kaspersky wykryl mi virus heur: trojan.win32.generic na dysku e:\resycled\boot.com. To jest dysk recovery i nie mam pojecia co moge z tym zrobic…kaspersky schowal go do kwarantanny ale nie wiem czy to zalatwi sprawe… prosze o pomoc dzieki bardzo…
Pobierz Combofix przeskanuj system i daj log na forum.
Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj tylko linka
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:11, on 15.02.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - C:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - C:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0\bin\jusched.exe”
O4 - HKLM…\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”
O4 - HKLM…\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU “C:\Windows\TEMP\E_S66DD.tmp” /EF “HKCU”
O4 - HKCU…\Run: [AdobeUpdater] “C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe”
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOKALER DIENST’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOKALER DIENST’)
O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETZWERKDIENST’)
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
–
End of file - 10015 bytes
Podaj log z Combofix , nie prosiliśmy o log z Hijackthis
Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link
To jest log HijackThis. Usuń ten wpis w HJT
Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked
Daj log z Combofixa program jest u dołu strony w linku który podałem w poście powyżej
Na czas pobierania i skanowania Combofixem wyłącz Kasperskiego
ComboFix 09-02-14.01 - Pawel&Julia 2009-02-15 20:32:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.2046.1252 [GMT 1:00]
ausgeführt von:: d:\z netu\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\resycled
e:\resycled\boot.com
e:\resycled\Desktop.ini
e:\resycled\Folder.htt
e:\resycled\Protect.ed
.
((((((((((((((((((((((( Dateien erstellt von 2009-01-15 bis 2009-02-15 ))))))))))))))))))))))))))))))
.
2009-02-15 16:48 . 2009-02-15 20:34 1,387 --a------ c:\windows\bthservsdp.dat
2009-02-15 10:35 . 2009-02-15 10:35
2009-02-11 20:24 . 2008-06-20 02:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-11 20:24 . 2008-06-20 02:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-11 20:24 . 2008-06-20 02:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-11 20:24 . 2008-06-20 02:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-11 20:24 . 2008-06-20 02:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-11 20:24 . 2008-06-20 02:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-11 20:24 . 2008-06-20 02:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-11 20:24 . 2008-06-20 02:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-11 20:18 . 2008-07-27 19:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-11 20:18 . 2008-07-27 19:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-11 20:18 . 2008-07-27 19:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-11 20:18 . 2008-07-27 19:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-11 20:18 . 2008-07-27 19:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-11 20:15 . 2008-12-05 05:29 1,244,672 --a------ c:\windows\System32\mcmde.dll
2009-02-11 20:15 . 2008-12-05 05:29 428,032 --a------ c:\windows\System32\EncDec.dll
2009-02-11 20:15 . 2008-12-05 05:29 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-02-11 20:15 . 2008-12-05 05:29 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-11 20:15 . 2008-12-05 05:29 177,152 --a------ c:\windows\System32\mpg2splt.ax
2009-02-11 20:15 . 2008-12-05 05:29 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 20:15 . 2008-12-05 05:29 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-02-11 20:15 . 2008-12-05 05:29 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-02-10 15:46 . 2009-02-10 15:46
2009-02-10 15:46 . 2009-02-10 15:46
2009-02-10 15:45 . 2009-02-10 15:45
2009-02-10 15:45 . 2009-02-10 15:45
2009-01-30 15:18 . 2009-01-30 15:18
2009-01-30 13:29 . 2009-01-30 13:29
2009-01-30 12:55 . 2009-01-30 12:55
2009-01-24 19:00 . 2009-01-24 19:00
2009-01-23 12:57 . 2009-01-23 12:57
2009-01-22 13:11 . 2009-01-22 13:11
2009-01-22 13:11 . 2009-01-22 13:11
2009-01-22 13:11 . 2009-01-22 13:11
2009-01-22 13:11 . 2009-01-22 13:11
2009-01-22 13:11 . 2009-01-22 13:11 230,733 --a------ c:\windows\Cole2k_Media_Toolbar_Uninstaller_1525.exe
2009-01-21 20:30 . 2009-02-13 16:09
2009-01-21 20:30 . 2009-01-21 20:30 56 --ah----- c:\users\All Users\ezsidmv.dat
2009-01-21 20:30 . 2009-01-21 20:30 56 --ah----- c:\programdata\ezsidmv.dat
2009-01-21 20:29 . 2009-01-21 20:29
2009-01-21 20:29 . 2009-01-21 20:29
