Spyware, czerwony ekran, wyskakujące okienka!


(Michal Howil) #1

Witam, sciągnąłem sobie dziś pewien program i przy okazji sciagnal mi sie spyware. Zrobił się czerwony ekran, zaczelo wyskakiwac ze mam rozne trojany itp.Sciagnalem z neta Spybot, przeskanowalem dysk i chcialem zainfekowane pliki usunac, ale czesci nie moge, a czesc plikow znajduje sie w Windowsie. Proszę o pomoc w poradzeniu sobie z tym problemem. Dodam jeszcze, że jestem raczej laikiem i prosiłbym o proste i dokladne wytlumaczenie co mam zrobic. Czekam na pomoc. Pozdrawiam


(rafi84tek) #2

Witam,

radzę dalej korzystać ze SpyBota.

Jednak tym razem zrób to tak:

  1. uruchom SpyBota

  2. w górnym pasku programu kliknij Tryb i wybierz Zaawansowany

  3. z lewego paska wybierz Ustawienia --> Ustawienia programu

  4. w głównej części okna znajdź Automatyzacja --> Ze startem Systemu

  5. zaznacz:

  1. uruchom ponownie komputer

  2. gdy program się uruchomi wybierz opcję sprawdź wszystko

  3. usuń znalezione zagrożenia :slight_smile:

Większość śmieci powinna się usunąć.

Zapewne ktoś jeszcze podpowie Tobie co dalej robić.

Radzę się jednak już teraz zaznajomić z tym:

viewtopic.php?f=16&t=36654

Pozdrawiam,

Rafał


(ybu) #3

W jego przypadku odradzam użycie trybu ZAAWANSOWANE w tym programie(pisze,że jest laikiem).Tryb zaawansowany oferuje funkcje,których użycie bez odpowiedniej wiedzy co dane funkcje robią ,może doprowadzić do uszkodzenia plików systemowych.

Wskazane natomiast jest pokazanie logów z HIJACHTHIS .


(huber2t) #4

Podaj logi z Hijackthis

Pokaż log z Combofix


(Michal Howil) #5

wklejam loga z hijachthis

Logfile of HijackThis v1.99.1

Scan saved at 17:17:44, on 2008-04-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt\ilupmvqn.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\V0220Mon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\edopsril.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Documents and Settings\User\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [PC-Antispyware] "C:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [iizzizvt] C:\WINDOWS\system32\edopsril.exe

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip..{7D730693-F783-425E-8A40-A403192D99BE}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


(Michal Howil) #6

A z ComboFix cos mi się nie chce sciągnąć z neta. Mam nadziję, że to wystarczy. Dodam jeszcze, że SpyBot wkrył mi jakies chyba 2 trojany w Windowsie, i kliknąłem na zezwalaj. Myślałem, że cos z systemem mi sie stanie, ale na razie cicho sza. Co jakiś czas pokazuje mi się też okienko o trojanie w katalogu Windows, plik: wlm.exe chyba albo jakoś tak podobnie. Pozdrawiam i liczę na dalsza pomoc


(Dmirecki) #7

FIX:

Spróbuj ściągać Combo z innych źródeł

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\system32\edopsril.exe


Folder::

C:\Program Files\PC-Antispyware

Plik -> zapisz jako -> CFScript.txt

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

88953CFScript-createdbyMiekiemoes.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum + nowy log z HijackThis.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: **** Qoobox


(Michal Howil) #8

robie wszystko jak trzeba, tylko nie rozumiem po co to (patrz doł) wkleiles

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

O4 - HKLM..\Run: [PC-Antispyware] "C:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide

O4 - HKCU..\Run: [iizzizvt] C:\WINDOWS\system32\edopsril.exe


(Dmirecki) #9

Żebyś zfixował te wpisy w HijackThis


(Michal Howil) #10

Tu jest log z ComboFix

ComboFix 08-04-17.1 - User 2008-04-18 18:35:13.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.141 [GMT 2:00]

Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\User\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\system32\edopsril.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\User\Pulpitblackbird.jpg

