Witam, sciągnąłem sobie dziś pewien program i przy okazji sciagnal mi sie spyware. Zrobił się czerwony ekran, zaczelo wyskakiwac ze mam rozne trojany itp.Sciagnalem z neta Spybot, przeskanowalem dysk i chcialem zainfekowane pliki usunac, ale czesci nie moge, a czesc plikow znajduje sie w Windowsie. Proszę o pomoc w poradzeniu sobie z tym problemem. Dodam jeszcze, że jestem raczej laikiem i prosiłbym o proste i dokladne wytlumaczenie co mam zrobic. Czekam na pomoc. Pozdrawiam
Witam,
radzę dalej korzystać ze SpyBota.
Jednak tym razem zrób to tak:
-
uruchom SpyBota
-
w górnym pasku programu kliknij Tryb i wybierz Zaawansowany
-
z lewego paska wybierz Ustawienia --> Ustawienia programu
-
w głównej części okna znajdź Automatyzacja --> Ze startem Systemu
-
zaznacz:
-
uruchom ponownie komputer
-
gdy program się uruchomi wybierz opcję sprawdź wszystko
-
usuń znalezione zagrożenia
Większość śmieci powinna się usunąć.
Zapewne ktoś jeszcze podpowie Tobie co dalej robić.
Radzę się jednak już teraz zaznajomić z tym:
Pozdrawiam,
Rafał
W jego przypadku odradzam użycie trybu ZAAWANSOWANE w tym programie(pisze,że jest laikiem).Tryb zaawansowany oferuje funkcje,których użycie bez odpowiedniej wiedzy co dane funkcje robią ,może doprowadzić do uszkodzenia plików systemowych.
Wskazane natomiast jest pokazanie logów z HIJACHTHIS .
wklejam loga z hijachthis
Logfile of HijackThis v1.99.1
Scan saved at 17:17:44, on 2008-04-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt\ilupmvqn.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\edopsril.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\User\Pulpit\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM…\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM…\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [Onet.pl AutoUpdate] “C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” /updateexetsr
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [PC-Antispyware] “C:\Program Files\PC-Antispyware\PC-Antispyware.exe” hide
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [iizzizvt] C:\WINDOWS\system32\edopsril.exe
O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [iNTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip…{7D730693-F783-425E-8A40-A403192D99BE}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
A z ComboFix cos mi się nie chce sciągnąć z neta. Mam nadziję, że to wystarczy. Dodam jeszcze, że SpyBot wkrył mi jakies chyba 2 trojany w Windowsie, i kliknąłem na zezwalaj. Myślałem, że cos z systemem mi sie stanie, ale na razie cicho sza. Co jakiś czas pokazuje mi się też okienko o trojanie w katalogu Windows, plik: wlm.exe chyba albo jakoś tak podobnie. Pozdrawiam i liczę na dalsza pomoc
FIX:
Spróbuj ściągać Combo z innych źródeł
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
File::
C:\WINDOWS\system32\edopsril.exe
Folder::
C:\Program Files\PC-Antispyware
Plik -> zapisz jako -> CFScript.txt
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum + nowy log z HijackThis.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: ** Qoobox**
robie wszystko jak trzeba, tylko nie rozumiem po co to (patrz doł) wkleiles
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
O4 - HKLM…\Run: [PC-Antispyware] “C:\Program Files\PC-Antispyware\PC-Antispyware.exe” hide
O4 - HKCU…\Run: [iizzizvt] C:\WINDOWS\system32\edopsril.exe
Żebyś zfixował te wpisy w HijackThis
Tu jest log z ComboFix
ComboFix 08-04-17.1 - User 2008-04-18 18:35:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.141 [GMT 2:00]
Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
C:\WINDOWS\system32\edopsril.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\User\Pulpitblackbird.jpg
C:\Documents and Settings\User\PulpitEditorFKWP1.5.exe
C:\Documents and Settings\User\PulpitEditorFKWP2.0.exe
C:\Documents and Settings\User\Pulpitfilemanagerclient.exe
C:\Documents and Settings\User\Pulpitfkwp1.5.exe
C:\Documents and Settings\User\Pulpitfkwp2.0.exe
C:\Documents and Settings\User\Pulpitfwebd.exe
C:\Documents and Settings\User\PulpitFWebdEditor.exe
C:\Documents and Settings\User\PulpitTrojan.Win32.BlackBird.exe
C:\Documents and Settings\User\Pulpitvirii
C:\Documents and Settings\User\Ustawienia lokalne\Temporary Internet Files\EUP1E3.tmp
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\com\pcsd.dll
C:\Program Files\PC-Cleaner\PC-Cleaner.db
C:\Program Files\PC-Cleaner\PC-Cleaner.exe
C:\Program Files\PC-Cleaner\pccleaner.pkg
C:\Program Files\PC-Cleaner\program.info
C:\Program Files\PC-Cleaner\Uninstall.exe
C:\WINDOWS\system32\edopsril.exe
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32VBIEWER.OCX
.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.
