Amvo.exe - analiza logu z combofix


(Armands) #1

Witam!

Mam problem z amvo.exe Byłbym wdzieczny jesli ktos pomogł by mi usunąc to cholerstwo. Przepraszam za początkowy bład. Log znajduje sie równiez pod linkiem: http://wklej.org/id/db362155de

Oto log z combofix:

ComboFix 08-05-01.3 - Piotr Fater 2008-05-04 11:57:35.1 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.168 [GMT 2:00]

Running from: C:\Documents and Settings\Piotr Fater\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\setup.exe

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo0.dll

D:\Autorun.inf

E:\Autorun.inf

F:\Autorun.inf

I:\Autorun.inf

J:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))

.

2008-05-04 11:52 . 2008-05-04 11:52

2008-05-04 11:52 . 2008-05-04 11:52

2008-05-04 11:52 . 2008-05-04 11:52 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2008-05-03 16:44 . 2008-05-03 16:44

2008-05-01 18:21 . 2008-04-28 09:04 105,128 -r-hs---- C:\oq.cmd

2008-05-01 18:19 . 2008-05-01 18:19

2008-04-22 21:46 . 2008-04-29 16:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-22 21:46 . 2008-04-22 21:46 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-11 18:43 . 2008-04-11 18:43

2008-04-08 07:56 . 2008-04-08 07:56

2008-04-07 17:54 . 2008-04-05 20:05 26,986 --a------ C:\WINDOWS_detmp.1

2008-04-05 20:04 . 2008-04-05 20:04

2008-04-05 20:04 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 18:15 1,112 ----a-w C:\Documents and Settings\Piotr Fater\Dane aplikacji\ViewerApp.dat

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-05 21:44 --------- d-----w C:\Program Files\NetMeter

2008-03-01 16:32 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:59 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-26 14:23 40,776 ----a-w C:\Documents and Settings\Piotr Fater\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-01-25 01:52 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe

2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

2007-06-11 12:48 8 --sh--r C:\WINDOWS\system32\AA0EF28E1C.sys

2007-08-23 16:45 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-08-23 16:45 56 --sh--r C:\WINDOWS\system32\1C8EF20EAA.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

"MSMSGS"=":C:\Program Files\Messenger\msmsgs.exe" []

"Malware Sweeper"=":C:\Program Files\MalwareSweeper.com\Malware Sweeper\MalSwep.exe" []

"PowerBar"="" []

"BitTorrent"=":I:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2003-07-18 00:53 147456]

"UpdReg"=":C:\WINDOWS\Updreg.exe" []

"Disc Detector"=":C:\Program Files\Creative\ShareDLL\CtNotify.exe" []

"AHQInit"=":C:\Program Files\Creative\SBLive\Program\AHQInit.exe" []

"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 17:01 180224]

"NeroFilterCheck"=":C:\WINDOWS\system32\NeroCheck.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:20 188416]

"ATICCC"=":C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" []

"InCD"=":E:\Program Files\ahead\InCD\InCD.exe" []

"PWRISOVM.EXE"=":E:\Program Files\PowerISO\PWRISOVM.EXE" []

"PCSuiteTrayApplication"=":C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" []

"RemoteControl"=":I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" []

"Adobe Photo Downloader"=":I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []

"hffsrv"="c:\windows\hffext\hffsrv.exe" [2007-02-03 01:17 83968]

"ISUSPM Startup"=":C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []

"ISUSScheduler"=":C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []

"Sony Ericsson PC Suite"=":I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-03 12:25:03 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm

"aux1"= ctwdm32.dll

"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\Program Files\Gadu-Gadu\GG.EXE"=

"E:\Program Files\eMule\emule.exe"=

"E:\Program Files\BearShare\BearShare.exe"=

"C:\Program Files\Tlen.pl\TLEN.EXE"=

"C:\Program Files\DC++\DCPlusPlus.exe"=

"I:\Program Files\Opera\Opera.exe"=

"I:\Program Files\SopCast\SopCast.exe"=

"C:\Documents and Settings\Piotr Fater\Dane aplikacji\SopCast\adv\SopAdver.exe"=

"C:\Program Files\uTorrent\uTorrent.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"I:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe"=