C:\Documents and Settings\User\PulpitEditorFKWP1.5.exe

C:\Documents and Settings\User\PulpitEditorFKWP2.0.exe

C:\Documents and Settings\User\Pulpitfilemanagerclient.exe

C:\Documents and Settings\User\Pulpitfkwp1.5.exe

C:\Documents and Settings\User\Pulpitfkwp2.0.exe

C:\Documents and Settings\User\Pulpitfwebd.exe

C:\Documents and Settings\User\PulpitFWebdEditor.exe

C:\Documents and Settings\User\PulpitTrojan.Win32.BlackBird.exe

C:\Documents and Settings\User\Pulpitvirii

C:\Documents and Settings\User\Ustawienia lokalne\Temporary Internet Files\EUP1E3.tmp

C:\Program Files\PC-Cleaner

C:\Program Files\PC-Cleaner\com\pcsd.dll

C:\Program Files\PC-Cleaner\PC-Cleaner.db

C:\Program Files\PC-Cleaner\PC-Cleaner.exe

C:\Program Files\PC-Cleaner\pccleaner.pkg

C:\Program Files\PC-Cleaner\program.info

C:\Program Files\PC-Cleaner\Uninstall.exe

C:\WINDOWS\system32\edopsril.exe

C:\WINDOWS\system32bdn.com

C:\WINDOWS\system32hxiwlgpm.dat

C:\WINDOWS\system32ssvchost.com

C:\WINDOWS\system32taack.dat

C:\WINDOWS\system32VBIEWER.OCX

.

((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))

.

2008-04-17 22:40 . 2008-04-17 22:40 90,112 --a------ C:\WINDOWS\system32\zujenazc.exe

2008-04-17 21:40 . 2008-04-17 21:40 229 --a------ C:\WINDOWS\wininit.ini

2008-04-17 18:22 . 2008-04-17 18:22

2008-04-17 17:34 . 2008-04-17 17:35

2008-04-17 17:34 . 2008-04-17 18:33

2008-04-17 16:30 . 2008-04-16 10:07 290,816 --a------ C:\WINDOWS\pmsoarbf.dll

2008-04-17 16:30 . 2008-04-16 10:07 98,304 --a------ C:\WINDOWS\npqtsrak.exe

2008-04-17 16:29 . 2008-04-17 16:29

2008-04-04 19:33 . 2008-04-18 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-04 19:33 . 2008-04-18 18:31 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-03 22:29 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-03 22:29 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-03-30 16:01 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-03-30 15:59 . 2008-03-30 15:59

2008-03-30 15:56 . 2008-03-30 15:56

2008-03-30 15:40 . 2008-03-30 16:06

2008-03-30 15:38 . 2008-03-30 15:38

2008-03-28 16:50 . 2008-03-28 16:50

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-18 15:09 --------- d-----w C:\Program Files\Neostrada TP

2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2008-03-25 09:17 --------- d-----w C:\Program Files\eMule

2008-03-17 11:04 --------- d-----w C:\Program Files\DC++

2008-03-17 08:30 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\uTorrent

2008-03-01 18:53 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\BearShare

2007-12-24 10:58 25,760 ----a-w C:\Documents and Settings\User\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-07-19 23:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab

2007-07-19 23:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab

2007-07-19 23:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab

2007-07-19 23:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab

2007-07-19 23:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab

2007-07-19 23:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab

2007-07-19 23:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab

2005-03-31 21:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

.

------- Sigcheck -------

2007-05-10 17:11 2068096 a87ec7fc3c796046626fee113dfcaad9 C:\WINDOWS\system32\ntkrnlpa.exe

2007-05-10 17:11 2191104 c4738ec0df9ca4149ef16414dceec942 C:\WINDOWS\system32\ntoskrnl.exe

2007-05-10 21:55 1423872 a50dfe31981a01423d327fdd05bdf452 C:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

"iizzizvt"="C:\WINDOWS\system32\edopsril.exe" []

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]

"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-25 17:44 35328]

"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]

"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 19:01 32768]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" []

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]

"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-27 07:08 77824]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-30 13:45 185632]

"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-10 16:20 1397760]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"PC-Antispyware"="C:\Program Files\PC-Antispyware\PC-Antispyware.exe" []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2007-05-10 16:39 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\User\Menu Start\Programy\Autostart\

Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-24 13:48:07 368640]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 02:22:40 757760]

Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"RnLrR8Vw47"= C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt\ilupmvqn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

"NoStartMenuMFUprogramsList"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

"NoStartMenuMFUprogramsList"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"=

"C:\Program Files\DC++\DCPlusPlus.exe"=

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"=

"C:\Program Files\Mozilla Firefox\firefox.exe"=

"C:\Program Files\SightSpeed\SightSpeed.exe"=

"C:\Program Files\uTorrent\uTorrent.exe"=

"C:\Program Files\Real\RealPlayer\realplay.exe"=

"C:\Program Files\eMule\emule.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 07:58]