2009-01-21 20:18 . 2009-01-21 20:18
2009-01-21 20:17 . 2009-01-21 20:17
2009-01-21 12:12 . 2009-01-21 12:12
2009-01-21 12:12 . 2009-01-22 11:20 56 --a------ c:\users\Pawel&Julia\AppData\Roaming\wklnhst.dat
2009-01-20 11:46 . 2009-02-13 18:43
2009-01-20 11:46 . 2009-01-21 20:29
2009-01-20 11:46 . 2009-01-21 20:29
2009-01-20 11:02 . 2009-01-20 11:02 268,800 --a------ c:\windows\System32\es.dll
2009-01-20 10:58 . 2009-02-15 09:14 27,905 --a------ c:\users\Pawel&Julia\AppData\Roaming\nvModes.dat
2009-01-18 14:25 . 2009-01-30 13:49
2009-01-18 14:11 . 2009-01-18 14:11
2009-01-18 14:10 . 2009-02-15 17:15
2009-01-18 14:07 . 2009-01-23 12:57
2009-01-18 14:06 . 2009-01-18 14:06
2009-01-18 14:05 . 2009-01-18 14:05
2009-01-18 14:05 . 2009-01-21 20:27
2009-01-18 14:05 . 2009-01-21 20:27
2009-01-18 14:05 . 2009-01-18 14:05
2009-01-18 14:05 . 2009-01-18 14:05
2009-01-18 13:31 . 2009-01-18 13:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-01-18 13:31 . 2009-01-18 13:31 272,896 --a------ c:\windows\System32\polstore.dll
2009-01-18 13:31 . 2009-01-18 13:31 61,440 --a------ c:\windows\System32\winipsec.dll
2009-01-18 13:31 . 2009-01-18 13:31 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-01-18 13:29 . 2009-01-18 13:29 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-01-18 13:29 . 2009-01-18 13:29 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2009-01-18 13:29 . 2009-01-18 13:29 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-18 13:28 . 2009-01-18 13:28 205,824 --a------ c:\windows\System32\msoeacct.dll
2009-01-18 13:28 . 2009-01-18 13:28 87,040 --a------ c:\windows\System32\msoert2.dll
2009-01-18 13:28 . 2009-01-18 13:28 39,424 --a------ c:\windows\System32\ACCTRES.dll
2009-01-18 13:26 . 2009-01-18 13:26 194,560 --a------ c:\windows\System32\WebClnt.dll
2009-01-18 13:26 . 2009-01-18 13:26 110,080 --a------ c:\windows\System32\drivers\mrxdav.sys
2009-01-18 13:24 . 2009-01-18 13:24 376,320 --a------ c:\windows\System32\winsrv.dll
2009-01-18 13:24 . 2009-01-18 13:24 49,664 --a------ c:\windows\System32\csrsrv.dll
2009-01-18 13:22 . 2009-01-18 13:22 297,472 --a------ c:\windows\System32\gdi32.dll
2009-01-18 13:21 . 2009-01-18 13:21 1,060,920 --a------ c:\windows\System32\drivers\ntfs.sys
2009-01-18 13:21 . 2009-01-18 13:21 41,984 --a------ c:\windows\System32\drivers\monitor.sys
2009-01-18 13:19 . 2009-01-18 13:19 374,456 --a------ c:\windows\System32\mcupdate_GenuineIntel.dll
2009-01-18 13:19 . 2009-01-18 13:19 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-01-18 13:18 . 2009-01-18 13:18 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-18 13:18 . 2009-01-18 13:18 1,687,040 --a------ c:\windows\System32\gameux.dll
2009-01-18 13:18 . 2009-01-18 13:18 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-01-18 13:18 . 2009-01-18 13:18 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-18 13:17 . 2009-01-18 13:17 2,027,520 --a------ c:\windows\System32\win32k.sys
2009-01-18 13:16 . 2009-01-18 13:16 1,194,496 --a------ c:\windows\System32\msxml3.dll
2009-01-18 13:16 . 2009-01-18 13:16 414,208 --a------ c:\windows\System32\msscp.dll
2009-01-18 13:16 . 2009-01-18 13:16 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-01-18 13:15 . 2009-01-18 13:15 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-01-18 13:15 . 2009-01-18 13:15 356,864 --a------ c:\windows\System32\MediaMetadataHandler.dll
2009-01-18 13:15 . 2009-01-18 13:15 7,680 --a------ c:\windows\System32\spwmp.dll
2009-01-18 13:15 . 2009-01-18 13:15 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-01-18 13:15 . 2009-01-18 13:15 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-01-18 13:14 . 2009-01-18 13:14 396,800 --a------ c:\windows\System32\MPSSVC.dll
2009-01-18 13:14 . 2009-01-18 13:14 392,192 --a------ c:\windows\System32\FirewallAPI.dll
2009-01-18 13:14 . 2009-01-18 13:14 178,688 --a------ c:\windows\System32\iphlpsvc.dll
2009-01-18 13:14 . 2009-01-18 13:14 86,016 --a------ c:\windows\System32\icfupgd.dll
2009-01-18 13:14 . 2009-01-18 13:14 63,488 --a------ c:\windows\System32\drivers\mpsdrv.sys
2009-01-18 13:14 . 2009-01-18 13:14 61,952 --a------ c:\windows\System32\cmifw.dll
2009-01-18 13:14 . 2009-01-18 13:14 23,040 --a------ c:\windows\System32\drivers\tunnel.sys
2009-01-18 13:14 . 2009-01-18 13:14 16,896 --a------ c:\windows\System32\wfapigp.dll
2009-01-18 13:14 . 2009-01-18 13:14 15,360 --a------ c:\windows\System32\drivers\TUNMP.SYS
2009-01-18 13:13 . 2009-01-18 13:13 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-18 13:09 . 2009-01-18 13:09 2,923,520 --a------ c:\windows\explorer.exe