"E:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5100:TCP"= 5100:TCP:wp.pl

"5000:TCP"= 5000:TCP:gryonline.wp.pl

"20225:TCP"= 20225:TCP:BitComet 20225 TCP

"20225:UDP"= 20225:UDP:BitComet 20225 UDP

"21678:TCP"= 21678:TCP:BitComet 21678 TCP

"21678:UDP"= 21678:UDP:BitComet 21678 UDP

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-05-04 11:52]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R1 FDCENT;FDCENT;C:\WINDOWS\system32\drivers\FDCENT.SYS [2007-01-27 19:28]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\PrevxCSI.exe" /service []

R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 03:52]

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-02-26 18:28]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 09:51]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 09:51]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 09:51]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 09:51]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 09:51]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 09:51]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 09:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1667f988-26a8-11da-9eeb-000ce584221f}]

\Shell\AutoRun\command - K:\oq.cmd

\Shell\explore\Command - K:\oq.cmd

\Shell\open\Command - K:\oq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a96a34e2-b173-11dc-a86a-000ce584221f}]

\Shell\AutoRun\command - L:\oq.cmd

\Shell\explore\Command - L:\oq.cmd

\Shell\open\Command - L:\oq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c6a7cae2-bae3-11dc-a87a-000ce584221f}]

\Shell\AutoRun\command - L:\start.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - CSISCANNER

*Newly Created Service* - PXARK

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-04 11:59:44

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ???????D??sh?????6~????h???Z?6~(???*?6~t?@?l?@???d???????????????????????????6~??????????????????6~????W?9~0?6~????*?6~??6~????D??s ?????????6~????l?@???????6~????t?@??Yb?????????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-04 12:00:32

ComboFix-quarantined-files.txt 2008-05-04 10:00:28

Pre-Run: 1,888,215,040 bajtów wolnych

Post-Run: 1,985,724,416 bajtów wolnych

172 --- E O F --- 2008-04-11 16:41:55


(huber2t) #2

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\oq.cmd

C:\WINDOWS\_detmp.1


Folder::

C:\FOUND.018

C:\FOUND.016


Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerBar"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.


(Armands) #3

Zrobiłem tak jak było w twoim poscie.

Oto log:

ComboFix 08-05-01.3 - Piotr Fater 2008-05-04 12:25:56.2 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.202 [GMT 2:00]

Running from: C:\Documents and Settings\Piotr Fater\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Piotr Fater\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\oq.cmd

C:\WINDOWS_detmp.1

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\FOUND.016

C:\FOUND.016\FILE0000.CHK

C:\FOUND.018

C:\FOUND.018\FILE0000.CHK

C:\oq.cmd

C:\WINDOWS_detmp.1

.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))

.

2008-05-04 11:52 . 2008-05-04 11:52

2008-05-04 11:52 . 2008-05-04 11:52

2008-05-04 11:52 . 2008-05-04 11:52 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2008-05-01 18:19 . 2008-05-01 18:19

2008-04-22 21:46 . 2008-04-29 16:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-22 21:46 . 2008-04-22 21:46 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-11 18:43 . 2008-04-11 18:43

2008-04-05 20:04 . 2008-04-05 20:04

2008-04-05 20:04 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 18:15 1,112 ----a-w C:\Documents and Settings\Piotr Fater\Dane aplikacji\ViewerApp.dat

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-05 21:44 --------- d-----w C:\Program Files\NetMeter

2008-03-01 16:32 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:59 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-26 14:23 40,776 ----a-w C:\Documents and Settings\Piotr Fater\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-01-25 01:52 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe

2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

2007-06-11 12:48 8 --sh--r C:\WINDOWS\system32\AA0EF28E1C.sys

2007-08-23 16:45 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-08-23 16:45 56 --sh--r C:\WINDOWS\system32\1C8EF20EAA.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

"MSMSGS"=":C:\Program Files\Messenger\msmsgs.exe" []

"Malware Sweeper"=":C:\Program Files\MalwareSweeper.com\Malware Sweeper\MalSwep.exe" []

"BitTorrent"=":I:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2003-07-18 00:53 147456]

"Disc Detector"=":C:\Program Files\Creative\ShareDLL\CtNotify.exe" []