2008-04-17 22:40 . 2008-04-17 22:40 90,112 --a------ C:\WINDOWS\system32\zujenazc.exe
2008-04-17 21:40 . 2008-04-17 21:40 229 --a------ C:\WINDOWS\wininit.ini
2008-04-17 18:22 . 2008-04-17 18:22
2008-04-17 17:34 . 2008-04-17 17:35
2008-04-17 17:34 . 2008-04-17 18:33
2008-04-17 16:30 . 2008-04-16 10:07 290,816 --a------ C:\WINDOWS\pmsoarbf.dll
2008-04-17 16:30 . 2008-04-16 10:07 98,304 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-17 16:29 . 2008-04-17 16:29
2008-04-04 19:33 . 2008-04-18 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 19:33 . 2008-04-18 18:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 22:29 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 22:29 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-30 16:01 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-30 15:59 . 2008-03-30 15:59
2008-03-30 15:56 . 2008-03-30 15:56
2008-03-30 15:40 . 2008-03-30 16:06
2008-03-30 15:38 . 2008-03-30 15:38
2008-03-28 16:50 . 2008-03-28 16:50
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 15:09 --------- d-----w C:\Program Files\Neostrada TP
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-25 09:17 --------- d-----w C:\Program Files\eMule
2008-03-17 11:04 --------- d-----w C:\Program Files\DC++
2008-03-17 08:30 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\uTorrent
2008-03-01 18:53 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\BearShare
2007-12-24 10:58 25,760 ----a-w C:\Documents and Settings\User\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-07-19 23:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab
2007-07-19 23:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab
2007-07-19 23:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab
2007-07-19 23:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-07-19 23:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab
2007-07-19 23:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab
2007-07-19 23:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab
2005-03-31 21:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
------- Sigcheck -------
2007-05-10 17:11 2068096 a87ec7fc3c796046626fee113dfcaad9 C:\WINDOWS\system32\ntkrnlpa.exe
2007-05-10 17:11 2191104 c4738ec0df9ca4149ef16414dceec942 C:\WINDOWS\system32\ntoskrnl.exe
2007-05-10 21:55 1423872 a50dfe31981a01423d327fdd05bdf452 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” []
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44 15360]
“iizzizvt”=“C:\WINDOWS\system32\edopsril.exe” []
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07 24576]
“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38 866816]
“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07 20480]
“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07 53248]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-04-25 17:44 35328]
“AVFX Engine”=“C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” [2006-06-09 01:11 24576]
“V0220Mon.exe”=“C:\WINDOWS\V0220Mon.exe” [2006-06-28 19:01 32768]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]
“Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” []
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-04-01 16:16 5562368]
“nwiz”=“nwiz.exe” [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-04-01 16:16 86016]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-09-27 07:08 77824]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-09-30 13:45 185632]
“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 18:35 32768]
“InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2005-06-10 16:20 1397760]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50 155648]
“PC-Antispyware”=“C:\Program Files\PC-Antispyware\PC-Antispyware.exe” []
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 02:44 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_2”=“regsvr32 /s /n /i:U shell32” []
“nltide_3”=“advpack.dll” [2007-05-10 16:39 124928 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\User\Menu Start\Programy\Autostart\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-24 13:48:07 368640]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 02:22:40 757760]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“DisableCAD”= 1 (0x1)