2009-01-18 13:09 . 2009-01-18 13:09 211,000 --a------ c:\windows\System32\drivers\volsnap.sys
2009-01-18 13:09 . 2009-01-18 13:09 154,624 --a------ c:\windows\System32\drivers\nwifi.sys
2009-01-18 13:09 . 2009-01-18 13:09 109,624 --a------ c:\windows\System32\drivers\ataport.sys
2009-01-18 13:09 . 2009-01-18 13:09 45,112 --a------ c:\windows\System32\drivers\pciidex.sys
2009-01-18 13:09 . 2009-01-18 13:09 21,560 --a------ c:\windows\System32\drivers\atapi.sys
2009-01-18 13:09 . 2009-01-18 13:09 15,928 --a------ c:\windows\System32\drivers\pciide.sys
2009-01-18 13:05 . 2009-01-18 13:05 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2009-01-18 13:03 . 2009-01-18 13:03 1,585,664 --a------ c:\windows\System32\setupapi.dll
2009-01-18 13:02 . 2009-01-18 13:02 82,432 --a------ c:\windows\System32\drivers\sdbus.sys
2009-01-18 13:00 . 2009-01-18 13:00 8,138,240 --a------ c:\windows\System32\ssBranded.scr
2009-01-18 12:59 . 2009-01-18 12:59 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-01-18 12:59 . 2009-01-18 12:59 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-01-18 12:59 . 2009-01-18 12:59 83,968 --a------ c:\windows\System32\dnsrslvr.dll
2009-01-18 12:59 . 2009-01-18 12:59 24,576 --a------ c:\windows\System32\dnscacheugc.exe
2009-01-18 12:59 . 2009-01-18 12:59 14,848 --a------ c:\windows\System32\wshrm.dll
2009-01-18 12:59 . 2009-01-18 12:59 11,776 --a------ c:\windows\System32\sbunattend.exe
2009-01-18 12:57 . 2009-01-18 12:57
2009-01-18 12:57 . 2009-01-18 12:57 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe
2009-01-18 12:57 . 2009-01-18 12:57 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe
2009-01-18 12:57 . 2009-01-18 12:57 1,341,440 --a------ c:\windows\System32\msxml6.dll
2009-01-18 12:57 . 2009-01-18 12:57 1,327,104 --a------ c:\windows\System32\quartz.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 09:23 --------- d-----w c:\programdata\Roxio
2009-02-11 19:45 --------- d-----w c:\program files\Windows Mail
2009-02-10 11:34 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-01-24 18:00 --------- d-----w c:\programdata\Sonic
2009-01-21 19:17 --------- d-----w c:\programdata\HP
2009-01-18 12:43 174 --sha-w c:\program files\desktop.ini
2009-01-18 12:34 --------- d-----w c:\program files\Windows Sidebar
2009-01-18 12:34 --------- d-----w c:\program files\Windows Defender
2009-01-18 12:34 --------- d-----w c:\program files\Windows Calendar
2009-01-18 12:27 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2009-01-18 12:27 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2009-01-18 12:27 542,720 ----a-w c:\windows\System32\sysmain.dll
2009-01-18 12:27 502,784 ----a-w c:\windows\System32\wlansvc.dll
2009-01-18 12:27 47,104 ----a-w c:\windows\System32\wlanapi.dll
2009-01-18 12:27 297,984 ----a-w c:\windows\System32\wlansec.dll
2009-01-18 12:27 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2009-01-18 12:27 28,344 ----a-w c:\windows\system32\drivers\battc.sys
2009-01-18 12:27 258,232 ----a-w c:\windows\system32\drivers\acpi.sys
2009-01-18 12:27 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2009-01-18 12:27 20,920 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-01-18 12:27 14,208 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-01-18 12:27 11,264 ----a-w c:\windows\system32\drivers\wmiacpi.sys
2009-01-18 12:18 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-18 12:18 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-18 12:18 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-18 12:18 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-18 12:18 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-18 12:05 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll
2009-01-18 12:03 944,184 ----a-w c:\windows\System32\winload.exe
2009-01-18 12:01 9,728 ----a-w c:\windows\System32\LAPRXY.DLL
2009-01-18 12:00 88,576 ----a-w c:\windows\System32\avifil32.dll
2009-01-18 11:58 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-18 11:30 --------- d-----w c:\programdata\Symantec
2009-01-18 11:30 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-18 11:28 --------- d–h--w c:\program files\InstallShield Installation Information
2009-01-18 11:28 --------- d-----w c:\programdata\Napster
2009-01-18 10:55 --------- d-sh–w c:\programdata\Vorlagen
2009-01-18 10:55 --------- d-sh–w c:\programdata\Startmenü
2009-01-18 10:55 --------- d-sh–w c:\programdata\Favoriten
2009-01-18 10:55 --------- d-sh–w c:\programdata\Dokumente
2009-01-18 10:55 --------- d-sh–w c:\programdata\Desktop
2009-01-18 10:55 --------- d-sh–w c:\programdata\Anwendungsdaten