R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 10:00]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{630ea5e0-b0b1-11dc-97ef-000e50ead004}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6e1f1830-6511-11dc-963a-806d6172696f}]

\Shell\AutoRun\command - F:\Programs\nu2menu\nu2menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8007f290-6f8e-11dc-9673-f328e9e7453c}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e747ae47-9a82-11dc-9773-000e50ead004}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(0)\command - G:\Recycled\ctfmon.exe

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-18 18:38:53

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-18 18:40:35

ComboFix-quarantined-files.txt 2008-04-18 16:40:28

Pre-Run: 4,651,687,936 bajtów wolnych

Post-Run: 6,466,600,960 bajtów wolnych

A TU JEST Z hIJACKtHIS, TYLKO TYCH 3 JUZ NIE BYLO

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

HIJACKTHIS

Logfile of HijackThis v1.99.1

Scan saved at 18:45:31, on 2008-04-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt\ilupmvqn.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\V0220Mon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Spybot - Search Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\User\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-SD IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [PC-Antispyware] "C:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [iizzizvt] C:\WINDOWS\system32\edopsril.exe

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search Destroy\TeaTimer.exe

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip..{7D730693-F783-425E-8A40-A403192D99BE}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

CZEKAM NA DALSZE INSTRUKCJE :slight_smile:


(huber2t) #11

Fix w hijackthis:

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\system32\edopsril.exe

C:\WINDOWS\system32\zujenazc.exe

C:\WINDOWS\pmsoarbf.dll

C:\WINDOWS\npqtsrak.exe


Folder::

C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox


(Michal Howil) #12

O4 - HKCU..\Run: [iizzizvt] C:\WINDOWS\system32\edopsril.exe

nie mam takiego czegos :confused:

W dniu 18.04.2008 , o godzinie 19:06 został dopisany post przez michal1fight

a reszte mam zrobic co mi napisal huber2t? :slight_smile:


(huber2t) #13

Tak zrób to o co cie prosiłem


(Michal Howil) #14

sprawdziłem jeszcze raz, na pewno juz nie mam takiego czegos :slight_smile:


(huber2t) #15

Ale prosiłem cię również o wykonanie pliku co combofix który usunie te pliki


(Michal Howil) #16

log z ComboFixa

ComboFix 08-04-17.1 - User 2008-04-18 19:20:07.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.193 [GMT 2:00]

Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\User\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\npqtsrak.exe

C:\WINDOWS\pmsoarbf.dll

C:\WINDOWS\system32\edopsril.exe

C:\WINDOWS\system32\zujenazc.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt

C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt\ilupmvqn.exe

C:\WINDOWS\npqtsrak.exe

C:\WINDOWS\pmsoarbf.dll

C:\WINDOWS\system32\zujenazc.exe

.

((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))

.

2008-04-18 18:54 . 2008-04-18 18:54

2008-04-18 18:54 . 2008-04-18 18:54

2008-04-18 18:54 . 2008-04-18 18:54

2008-04-18 18:54 . 2008-04-18 18:54

2008-04-17 21:40 . 2008-04-17 21:40 229 --a------ C:\WINDOWS\wininit.ini

2008-04-17 18:22 . 2008-04-17 18:22

2008-04-17 17:34 . 2008-04-17 17:35

2008-04-17 17:34 . 2008-04-17 18:33

2008-04-04 19:33 . 2008-04-18 18:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-04 19:33 . 2008-04-18 18:49 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-03 22:29 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-03 22:29 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-03-30 16:01 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-03-30 15:59 . 2008-03-30 15:59

2008-03-30 15:56 . 2008-03-30 15:56

2008-03-30 15:40 . 2008-03-30 16:06

2008-03-30 15:38 . 2008-03-30 15:38

2008-03-28 16:50 . 2008-03-28 16:50

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-18 16:57 --------- d-----w C:\Program Files\Neostrada TP

2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2008-03-25 09:17 --------- d-----w C:\Program Files\eMule

2008-03-17 11:04 --------- d-----w C:\Program Files\DC++

2008-03-17 08:30 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\uTorrent

2008-03-01 18:53 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\BearShare

2007-12-24 10:58 25,760 ----a-w C:\Documents and Settings\User\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-07-19 23:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab

2007-07-19 23:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab

2007-07-19 23:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab

2007-07-19 23:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab

2007-07-19 23:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab

2007-07-19 23:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab

2007-07-19 23:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab

2005-03-31 21:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

.