“DisableStatusMessages”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
“RnLrR8Vw47”= C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt\ilupmvqn.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoInstrumentation”= 1 (0x1)
“NoStartMenuMFUprogramsList”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
“NoResolveSearch”= 1 (0x1)
[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoInstrumentation”= 1 (0x1)
“NoStartMenuMFUprogramsList”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
“NoResolveSearch”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\BearShare Applications\BearShare\BearShare.exe”=
“C:\Program Files\DC++\DCPlusPlus.exe”=
“C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe”=
“C:\Program Files\Mozilla Firefox\firefox.exe”=
“C:\Program Files\SightSpeed\SightSpeed.exe”=
“C:\Program Files\uTorrent\uTorrent.exe”=
“C:\Program Files\Real\RealPlayer\realplay.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 07:58]
R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 10:00]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{630ea5e0-b0b1-11dc-97ef-000e50ead004}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6e1f1830-6511-11dc-963a-806d6172696f}]
\Shell\AutoRun\command - F:\Programs\nu2menu\nu2menu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8007f290-6f8e-11dc-9673-f328e9e7453c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e747ae47-9a82-11dc-9773-000e50ead004}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - G:\Recycled\ctfmon.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 18:38:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-18 18:40:35
ComboFix-quarantined-files.txt 2008-04-18 16:40:28
Pre-Run: 4,651,687,936 bajtów wolnych
Post-Run: 6,466,600,960 bajtów wolnych
A TU JEST Z hIJACKtHIS, TYLKO TYCH 3 JUZ NIE BYLO
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 18:45:31, on 2008-04-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt\ilupmvqn.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-SD IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM…\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM…\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [Onet.pl AutoUpdate] “C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” /updateexetsr
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [PC-Antispyware] “C:\Program Files\PC-Antispyware\PC-Antispyware.exe” hide
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [iizzizvt] C:\WINDOWS\system32\edopsril.exe
O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search Destroy\TeaTimer.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [iNTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip…{7D730693-F783-425E-8A40-A403192D99BE}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
CZEKAM NA DALSZE INSTRUKCJE
Fix w hijackthis:
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
File::
C:\WINDOWS\system32\edopsril.exe
C:\WINDOWS\system32\zujenazc.exe
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\npqtsrak.exe
Folder::
C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt
Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
O4 - HKCU…\Run: [iizzizvt] C:\WINDOWS\system32\edopsril.exe
nie mam takiego czegos
W dniu 18.04.2008 , o godzinie 19:06 został dopisany post przez michal1fight
a reszte mam zrobic co mi napisal huber2t?
Tak zrób to o co cie prosiłem
sprawdziłem jeszcze raz, na pewno juz nie mam takiego czegos
Ale prosiłem cię również o wykonanie pliku co combofix który usunie te pliki
log z ComboFixa
ComboFix 08-04-17.1 - User 2008-04-18 19:20:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.193 [GMT 2:00]
Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
C:\WINDOWS\npqtsrak.exe
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\system32\edopsril.exe
C:\WINDOWS\system32\zujenazc.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt
C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt\ilupmvqn.exe
C:\WINDOWS\npqtsrak.exe
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\system32\zujenazc.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.
