wykonane. Wielkie dzięki za pomoc.

Nie jestem pewien czy zniknęły więc wkleję otl. OTL.Txt

System look SystemLook.txt

Wydaje sie byc w porzadku SystemLook.txt OTL.Txt 08082011_092020-1.txt

Poprzednie załaczniki usunalem bo nie moglem wkleic nowych. OTL.Txt SystemLook.txt

Wynikowy raport: ComboFix.txt

System look SystemLook 30.07.11 by jpshortstuff Log created at 12:39 on 07/08/2011 by user Administrator - Elevation successful ========== dir ========== C:\Windows\system64 - Parameters: "/s" ---Files--- consrv.dll --a---- 31744 bytes [23:31 13/07/2009] [01:39 14/07/2009] (edytowane - kopia katalogu Windows) ========== regfind ========== Searching for "system64" No data found. ========== reg ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "Debug"="" @="mnmsrvc" "Kmode"="\SystemRoot\System32\win32k.sys" "Optional"="Posix" "Posix"="%SystemRoot%\system32\psxss.exe" "Required"="Debug Windows" "Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" -= EOF =-

System look SystemLook 30.07.11 by jpshortstuff Log created at 11:07 on 04/08/2011 by user Administrator - Elevation successful ========== filefind ========== Searching for "wshtcpip.dll" C:\Windows\System32\WSHTCPIP.DLL --a---- 13312 bytes [23:21 13/07/2009] [01:41 14/07/2009] 31559F3244C6BC00A52030CAA83B6B91 C:\Windows\system64\WSHTCPIP.DLL --a---- 13312 bytes [23:21 13/07/2009] [01:41 14/07/2009] 31559F3244C6BC00A52030CAA83B6B91 C:\Windows\SysWOW64\WSHTCPIP.DLL --a---- 9216 bytes [23:12 13/07/2009] [01:16 14/07/2009] EE5C8E27C37B79CB54A2FCEEED2DC262 C:\Windows\winsxs\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_27a7f7694b388c01\WSHTCPIP.DLL --a---- 13312 bytes [23:21 13/07/2009] [01:41 14/07/2009] 31559F3244C6BC00A52030CAA83B6B91 C:\Windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL --a---- 9216 bytes [23:12 13/07/2009] [01:16 14/07/2009] EE5C8E27C37B79CB54A2FCEEED2DC262 Searching for "wship6.dll" C:\Windows\System32\wship6.dll --a---- 13824 bytes [23:21 13/07/2009] [01:41 14/07/2009] EC7CBFF96B05ECF3D366355B3C64ADCF C:\Windows\system64\wship6.dll --a---- 13824 bytes [23:21 13/07/2009] [01:41 14/07/2009] EC7CBFF96B05ECF3D366355B3C64ADCF C:\Windows\SysWOW64\wship6.dll --a---- 10752 bytes [23:12 13/07/2009] [01:16 14/07/2009] 73E8667A19FEEDD856DF2695E9E511D4 C:\Windows\winsxs\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_27a7f7694b388c01\wship6.dll --a---- 13824 bytes [23:21 13/07/2009] [01:41 14/07/2009] EC7CBFF96B05ECF3D366355B3C64ADCF C:\Windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\wship6.dll --a---- 10752 bytes [23:12 13/07/2009] [01:16 14/07/2009] 73E8667A19FEEDD856DF2695E9E511D4 Searching for "wshqos.dll" C:\Windows\System32\wshqos.dll --a---- 16896 bytes [00:09 14/07/2009] [01:41 14/07/2009] 16E964ABF6D1E0F0CC7822FCA9BA754D C:\Windows\system64\wshqos.dll --a---- 16896 bytes [00:09 14/07/2009] [01:41 14/07/2009] 16E964ABF6D1E0F0CC7822FCA9BA754D C:\Windows\SysWOW64\wshqos.dll --a---- 13824 bytes [23:53 13/07/2009] [01:16 14/07/2009] 81F08948A0F1475894C99D4D19A158A8 C:\Windows\winsxs\amd64_microsoft-windows-qos_31bf3856ad364e35_6.1.7600.16385_none_0a405a377155a88a\wshqos.dll --a---- 16896 bytes [00:09 14/07/2009] [01:41 14/07/2009] 16E964ABF6D1E0F0CC7822FCA9BA754D C:\Windows\winsxs\wow64_microsoft-windows-qos_31bf3856ad364e35_6.1.7600.16385_none_14950489a5b66a85\wshqos.dll --a---- 13824 bytes [23:53 13/07/2009] [01:16 14/07/2009] 81F08948A0F1475894C99D4D19A158A8 -= EOF =-

System look SystemLook.txt

1. Na podstawie danych z otl. 2. Zrobione OTL.Txt

Kaspersky TDSSKiller nic nie wyrkył.

Program Avast znalazł wirusa win32:Malware-gen w c:\windows\assembly\tmp\u w pliku 800000cb. OTL.Txt Extras.Txt