------- Sigcheck -------

2007-05-10 17:11 2068096 a87ec7fc3c796046626fee113dfcaad9 C:\WINDOWS\system32\ntkrnlpa.exe

2007-05-10 17:11 2191104 c4738ec0df9ca4149ef16414dceec942 C:\WINDOWS\system32\ntoskrnl.exe

2007-05-10 21:55 1423872 a50dfe31981a01423d327fdd05bdf452 C:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]

"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-25 17:44 35328]

"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]

"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 19:01 32768]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" []

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]

"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-27 07:08 77824]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-30 13:45 185632]

"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-10 16:20 1397760]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"PC-Antispyware"="C:\Program Files\PC-Antispyware\PC-Antispyware.exe" []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2007-05-10 16:39 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\User\Menu Start\Programy\Autostart\

Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-24 13:48:07 368640]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 02:22:40 757760]

Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"RnLrR8Vw47"= C:\Documents and Settings\All Users\Dane aplikacji\otovqdkt\ilupmvqn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

"NoStartMenuMFUprogramsList"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoInstrumentation"= 1 (0x1)

"NoStartMenuMFUprogramsList"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"=

"C:\Program Files\DC++\DCPlusPlus.exe"=

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"=

"C:\Program Files\Mozilla Firefox\firefox.exe"=

"C:\Program Files\SightSpeed\SightSpeed.exe"=

"C:\Program Files\uTorrent\uTorrent.exe"=

"C:\Program Files\Real\RealPlayer\realplay.exe"=

"C:\Program Files\eMule\emule.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 07:58]

R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 10:00]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{630ea5e0-b0b1-11dc-97ef-000e50ead004}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6e1f1830-6511-11dc-963a-806d6172696f}]

\Shell\AutoRun\command - F:\Programs\nu2menu\nu2menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8007f290-6f8e-11dc-9673-f328e9e7453c}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e747ae47-9a82-11dc-9773-000e50ead004}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(0)\command - G:\Recycled\ctfmon.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-18 19:22:57

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-18 19:24:28

ComboFix-quarantined-files.txt 2008-04-18 17:24:22

ComboFix2.txt 2008-04-18 16:40:37

Pre-Run: 6,462,021,632 bajtów wolnych

Post-Run: 6,453,059,584 bajtów wolnych


(huber2t) #17

otwórz notatnik i wklej

zapisz jako typ wszystkie pliki i pod nazwą plik.reg

Uruchom ten plik, uruchom ponownie komputer


(Michal Howil) #18

zrobiłem to wszystko, czy cos jeszcze mam zrobic? czy usunac czy zostawic katalog z Hijckthis i CombofiXa? czy moge usunac ten ostani plik kyóry stworzyłem?


(huber2t) #19

Możesz ten plik usunąć

Przeskanuj komputer tym http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum


(Michal Howil) #20

raport z Kaspersky'iego ale niepełny, tylko z najwazniejszych folderow, bo tak trwaloby to kilka godz (w miedzyczasie komp mi sie zawisil)


KASPERSKY ONLINE SCANNER REPORT

18 kwiecień 2008 23:56:28

System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)

Kaspersky Online Scanner wersja: 5.0.98.0

Ostatnia aktualizacja Kaspersky Anti-Virus18/04/2008

Liczba wpisów w bazie danych Kaspersky Anti-Virus714608


Ustawienia skanowania:

Skanowanie przy użyciu następujących baz danych: rozszerzone

Skanuj archiwa: tak

Skanuj pocztowe bazy danych: tak

Obszar skanowania - Foldery:

C:\Documents and Settings\

C:\Program Files\

C:\RECYCLER\

C:\System Volume Information\

C:\WINDOWS\

D:\RECYCLER\

D:\System Volume Information\

Statystyki skanowania:

Liczba skanowanych obiektów: 34962

Liczba wykrytych wirusów: 11

Liczba zainfekowanych obiektów: 16

Liczba podejrzanych obiektów: 0

Czas trwania skanowania: 01:06:20

Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\User.jpi_cache\jar\1.0\java.jar-95238ad-6802257a.zip/GetAccess.class Zainfekowanych: Trojan-Downloader.Java.OpenConnection.aj pominięty