2009-01-18 10:55 --------- d-sh–w c:\program files\Gemeinsame Dateien
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-01-18 1232896]
“EPSON SX100 Series”=“c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE” [2008-02-05 188928]
“AdobeUpdater”=“c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe” [2009-01-26 2356088]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SMSERIAL”=“c:\program files\Motorola\SMSERIAL\sm56hlpr.exe” [2006-10-09 729088]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-01-13 827392]
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2007-02-12 174872]
“QPService”=“c:\program files\HP\QuickPlay\QPService.exe” [2007-04-24 176128]
“QlbCtrl”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-02-13 159744]
“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2007-03-12 50696]
“hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-03-01 472776]
“WAWifiMessage”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-11 317128]
“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-17 49152]
“NvSvc”=“c:\windows\system32\nvsvc.dll” [2007-05-01 86016]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-05-01 8429568]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-05-01 81920]
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0\bin\jusched.exe” [2007-06-22 77824]
“CognizanceTS”=“c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll” [2003-12-22 17920]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-02-10 201992]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-03-09 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“Launcher”=“c:\windows\SMINST\launcher.exe” [2006-11-08 44128]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=APSHook.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.ac3filter”= ac3filter.acm
“vidc.hfyu”= huffyuv.dll
“msacm.divxa32”= DivXa32.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{A135B423-55F3-4C84-A506-7B379A04AAD6}”= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
“{368C2428-A4EA-4C3B-8643-EEB015803EB9}”= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{DBB2A0AD-6FC2-429E-86BB-16F160CD6431}”= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{3024F221-CAE3-4C28-9E6E-02AE9AF33A60}”= c:\program files\HP\QuickPlay\QP.exe:Quick Play
“{54C1652A-4DED-4586-9782-EF22008D6A8B}”= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
“{06338346-F314-4117-B52B-92AA76FB9C91}”= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{04A33BD7-6A4A-417A-B39B-60F62A00B2C5}”= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
“{1247F1BA-839A-45E8-9002-558E2FE292F0}”= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
“{106CF2B0-6D2F-426C-ACB0-A198E6C2D16B}”= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-03-26 20496]
R2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe -k Cognizance [2006-11-02 22016]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [2006-11-02 22016]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.youtube.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 20:36:37
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse…
Scanne versteckte Autostarteinträge…
Scanne versteckte Dateien…
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
-
-
-
-
-
-
- > ‘lsass.exe’(724)
-
-
-
-
-
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll
-
-
-
-
-
-
- > ‘Explorer.exe’(3984)
-
-
-
-
-
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-02-15 20:40:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-02-15 19:40:38
Vor Suchlauf: 17 Verzeichnis(se), 72.003.153.920 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 71,661,010,944 Bytes frei
316 — E O F — 2009-02-11 19:38:05
– Dodane 15.02.2009 (N) 20:48 –
o to chodzilo? sorry ale jestem slaby jesli chodzi o kompy…
Tak o to chodziło
Log wygląda na czysty.
usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.
Przeczyść system oraz rejestr CCleaner
Wykonaj optymalizacje Autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj system Dr.WEB CureIt!
jak mam wlaczyc i wylaczyc przywracanie systemu na wszystkich dyskach… jak wlaczam ta instrukcje obok wyskakuje mi pusta strona…
a tam przy optymalizacji autostartu mam usunac wszystkie te wpisy ktore tam sa? sory za utrudnienia
– Dodane 16.02.2009 (Pn) 19:17 –
juz mi sie ta instrukcja otworzyla ale tam jest wszystko do xp a ja mam viste
W autostarcie usuwasz tylko wpisy zbędnych programów. Ich przykłady masz w linku który podałem ale decyzje podejmujesz sama bo tylko Ty wiesz który program jest dla Ciebie zbędny.
Wyłączenie przywracania systemu dla Visty http://www.vista.pl/artykuly/11250_przy … vista.html