2008-04-18 18:54 . 2008-04-18 18:54
2008-04-18 18:54 . 2008-04-18 18:54
2008-04-18 18:54 . 2008-04-18 18:54
2008-04-18 18:54 . 2008-04-18 18:54
2008-04-17 21:40 . 2008-04-17 21:40 229 --a------ C:\WINDOWS\wininit.ini
2008-04-17 18:22 . 2008-04-17 18:22
2008-04-17 17:34 . 2008-04-17 17:35
2008-04-17 17:34 . 2008-04-17 18:33
2008-04-04 19:33 . 2008-04-18 18:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 19:33 . 2008-04-18 18:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 22:29 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 22:29 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-30 16:01 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-30 15:59 . 2008-03-30 15:59
2008-03-30 15:56 . 2008-03-30 15:56
2008-03-30 15:40 . 2008-03-30 16:06
2008-03-30 15:38 . 2008-03-30 15:38
2008-03-28 16:50 . 2008-03-28 16:50
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 16:57 --------- d-----w C:\Program Files\Neostrada TP
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-25 09:17 --------- d-----w C:\Program Files\eMule
2008-03-17 11:04 --------- d-----w C:\Program Files\DC++
2008-03-17 08:30 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\uTorrent
2008-03-01 18:53 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\BearShare
2007-12-24 10:58 25,760 ----a-w C:\Documents and Settings\User\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-07-19 23:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab
2007-07-19 23:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab
2007-07-19 23:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab
2007-07-19 23:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-07-19 23:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab
2007-07-19 23:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab
2007-07-19 23:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab
2005-03-31 21:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
------- Sigcheck -------
2007-05-10 17:11 2068096 a87ec7fc3c796046626fee113dfcaad9 C:\WINDOWS\system32\ntkrnlpa.exe
2007-05-10 17:11 2191104 c4738ec0df9ca4149ef16414dceec942 C:\WINDOWS\system32\ntoskrnl.exe
2007-05-10 21:55 1423872 a50dfe31981a01423d327fdd05bdf452 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” []
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44 15360]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07 24576]
“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38 866816]
“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07 20480]
“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07 53248]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-04-25 17:44 35328]
“AVFX Engine”=“C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” [2006-06-09 01:11 24576]
“V0220Mon.exe”=“C:\WINDOWS\V0220Mon.exe” [2006-06-28 19:01 32768]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]
“Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” []
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-04-01 16:16 5562368]
“nwiz”=“nwiz.exe” [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-04-01 16:16 86016]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-09-27 07:08 77824]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-09-30 13:45 185632]
“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 18:35 32768]
“InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2005-06-10 16:20 1397760]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50 155648]
“PC-Antispyware”=“C:\Program Files\PC-Antispyware\PC-Antispyware.exe” []
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 02:44 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_2”=“regsvr32 /s /n /i:U shell32” []
“nltide_3”=“advpack.dll” [2007-05-10 16:39 124928 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\User\Menu Start\Programy\Autostart\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-24 13:48:07 368640]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 02:22:40 757760]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“DisableCAD”= 1 (0x1)
“DisableStatusMessages”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
“RnLrR8Vw47”= C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt\ilupmvqn.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoInstrumentation”= 1 (0x1)
“NoStartMenuMFUprogramsList”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
“NoResolveSearch”= 1 (0x1)
[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoInstrumentation”= 1 (0x1)
“NoStartMenuMFUprogramsList”= 1 (0x1)
“NoResolveTrack”= 1 (0x1)
“NoResolveSearch”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\BearShare Applications\BearShare\BearShare.exe”=
“C:\Program Files\DC++\DCPlusPlus.exe”=
“C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe”=
“C:\Program Files\Mozilla Firefox\firefox.exe”=
“C:\Program Files\SightSpeed\SightSpeed.exe”=
“C:\Program Files\uTorrent\uTorrent.exe”=
“C:\Program Files\Real\RealPlayer\realplay.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 07:58]
R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 10:00]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{630ea5e0-b0b1-11dc-97ef-000e50ead004}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6e1f1830-6511-11dc-963a-806d6172696f}]
\Shell\AutoRun\command - F:\Programs\nu2menu\nu2menu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8007f290-6f8e-11dc-9673-f328e9e7453c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e747ae47-9a82-11dc-9773-000e50ead004}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - G:\Recycled\ctfmon.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 19:22:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-18 19:24:28
ComboFix-quarantined-files.txt 2008-04-18 17:24:22
ComboFix2.txt 2008-04-18 16:40:37
Pre-Run: 6,462,021,632 bajtów wolnych
Post-Run: 6,453,059,584 bajtów wolnych
otwórz notatnik i wklej
zapisz jako typ wszystkie pliki i pod nazwą plik.reg
Uruchom ten plik, uruchom ponownie komputer
zrobiłem to wszystko, czy cos jeszcze mam zrobic? czy usunac czy zostawic katalog z Hijckthis i CombofiXa? czy moge usunac ten ostani plik kyóry stworzyłem?