"AHQInit"=":C:\Program Files\Creative\SBLive\Program\AHQInit.exe" []

"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 17:01 180224]

"NeroFilterCheck"=":C:\WINDOWS\system32\NeroCheck.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:20 188416]

"ATICCC"=":C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" []

"InCD"=":E:\Program Files\ahead\InCD\InCD.exe" []

"PWRISOVM.EXE"=":E:\Program Files\PowerISO\PWRISOVM.EXE" []

"PCSuiteTrayApplication"=":C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" []

"RemoteControl"=":I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" []

"Adobe Photo Downloader"=":I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []

"hffsrv"="c:\windows\hffext\hffsrv.exe" [2007-02-03 01:17 83968]

"ISUSPM Startup"=":C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []

"ISUSScheduler"=":C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []

"Sony Ericsson PC Suite"=":I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-03 12:25:03 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm

"aux1"= ctwdm32.dll

"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\Program Files\Gadu-Gadu\GG.EXE"=

"E:\Program Files\eMule\emule.exe"=

"E:\Program Files\BearShare\BearShare.exe"=

"C:\Program Files\Tlen.pl\TLEN.EXE"=

"C:\Program Files\DC++\DCPlusPlus.exe"=

"I:\Program Files\Opera\Opera.exe"=

"I:\Program Files\SopCast\SopCast.exe"=

"C:\Documents and Settings\Piotr Fater\Dane aplikacji\SopCast\adv\SopAdver.exe"=

"C:\Program Files\uTorrent\uTorrent.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"I:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe"=

"E:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5100:TCP"= 5100:TCP:wp.pl

"5000:TCP"= 5000:TCP:gryonline.wp.pl

"20225:TCP"= 20225:TCP:BitComet 20225 TCP

"20225:UDP"= 20225:UDP:BitComet 20225 UDP

"21678:TCP"= 21678:TCP:BitComet 21678 TCP

"21678:UDP"= 21678:UDP:BitComet 21678 UDP

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-05-04 11:52]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R1 FDCENT;FDCENT;C:\WINDOWS\system32\drivers\FDCENT.SYS [2007-01-27 19:28]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\PrevxCSI.exe" /service []

R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 03:52]

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-02-26 18:28]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 09:51]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 09:51]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 09:51]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 09:51]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 09:51]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 09:51]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 09:51]

*Newly Created Service* - CATCHME

*Newly Created Service* - CSISCANNER

*Newly Created Service* - PXARK

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-04 12:27:55

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-04 12:28:38

ComboFix-quarantined-files.txt 2008-05-04 10:28:36

ComboFix2.txt 2008-05-04 10:00:34

Pre-Run: 1,934,172,160 bajtów wolnych

Post-Run: 1,922,072,576 bajtów wolnych

156 --- E O F --- 2008-04-11 16:41:55


(huber2t) #4

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

Folder::

C:\FOUND.017

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.


(Armands) #5

Oto log:

ComboFix 08-05-01.3 - Piotr Fater 2008-05-04 12:39:24.3 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.201 [GMT 2:00]

Running from: C:\Documents and Settings\Piotr Fater\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Piotr Fater\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\FOUND.017

C:\FOUND.017\FILE0000.CHK

C:\FOUND.017\FILE0001.CHK

C:\FOUND.017\FILE0002.CHK

C:\FOUND.017\FILE0003.CHK

.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))

.

2008-05-04 11:52 . 2008-05-04 11:52

2008-05-04 11:52 . 2008-05-04 11:52

2008-05-04 11:52 . 2008-05-04 11:52 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2008-04-22 21:46 . 2008-04-29 16:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-22 21:46 . 2008-04-22 21:46 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-11 18:43 . 2008-04-11 18:43

2008-04-05 20:04 . 2008-04-05 20:04

2008-04-05 20:04 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 18:15 1,112 ----a-w C:\Documents and Settings\Piotr Fater\Dane aplikacji\ViewerApp.dat

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-05 21:44 --------- d-----w C:\Program Files\NetMeter

2008-03-01 16:32 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:59 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-26 14:23 40,776 ----a-w C:\Documents and Settings\Piotr Fater\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-01-25 01:52 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe

2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

2007-06-11 12:48 8 --sh--r C:\WINDOWS\system32\AA0EF28E1C.sys

2007-08-23 16:45 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-08-23 16:45 56 --sh--r C:\WINDOWS\system32\1C8EF20EAA.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

"MSMSGS"=":C:\Program Files\Messenger\msmsgs.exe" []

"Malware Sweeper"=":C:\Program Files\MalwareSweeper.com\Malware Sweeper\MalSwep.exe" []

"BitTorrent"=":I:\Program Files\BitTorrent\bittorrent.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2003-07-18 00:53 147456]

"Disc Detector"=":C:\Program Files\Creative\ShareDLL\CtNotify.exe" []

"AHQInit"=":C:\Program Files\Creative\SBLive\Program\AHQInit.exe" []

"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2001-08-17 17:01 180224]

"NeroFilterCheck"=":C:\WINDOWS\system32\NeroCheck.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:20 188416]

"ATICCC"=":C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" []

"InCD"=":E:\Program Files\ahead\InCD\InCD.exe" []

"PWRISOVM.EXE"=":E:\Program Files\PowerISO\PWRISOVM.EXE" []

"PCSuiteTrayApplication"=":C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" []

"RemoteControl"=":I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" []

"Adobe Photo Downloader"=":I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []

"hffsrv"="c:\windows\hffext\hffsrv.exe" [2007-02-03 01:17 83968]

"ISUSPM Startup"=":C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []

"ISUSScheduler"=":C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []

"Sony Ericsson PC Suite"=":I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-03 12:25:03 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm

"aux1"= ctwdm32.dll

"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\Program Files\Gadu-Gadu\GG.EXE"=

"E:\Program Files\eMule\emule.exe"=

"E:\Program Files\BearShare\BearShare.exe"=

"C:\Program Files\Tlen.pl\TLEN.EXE"=

"C:\Program Files\DC++\DCPlusPlus.exe"=

"I:\Program Files\Opera\Opera.exe"=

"I:\Program Files\SopCast\SopCast.exe"=

"C:\Documents and Settings\Piotr Fater\Dane aplikacji\SopCast\adv\SopAdver.exe"=

"C:\Program Files\uTorrent\uTorrent.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"I:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe"=

"E:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5100:TCP"= 5100:TCP:wp.pl

"5000:TCP"= 5000:TCP:gryonline.wp.pl

"20225:TCP"= 20225:TCP:BitComet 20225 TCP

"20225:UDP"= 20225:UDP:BitComet 20225 UDP

"21678:TCP"= 21678:TCP:BitComet 21678 TCP

"21678:UDP"= 21678:UDP:BitComet 21678 UDP

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-05-04 11:52]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R1 FDCENT;FDCENT;C:\WINDOWS\system32\drivers\FDCENT.SYS [2007-01-27 19:28]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\PrevxCSI.exe" /service []

R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 03:52]

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-02-26 18:28]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 09:51]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 09:51]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 09:51]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 09:51]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 09:51]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 09:51]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 09:51]

*Newly Created Service* - CATCHME

*Newly Created Service* - CSISCANNER

*Newly Created Service* - PXARK

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-04 12:41:23

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-04 12:42:07

ComboFix-quarantined-files.txt 2008-05-04 10:42:04

ComboFix3.txt 2008-05-04 10:00:34

ComboFix2.txt 2008-05-04 10:28:40

Pre-Run: 1,868,906,496 bajtów wolnych

Post-Run: 1,858,027,520 bajtów wolnych

152 --- E O F --- 2008-04-11 16:41:55


(huber2t) #6

Log wyglada na czysty

Usuń ręcznie folder C: \Qoobox

usuń instalkę Combofix z dysku.

Optymalizacja autostartu

Optymalizacja xp

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

Włącz przywracanie systemu na wszystkich dyskach. Instrukcja


(Armands) #7

Dzieki. Zrobie wszystko i dam raport na forum.


(Leon$) #8

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

:slight_smile:


(Armands) #9

I ta operacja czego dokona?


(Leon$) #10

usunie puste wpisy w rejestrze

:slight_smile:


(Armands) #11

Ok. To w takim razie dziękuje. Wszystko to razem powinno pomóc, prawda?