C:\Documents and Settings\User.jpi_cache\jar\1.0\java.jar-95238ad-6802257a.zip/Installer.class Zainfekowanych: Trojan-Downloader.Java.OpenConnection.aj pominięty

C:\Documents and Settings\User.jpi_cache\jar\1.0\java.jar-95238ad-6802257a.zip/NewSecurityClassLoader.class Zainfekowanych: Exploit.Java.ByteVerify pominięty

C:\Documents and Settings\User.jpi_cache\jar\1.0\java.jar-95238ad-6802257a.zip/NewURLClassLoader.class Zainfekowanych: Exploit.Java.ByteVerify pominięty

C:\Documents and Settings\User.jpi_cache\jar\1.0\java.jar-95238ad-6802257a.zip ZIP: zainfekowany - 4 pominięty

C:\Documents and Settings\User.jpi_cache\jar\1.0\loaderadv561.jar-5155a97b-257f346a.zip/Matrix.class Zainfekowanych: Trojan-Downloader.Java.OpenStream.c pominięty

C:\Documents and Settings\User.jpi_cache\jar\1.0\loaderadv561.jar-5155a97b-257f346a.zip/Counter.class Zainfekowanych: Trojan.Java.ClassLoader.h pominięty

C:\Documents and Settings\User.jpi_cache\jar\1.0\loaderadv561.jar-5155a97b-257f346a.zip/Parser.class Zainfekowanych: Trojan.Java.ClassLoader.d pominięty

C:\Documents and Settings\User.jpi_cache\jar\1.0\loaderadv561.jar-5155a97b-257f346a.zip ZIP: zainfekowany - 3 pominięty

C:\Documents and Settings\User\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\User\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\User\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\index.dat Object is locked pominięty

C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\User\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\User\Ustawienia lokalne\Historia\History.IE5\MSHist012008041820080419\index.dat Object is locked pominięty

C:\Documents and Settings\User\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked pominięty

C:\Documents and Settings\User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\report\Osłona rezydentna.txt Object is locked pominięty

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked pominięty

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000021.FCS Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked pominięty

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked pominięty

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP67\A0081714.dll Zainfekowanych: not-a-virus:FraudTool.Win32.UltimateDefender.eb pominięty

C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP67\A0081715.dll Zainfekowanych: not-a-virus:FraudTool.Win32.UltimateDefender.eb pominięty

C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP68\A0081917.exe Zainfekowanych: not-a-virus:FraudTool.Win32.UltimateDefender.fc pominięty

C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP69\A0082089.exe Zainfekowanych: not-a-virus:FraudTool.Win32.UltimateDefender.hu pominięty

C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP70\A0082190.exe Zainfekowanych: not-a-virus:AdWare.Win32.Vapsup.ecg pominięty

C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP70\A0082191.dll Zainfekowanych: not-a-virus:AdWare.Win32.Vapsup.ech pominięty

C:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP70\change.log Object is locked pominięty

C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty

C:\WINDOWS\SchedLgU.Txt Object is locked pominięty

C:\WINDOWS\Sti_Trace.log Object is locked pominięty

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked pominięty

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\default Object is locked pominięty

C:\WINDOWS\system32\config\default.LOG Object is locked pominięty

C:\WINDOWS\system32\config\Internet.evt Object is locked pominięty

C:\WINDOWS\system32\config\ODiag.evt Object is locked pominięty

C:\WINDOWS\system32\config\OSession.evt Object is locked pominięty

C:\WINDOWS\system32\config\SAM Object is locked pominięty

C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty

C:\WINDOWS\system32\config\software Object is locked pominięty

C:\WINDOWS\system32\config\software.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\system Object is locked pominięty

C:\WINDOWS\system32\config\system.LOG Object is locked pominięty

C:\WINDOWS\system32\h323log.txt Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty

C:\WINDOWS\Temp\Perflib_Perfdata_434.dat Object is locked pominięty

C:\WINDOWS\Temp_avast4_\Webshlock.txt Object is locked pominięty

C:\WINDOWS\wiadebug.log Object is locked pominięty

C:\WINDOWS\wiaservc.log Object is locked pominięty

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

D:\System Volume Information_restore{4100A82B-99EC-4D70-8D29-26D1F0165AFC}\RP66\A0081701.inf Zainfekowanych: Trojan.Win32.VB.aqt pominięty

Proces skanowania został zakończony.