keyloger-Jak usunać?

Dla specjalistów Bezpieczeństwo
#1

Witam .

Ostatnio oglądając strony padłem ofiarą keylogera ,który zablokował mi menedżera ctr at del ,i nie wiem jak go usunać ?

Podam wam logi z HijackThis . Z góry dziękuję za wszelką pomoc

Logfile of HijackThis v1.99.1

Scan saved at 09:42:58, on 2008-06-15

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\lxctcoms.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Eset\nod32kui.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Lexmark 5400 Series\ezprint.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\Mouse\Amoumain.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\AutoConnect\AutoConnect.exe

C:\Documents and Settings\KK\Menu Start\Programy\Autostart\spoolsv.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\KK\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O3 - Toolbar: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM…\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [lxctmon.exe] “C:\Program Files\Lexmark 5400 Series\lxctmon.exe”

O4 - HKLM…\Run: [Lexmark 5400 Series Fax Server] “C:\Program Files\Lexmark 5400 Series\fm3032.exe” /s

O4 - HKLM…\Run: [EzPrint] “C:\Program Files\Lexmark 5400 Series\ezprint.exe”

O4 - HKLM…\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16

O4 - HKLM…\Run: [bearShare] C:\Program Files\BearShare Applications\BearShare\BearShare.exe /pause

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe

O4 - HKLM…\Run: [Windows] C:\WINDOWS$NtServicePackUninstall$\services.exe

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide

O4 - HKLM…\Run: [svchost] C:\WINDOWS\svchost\svchost.exe

O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [DAEMON Tools Pro Agent] “C:\Program Files\DAEMON Tools Pro\DTProAgent.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe”

O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe

O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot

O4 - HKCU…\Run: [uSDownloader] “C:\DOCUME~1\KK\USTAWI~1\Temp\Rar$EX00.953\USDownloader.exe”

O4 - Startup: spoolsv.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 0276531765

O17 - HKLM\System\CCS\Services\Tcpip…{144F96F7-3421-46FC-9EFE-7C4CBFCB9D2B}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip…{144F96F7-3421-46FC-9EFE-7C4CBFCB9D2B}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS3\Services\Tcpip…{144F96F7-3421-46FC-9EFE-7C4CBFCB9D2B}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#2

ostatnio mi kolo wyslal keylogera

ja go usunąłem tym

Spyware Terminator 2.1.3

#3

już ściagam to zobacze :slight_smile:

#4

Dodatkowo

Zaznacz i usuń te wpisu w HJT

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym log na forum

Przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html (Uruchamia się pod IE)i daj raport na forum

#5

Dobrze,już zrobiłem i daje cały raport

ComboFix 08-06-12.2 - KK 2008-06-15 10:41:48.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1341 [GMT 2:00]

Running from: C:\Documents and Settings\KK\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\KK\Pulpit\CFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Fonts\CALIBRIB.TTF

C:\WINDOWS\OPTIONS\CABS_desktop.ini

C:\WINDOWS\system32\DDF5A57F05.dll

.

((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))

.

2008-06-15 10:26 . 2008-06-15 10:28 433 --a------ C:\WINDOWS\wininit.ini

2008-06-15 10:11 . 2008-06-15 10:12

2008-06-15 10:11 . 2008-06-15 10:28

2008-06-15 09:34 . 2008-06-15 09:36

2008-06-15 00:27 . 2008-06-15 00:27

2008-06-14 23:04 . 2008-06-14 23:04

2008-06-14 23:04 . 2008-06-14 23:04

2008-06-14 22:56 . 2008-06-14 22:56

2008-06-12 14:34 . 2008-04-14 18:00 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-12 14:34 . 2008-05-08 16:02 203,136 -----c— C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-09 13:07 . 2008-06-15 10:20

2008-06-09 12:32 . 2002-11-02 09:53 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL

2008-06-05 18:27 . 2008-06-05 18:53

2008-06-02 22:07 . 2008-06-02 22:07

2008-06-02 22:05 . 2008-06-02 22:05

2008-06-02 22:03 . 2008-06-02 22:03

2008-06-02 17:37 . 2008-06-02 17:37

2008-06-02 17:37 . 2001-04-04 14:00 245,760 --------- C:\WINDOWS\system32\DECO_32.DLL

2008-06-02 09:51 . 2008-06-02 09:51

2008-05-29 21:50 . 2008-05-29 21:50

2008-05-28 23:08 . 2008-05-28 23:08 0 --------- C:\WINDOWS\WB.ini

2008-05-28 23:03 . 2008-05-28 23:03

2008-05-28 23:03 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-05-25 19:59 . 2008-05-25 19:58 3,240,054 --a------ C:\WINDOWS\Wallpaper1.bmp

2008-05-25 19:58 . 2008-05-25 19:58

2008-05-25 19:57 . 2008-05-25 19:57

2008-05-25 19:57 . 2002-09-06 13:30 67,072 --a------ C:\WINDOWS\system32\AKCPanel.cpl

2008-05-25 19:57 . 2008-05-25 19:57 1,040 --a------ C:\WINDOWS\unins000.dat

2008-05-25 16:43 . 2008-05-25 16:43

2008-05-25 12:14 . 2008-05-25 12:14

2008-05-25 02:27 . 2008-05-25 02:27 324 --a------ C:\WINDOWS\game.ini

2008-05-24 18:04 . 2008-05-24 18:04

2008-05-24 16:39 . 2008-05-24 16:39

2008-05-24 16:37 . 2008-05-24 16:37

2008-05-24 16:37 . 2008-05-24 16:37

2008-05-24 16:37 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

2008-05-24 16:36 . 2008-05-24 16:37

2008-05-24 16:36 . 2008-05-24 16:36

2008-05-24 15:32 . 2008-05-24 15:32

2008-05-24 15:32 . 2008-05-24 15:37

2008-05-24 14:03 . 2008-05-24 14:03

2008-05-24 14:03 . 2008-05-24 14:03

2008-05-24 13:56 . 2008-05-24 18:12

2008-05-24 13:52 . 2008-05-24 13:52

2008-05-24 13:52 . 2008-05-24 13:52

2008-05-24 13:51 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-05-24 13:40 . 2008-05-24 13:40

2008-05-24 12:48 . 2008-05-24 12:48

2008-05-24 12:47 . 2008-05-24 12:50

2008-05-24 12:04 . 2008-06-15 10:26

2008-05-22 19:04 . 2008-05-22 19:04 2,560 --a------ C:\WINDOWS_MSRSTRT.EXE

2008-05-19 20:49 . 2008-05-19 20:49

2008-05-19 19:47 . 2008-05-19 19:47

2008-05-19 17:13 . 2008-05-19 17:13

2008-05-19 17:12 . 2008-05-19 17:12

2008-05-19 17:12 . 2008-05-19 17:12

2008-05-19 17:12 . 2008-06-12 20:00 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-05-17 17:26 . 2008-06-04 23:03 3,536 --a------ C:\logfile

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-15 08:36 --------- d-----w C:\Documents and Settings\KK\Dane aplikacji\DNA

2008-06-15 08:29 --------- d-----w C:\Documents and Settings\KK\Dane aplikacji\Skype

2008-06-15 08:28 --------- d-----w C:\Program Files\BearShare

2008-06-15 07:35 --------- d-----w C:\Program Files\Lx_cats

2008-06-15 07:35 --------- d-----w C:\Program Files\AutoConnect

2008-06-15 07:28 --------- d-----w C:\Documents and Settings\KK\Dane aplikacji\skypePM

2008-06-11 10:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-06-09 22:58 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-06-09 11:55 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-06-08 10:01 --------- d-----w C:\Program Files\Steam

2008-06-08 07:31 --------- d-----w C:\Program Files\Neostrada TP

2008-06-02 20:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-06-02 20:05 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-06-02 20:05 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-05-31 18:40 --------- d-----w C:\Documents and Settings\KK\Dane aplikacji\BitTorrent

2008-05-29 16:51 --------- d-----w C:\Documents and Settings\KK\Dane aplikacji\Bioshock

2008-05-26 00:06 52,800 ----a-w C:\WINDOWS\system32\drivers\pssdklbf.sys

2008-05-26 00:06 36,928 ----a-w C:\WINDOWS\system32\drivers\pssdk40.sys

2008-05-25 17:57 72,774 ----a-w C:\WINDOWS\unins000.exe

2008-05-25 11:28 --------- d-----w C:\Program Files\Ashampoo

2008-05-25 00:26 --------- d-----w C:\Program Files\Activision

2008-05-24 20:50 --------- d-----w C:\Program Files\Valve

2008-05-24 16:11 --------- d-----w C:\Program Files\VstPlugins

2008-05-24 15:57 --------- d-----w C:\Program Files\Lavalys

2008-05-24 14:36 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

2008-05-24 13:43 --------- d-----w C:\Program Files\Deluxe Ski Jump

2008-05-24 11:55 --------- d-----w C:\Program Files\MSBuild

2008-05-22 17:10 --------- d-----w C:\Program Files\BearShare Applications

2008-05-14 15:56 --------- d-----w C:\Program Files\Winamp

2008-05-11 12:54 --------- d-----w C:\Program Files\Gadu-Gadu

2008-05-08 20:08 --------- d-----w C:\Program Files\Windows Defender

2008-05-08 16:30 --------- d-----w C:\Program Files\Yahoo!

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-03 17:06 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-01 15:08 2,829 ----a-w C:\WINDOWS\War3Unin.pif

2008-05-01 15:08 126,976 ----a-w C:\WINDOWS\War3Unin.exe

2008-04-28 11:11 --------- d-----w C:\Program Files\MSN Games

2008-04-28 10:29 805,400 ----a-r C:\WINDOWS\system32\tmp403A.tmp

2008-04-28 10:29 805,400 ----a-r C:\WINDOWS\system32\tmp4039.tmp

2008-04-27 14:35 15,600 ----a-w C:\WINDOWS\gdrv.sys

2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 20:52 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll

2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 19:52 89,600 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 19:29 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 22:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 22:10 427,008 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 22:08 2,953,216 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 22:05 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-13 22:05 194,560 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 22:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 22:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 21:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 21:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 20:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 20:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 20:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 20:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 19:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 19:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

2007-12-17 17:07 304 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\dtpro.dat

2007-12-05 17:23 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-11-16 13:36 21760296]

“DAEMON Tools Pro Agent”=“C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 15:08 136136]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 22:51 15360]

“BitTorrent DNA”=“C:\Program Files\DNA\btdna.exe” [2008-05-08 18:19 288576]

“AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [2006-12-03 01:14 310784]

“CubeDesktop”="" []

“LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe” []

“LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2004-10-08 12:06 196608]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

“SpybotDeletingD1265”=“cmd /c del C:\Program Files\BearShare\db\Hostiles-Chat.txt” []

“SpybotDeletingB6488”=“command /c del C:\Program Files\BearShare\db\searches.ini” []

“SpybotDeletingD1128”=“cmd /c del C:\Program Files\BearShare\db\searches.ini” []

“SpybotDeletingB6455”=“command /c del C:\Program Files\BearShare\Logs\hosts-state.txt” []

“SpybotDeletingD981”=“cmd /c del C:\Program Files\BearShare\Logs\hosts-state.txt” []

“SpybotDeletingB4524”=“command /c del C:\Program Files\BearShare\Logs\memory.txt” []

“SpybotDeletingD6717”=“cmd /c del C:\Program Files\BearShare\Logs\memory.txt” []

“SpybotDeletingB4132”=“command /c del C:\Program Files\BearShare\Logs\ordinal.txt” []

“SpybotDeletingD4335”=“cmd /c del C:\Program Files\BearShare\Logs\ordinal.txt” []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“RTHDCPL”=“RTHDCPL.EXE” [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]

“JMB36X IDE Setup”=“C:\WINDOWS\JM\JMInsIDE.exe” [2006-10-30 14:44 36864]

“36X Raid Configurer”=“C:\WINDOWS\system32\JMRaidSetup.exe” [2007-02-06 14:08 1953792]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-08-28 01:29 8466432]

“nwiz”=“nwiz.exe” [2007-08-28 01:29 1626112 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“NvMCTray.dll” [2007-08-28 01:29 81920 C:\WINDOWS\system32\nvmctray.dll]

“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-11-17 22:53 917504]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50 155648]

“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07 24576]

“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 12:38 866816]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07 20480]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 19:07 53248]

“lxctmon.exe”=“C:\Program Files\Lexmark 5400 Series\lxctmon.exe” [2007-03-19 14:58 291760]

“Lexmark 5400 Series Fax Server”=“C:\Program Files\Lexmark 5400 Series\fm3032.exe” [2007-03-19 14:59 304048]

“EzPrint”=“C:\Program Files\Lexmark 5400 Series\ezprint.exe” [2007-03-19 14:58 82864]

“LXCTCATS”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll” [2006-11-21 14:27 106496]

“BearShare”=“C:\Program Files\BearShare Applications\BearShare\BearShare.exe” []

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-01 16:57 282624]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 01:47 31016]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 20:42 32768]

“WheelMouse”=“C:\PROGRA~1\Mouse\Amoumain.exe” [2004-11-03 16:56 151552]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]

“LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [2004-10-08 11:52 221184]

“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2004-10-08 12:31 458752]

“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2004-10-08 12:24 217088]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 22:51 15360]

C:\Documents and Settings\KK\Menu Start\Programy\Autostart\

spoolsv.exe [2008-06-14 22:13:07 61998]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-05-24 16:36:10 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

–a------ 2008-03-30 16:01 1271032 c:\program files\steam\steam.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\WINDOWS\system32\lxctcoms.exe”=

“C:\Program Files\Valve\hl.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“D:\Warcraft III\Warcraft III.exe”=

“C:\Program Files\Valve\hltv.exe”=

“C:\Program Files\Valve\hlds.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\DNA\btdna.exe”=

“C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe”=

“C:\Program Files\Sierra\FEAR\FEAR.exe”=

“C:\Program Files\Mozilla Firefox\firefox.exe”=

“C:\Program Files\GIGABYTE\@BIOS\gwflash.exe”=

“C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe”=

“C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe”=

“C:\Program Files\Codemasters\GRID Demo\GRID.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“9698:TCP”= 9698:TCP:BitComet 9698 TCP

“9698:UDP”= 9698:UDP:BitComet 9698 UDP

R2 AKEProtect;AKEProtect;C:\Program Files\Anti Keylogger Elite\AKEProtect.sys []

S3 Arfumftr;(Standard Mouse Types) USB RF-Mouse filter driver;C:\WINDOWS\system32\DRIVERS\Arfumftr.sys [2004-08-25 10:57]

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-27 16:35]

S3 PsSdk40;PsSdk40;C:\WINDOWS\system32\Drivers\pssdk40.sys [2008-05-26 02:06]

S3 PsSdkLBF;PsSdkLBF;C:\WINDOWS\system32\Drivers\pssdklbf.sys [2008-05-26 02:06]

S3 TCCrystalCpuInfo;TCCrystalCpuInfo;C:\DOCUME~1\KK\USTAWI~1\Temp\TCCpuInfo.sys []

*Newly Created Service* - AKEPROTECT

*Newly Created Service* - CATCHME

.

Contents of the ‘Scheduled Tasks’ folder

“2008-06-02 08:35:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job”

  • C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\DANEAP~1\Kodak\EasyShareSetup$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16

“2008-06-15 07:38:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job”

  • C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-15 10:43:37

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]

“ImagePath”="??\C:\DOCUME~1\KK\USTAWI~1\Temp\ASFWHide"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe

  • C:\Program Files\Eset\pr_imon.dll

.

Completion time: 2008-06-15 10:44:00

ComboFix-quarantined-files.txt 2008-06-15 08:43:56

Pre-Run: 25,949,282,304 bajtów wolnych

Post-Run: 35,819,839,488 bajtów wolnych

294 — E O F — 2008-06-14 21:08:00

W dniu 14.06.2008 , o godzinie 12:37 został dopisany post przez krisk89

A tutaj raport z kasperskiego .

15 czerwiec 2008 12:30:35

System operacyjny: Microsoft Windows XP Home Edition, Dodatek Service Pack 3 (Build 2600)

Kaspersky Online Scanner wersja: 5.0.98.0

Ostatnia aktualizacja Kaspersky Anti-Virus14/06/2008

Liczba wpisów w bazie danych Kaspersky Anti-Virus863215

Ustawienia skanowania

Skanowanie przy użyciu następujących baz danych rozszerzone

Skanuj archiwa tak

Skanuj pocztowe bazy danych tak

Obszar skanowania Mój komputer

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Statystyki skanowania

Liczba skanowanych obiektów 107372

Liczba wykrytych wirusów 7

Liczba zainfekowanych obiektów 12

Liczba podejrzanych obiektów 0

Czas trwania skanowania 01:22:19

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Windows Defender\Support\MPLog-05082008-220854.log Object is locked pominięty

C:\Documents and Settings\KK\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\KK\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\cert8.db Object is locked pominięty

C:\Documents and Settings\KK\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\flashgot.log Object is locked pominięty

C:\Documents and Settings\KK\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\formhistory.dat Object is locked pominięty

C:\Documents and Settings\KK\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\history.dat Object is locked pominięty

C:\Documents and Settings\KK\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\key3.db Object is locked pominięty

C:\Documents and Settings\KK\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\parent.lock Object is locked pominięty

C:\Documents and Settings\KK\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\search.sqlite Object is locked pominięty

C:\Documents and Settings\KK\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\urlclassifier2.sqlite Object is locked pominięty

C:\Documents and Settings\KK\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\KK\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\KK\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\KK\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\KK\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Defender\FileTracker{34E37FCB-6F1E-4222-B61C-D55705140C24} Object is locked pominięty

C:\Documents and Settings\KK\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Defender\FileTracker{807D4706-ECCB-494B-ABB9-1E333069F44C} Object is locked pominięty

C:\Documents and Settings\KK\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\Cache_CACHE_001_ Object is locked pominięty

C:\Documents and Settings\KK\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\Cache_CACHE_002_ Object is locked pominięty

C:\Documents and Settings\KK\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\Cache_CACHE_003_ Object is locked pominięty

C:\Documents and Settings\KK\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\q0dhigyg.default\Cache_CACHE_MAP_ Object is locked pominięty

C:\Documents and Settings\KK\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\KK\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Program Files\ESET\cache\CACHE.NDB Object is locked pominięty

C:\Program Files\ESET\infected\15IAHFCA.NQF Zainfekowanych: Backdoor.Win32.PcClient.agu pominięty

C:\Program Files\ESET\infected\APFES0CA.NQF/data0007/data0002 Zainfekowanych: not-a-virus:AdWare.Win32.PurityScan.fk pominięty

C:\Program Files\ESET\infected\APFES0CA.NQF/data0007 Zainfekowanych: not-a-virus:AdWare.Win32.PurityScan.fk pominięty

C:\Program Files\ESET\infected\APFES0CA.NQF/data0008 Zainfekowanych: Trojan-Downloader.Win32.Agent.hjs pominięty

C:\Program Files\ESET\infected\APFES0CA.NQF/data0012 Zainfekowanych: Trojan-Downloader.Win32.PurityScan.gc pominięty

C:\Program Files\ESET\infected\APFES0CA.NQF NSIS: zainfekowany - 4 pominięty

C:\Program Files\ESET\infected\APFES0CA.NQF PE-Crypt.XorPE: zainfekowany - 4 pominięty

C:\Program Files\ESET\infected\DEBVKQCA.NQF Zainfekowanych: Trojan.Win32.Filco.a pominięty

C:\Program Files\ESET\logs\virlog.dat Object is locked pominięty

C:\Program Files\ESET\logs\warnlog.dat Object is locked pominięty

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

C:\System Volume Information_restore{650237AD-A806-489F-8E26-16A9C3C0646F}\RP116\A0040082.exe Zainfekowanych: Trojan.Win32.Filco.a pominięty

C:\System Volume Information_restore{650237AD-A806-489F-8E26-16A9C3C0646F}\RP177\change.log Object is locked pominięty

C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty

C:\WINDOWS\SchedLgU.Txt Object is locked pominięty

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty

C:\WINDOWS\Sti_Trace.log Object is locked pominięty

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\default Object is locked pominięty

C:\WINDOWS\system32\config\default.LOG Object is locked pominięty

C:\WINDOWS\system32\config\Internet.evt Object is locked pominięty

C:\WINDOWS\system32\config\ODiag.evt Object is locked pominięty

C:\WINDOWS\system32\config\OSession.evt Object is locked pominięty

C:\WINDOWS\system32\config\SAM Object is locked pominięty

C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty

C:\WINDOWS\system32\config\software Object is locked pominięty

C:\WINDOWS\system32\config\software.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\system Object is locked pominięty

C:\WINDOWS\system32\config\system.LOG Object is locked pominięty

C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty

C:\WINDOWS\system32\h323log.txt Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty

C:\WINDOWS\wiadebug.log Object is locked pominięty

C:\WINDOWS\wiaservc.log Object is locked pominięty

C:\WINDOWS\WindowsUpdate.log Object is locked pominięty

D:\Pcsx2_0_1_.9.4_PL_Biosy_Karty_Pamieci.zip/Pcsx2_0.9.4/WanPacket.dll Zainfekowanych: Backdoor.Win32.ForBot.aj pominięty

D:\Pcsx2_0_1_.9.4_PL_Biosy_Karty_Pamieci.zip ZIP: zainfekowany - 1 pominięty

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

D:\System Volume Information_restore{650237AD-A806-489F-8E26-16A9C3C0646F}\RP177\change.log Object is locked pominięty

D:\VDownloader.exe Zainfekowanych: not-a-virus:Downloader.Win32.VDown.a pominięty

#6

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\DOCUME~1\KK\USTAWI~1\Temp\TCCpuInfo.sys

D:\Pcsx2_0_1_.9.4_PL_Biosy_Karty_Pamieci.zip

D:\VDownloader.exe


Folder::

C:\Program Files\BearShare Applications\BearShare MediaBar

C:\System Volume Information\_restore{650237AD-A806-489F-8E26-16A9C3C0646F}\RP116


Driver::

TCCrystalCpuInfo


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingD1265"=-

"SpybotDeletingB6488"=-

"SpybotDeletingD1128"=-

"SpybotDeletingB6455"=-

"SpybotDeletingD981"=-

"SpybotDeletingB4524"=-

"SpybotDeletingD6717"=-

"SpybotDeletingB4132"=-

"SpybotDeletingD4335"=-

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Usuń pliki z tego folderu:

Logi dajesz na http://www.wklej.org a w poście dajesz tylko link

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

#7

Dziękuje Hubert2t , zrobiłem tak jak powiedziałeś .

#8

Daj log z usuwania z combofix