Możesz ten plik usunąć
Przeskanuj komputer tym http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
raport z Kaspersky’iego ale niepełny, tylko z najwazniejszych folderow, bo tak trwaloby to kilka godz (w miedzyczasie komp mi sie zawisil)
KASPERSKY ONLINE SCANNER REPORT
18 kwiecień 2008 23:56:28
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus18/04/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus714608
Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak
Obszar skanowania - Foldery:
C:\Documents and Settings\
C:\Program Files\
C:\RECYCLER\
C:\System Volume Information\
C:\WINDOWS\
D:\RECYCLER\
D:\System Volume Information\
Statystyki skanowania:
Liczba skanowanych obiektów: 34962
Liczba wykrytych wirusów: 11
Liczba zainfekowanych obiektów: 16
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 01:06:20
Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\User.jpi_cache\jar\1.0\java.jar-95238ad-6802257a.zip/GetAccess.class Zainfekowanych: Trojan-Downloader.Java.OpenConnection.aj pominięty
C:\Documents and Settings\User.jpi_cache\jar\1.0\java.jar-95238ad-6802257a.zip/Installer.class Zainfekowanych: Trojan-Downloader.Java.OpenConnection.aj pominięty
C:\Documents and Settings\User.jpi_cache\jar\1.0\java.jar-95238ad-6802257a.zip/NewSecurityClassLoader.class Zainfekowanych: Exploit.Java.ByteVerify pominięty
C:\Documents and Settings\User.jpi_cache\jar\1.0\java.jar-95238ad-6802257a.zip/NewURLClassLoader.class Zainfekowanych: Exploit.Java.ByteVerify pominięty
C:\Documents and Settings\User.jpi_cache\jar\1.0\java.jar-95238ad-6802257a.zip ZIP: zainfekowany - 4 pominięty
C:\Documents and Settings\User.jpi_cache\jar\1.0\loaderadv561.jar-5155a97b-257f346a.zip/Matrix.class Zainfekowanych: Trojan-Downloader.Java.OpenStream.c pominięty
C:\Documents and Settings\User.jpi_cache\jar\1.0\loaderadv561.jar-5155a97b-257f346a.zip/Counter.class Zainfekowanych: Trojan.Java.ClassLoader.h pominięty
C:\Documents and Settings\User.jpi_cache\jar\1.0\loaderadv561.jar-5155a97b-257f346a.zip/Parser.class Zainfekowanych: Trojan.Java.ClassLoader.d pominięty
C:\Documents and Settings\User.jpi_cache\jar\1.0\loaderadv561.jar-5155a97b-257f346a.zip ZIP: zainfekowany - 3 pominięty
C:\Documents and Settings\User\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\User\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\index.dat Object is locked pominięty
C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\User\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\User\Ustawienia lokalne\Historia\History.IE5\MSHist012008041820080419\index.dat Object is locked pominięty
C:\Documents and Settings\User\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked pominięty
C:\Documents and Settings\User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\report\Osłona rezydentna.txt Object is locked pominięty
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked pominięty
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000021.FCS Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked pominięty
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP67\A0081714.dll Zainfekowanych: not-a-virus:FraudTool.Win32.UltimateDefender.eb pominięty
C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP67\A0081715.dll Zainfekowanych: not-a-virus:FraudTool.Win32.UltimateDefender.eb pominięty
C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP68\A0081917.exe Zainfekowanych: not-a-virus:FraudTool.Win32.UltimateDefender.fc pominięty
C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP69\A0082089.exe Zainfekowanych: not-a-virus:FraudTool.Win32.UltimateDefender.hu pominięty
C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP70\A0082190.exe Zainfekowanych: not-a-virus:AdWare.Win32.Vapsup.ecg pominięty
C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP70\A0082191.dll Zainfekowanych: not-a-virus:AdWare.Win32.Vapsup.ech pominięty
C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP70\change.log Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\Sti_Trace.log Object is locked pominięty
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\Internet.evt Object is locked pominięty
C:\WINDOWS\system32\config\ODiag.evt Object is locked pominięty
C:\WINDOWS\system32\config\OSession.evt Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\Temp\Perflib_Perfdata_434.dat Object is locked pominięty
C:\WINDOWS\Temp_avast4_\Webshlock.txt Object is locked pominięty
C:\WINDOWS\wiadebug.log Object is locked pominięty
C:\WINDOWS\wiaservc.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
D:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP66\A0081701.inf Zainfekowanych: Trojan.Win32.VB.aqt pominięty
Proces skanowania został zakończony.