W dniu 04.05.2008 , o godzinie 16:05 został dopisany post przez piotrekf

Wklejam raport z kasperskiego. Prosiłbym o jakis komentarz i interpretacje.

Ustawienia skanowania

Skanowanie przy użyciu następujących baz danych rozszerzone

Skanuj archiwa tak

Skanuj pocztowe bazy danych tak

Obszar skanowania Foldery

C:\

Statystyki skanowania

Liczba skanowanych obiektów 75807

Liczba wykrytych wirusów 4

Liczba zainfekowanych obiektów 15

Liczba podejrzanych obiektów 0

Czas trwania skanowania 01:16:33

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie

C:\WINDOWS\system32\config\system.LOG Object is locked pominięty

C:\WINDOWS\system32\config\software.LOG Object is locked pominięty

C:\WINDOWS\system32\config\default.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY Object is locked pominięty

C:\WINDOWS\system32\config\SAM Object is locked pominięty

C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\SYSTEM Object is locked pominięty

C:\WINDOWS\system32\config\SOFTWARE Object is locked pominięty

C:\WINDOWS\system32\config\DEFAULT Object is locked pominięty

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked pominięty

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked pominięty

C:\WINDOWS\system32\config\Internet.evt Object is locked pominięty

C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty

C:\WINDOWS\system32\drivers\FDCENT.SYS Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty

C:\WINDOWS\system32\h323log.txt Object is locked pominięty

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked pominięty

C:\WINDOWS\Temp_avast4_\Webshlock.txt Object is locked pominięty

C:\WINDOWS\Temp\Perflib_Perfdata_e4.dat Object is locked pominięty

C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty

C:\WINDOWS\WindowsUpdate.log Object is locked pominięty

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty

C:\WINDOWS\Sti_Trace.log Object is locked pominięty

C:\WINDOWS\wiaservc.log Object is locked pominięty

C:\WINDOWS\wiadebug.log Object is locked pominięty

C:\WINDOWS\SchedLgU.Txt Object is locked pominięty

C:\WINDOWS\CSC\00000001 Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\History\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\Piotr Fater\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Historia\History.IE5\MSHist012008050420080505\index.dat Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\Cache_CACHE_MAP_ Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\Cache_CACHE_001_ Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\Cache_CACHE_002_ Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\Cache_CACHE_003_ Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Temp\~DF149E.tmp Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Ustawienia lokalne\Temp\~DF268B.tmp Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Microsoft\Szablony\Normal.dot Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\history.dat Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\flashgot.log Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\parent.lock Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\search.sqlite Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\cert8.db Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\key3.db Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\formhistory.dat Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Mozilla\Firefox\Profiles\mgnzzjfo.default\urlclassifier2.sqlite Object is locked pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\6f88f192-2da3d2bc/BaaaaBaa.class Zainfekowanych: Exploit.Java.Gimsh.a pominięty

C:\Documents and Settings\Piotr Fater\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\6f88f192-2da3d2bc ZIP: zainfekowany - 1 pominięty

C:\Documents and Settings\Piotr Fater\ntuser.dat.LOG Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\report\Osłona rezydentna.txt Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\moved\RavMon.exe Zainfekowanych: Trojan.Win32.Agent.abt pominięty

C:\Program Files\Alwil Software\Avast4\DATA\moved\explorer.exe Zainfekowanych: Virus.Win32.VB.bu pominięty

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP688\A0158283.cmd Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP688\A0158297.exe Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP688\A0158298.dll Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP689\A0158339.cmd Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP691\change.log Object is locked pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP687\A0156204.cmd Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP687\A0157174.DLL Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP687\A0157175.cmd Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP687\A0157264.DLL Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP687\A0157265.cmd Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP687\A0158267.DLL Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

C:\System Volume Information_restore{AE3E20AE-09D9-4C37-8FB7-316F413D570E}\RP687\A0158268.cmd Zainfekowanych: Worm.Win32.AutoRun.dni pominięty

Proces skanowania został zakończony.


(huber2t) #12

Usuń te pliki lib wyczyść cache javy:

Usuń te pliki lub wyczyść kwarantannę Avasta

Wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Powinno być ok

:slight_smile: