kaspersky wykryl mi virus heur: trojan.win32.generic na dysku e:\resycled\boot.com. To jest dysk recovery i nie mam pojecia co moge z tym zrobic…kaspersky schowal go do kwarantanny ale nie wiem czy to zalatwi sprawe… prosze o pomoc dzieki bardzo…

Pobierz Combofix przeskanuj system i daj log na forum.

Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj tylko linka

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:35:11, on 15.02.2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16809)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.youtube.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - C:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - C:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll

O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM…\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM…\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”

O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM…\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM…\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM…\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0\bin\jusched.exe”

O4 - HKLM…\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”

O4 - HKLM…\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU…\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU “C:\Windows\TEMP\E_S66DD.tmp” /EF “HKCU”

O4 - HKCU…\Run: [AdobeUpdater] “C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe”

O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOKALER DIENST’)

O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOKALER DIENST’)

O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETZWERKDIENST’)

O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

–

End of file - 10015 bytes

Podaj log z Combofix , nie prosiliśmy o log z Hijackthis

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link

To jest log HijackThis. Usuń ten wpis w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Daj log z Combofixa program jest u dołu strony w linku który podałem w poście powyżej

Na czas pobierania i skanowania Combofixem wyłącz Kasperskiego

ComboFix 09-02-14.01 - Pawel&Julia 2009-02-15 20:32:04.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.2046.1252 [GMT 1:00]

ausgeführt von:: d:\z netu\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)

FW: Kaspersky Internet Security *enabled*

* Neuer Wiederherstellungspunkt wurde erstellt

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\resycled

e:\resycled\boot.com

e:\resycled\Desktop.ini

e:\resycled\Folder.htt

e:\resycled\Protect.ed

.

((((((((((((((((((((((( Dateien erstellt von 2009-01-15 bis 2009-02-15 ))))))))))))))))))))))))))))))

.

2009-02-15 16:48 . 2009-02-15 20:34 1,387 --a------ c:\windows\bthservsdp.dat

2009-02-15 10:35 . 2009-02-15 10:35

2009-02-11 20:24 . 2008-06-20 02:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll

2009-02-11 20:24 . 2008-06-20 02:17 622,080 --a------ c:\windows\System32\icardagt.exe

2009-02-11 20:24 . 2008-06-20 02:18 326,160 --a------ c:\windows\System32\PresentationHost.exe

2009-02-11 20:24 . 2008-06-20 02:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll

2009-02-11 20:24 . 2008-06-20 02:17 97,800 --a------ c:\windows\System32\infocardapi.dll

2009-02-11 20:24 . 2008-06-20 02:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll

2009-02-11 20:24 . 2008-06-20 02:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl

2009-02-11 20:24 . 2008-06-20 02:17 11,264 --a------ c:\windows\System32\icardres.dll

2009-02-11 20:18 . 2008-07-27 19:00 282,112 --a------ c:\windows\System32\mscoree.dll

2009-02-11 20:18 . 2008-07-27 19:00 158,720 --a------ c:\windows\System32\mscorier.dll

2009-02-11 20:18 . 2008-07-27 19:00 96,760 --a------ c:\windows\System32\dfshim.dll

2009-02-11 20:18 . 2008-07-27 19:00 83,968 --a------ c:\windows\System32\mscories.dll

2009-02-11 20:18 . 2008-07-27 19:00 41,984 --a------ c:\windows\System32\netfxperf.dll

2009-02-11 20:15 . 2008-12-05 05:29 1,244,672 --a------ c:\windows\System32\mcmde.dll

2009-02-11 20:15 . 2008-12-05 05:29 428,032 --a------ c:\windows\System32\EncDec.dll

2009-02-11 20:15 . 2008-12-05 05:29 292,352 --a------ c:\windows\System32\psisdecd.dll

2009-02-11 20:15 . 2008-12-05 05:29 217,088 --a------ c:\windows\System32\psisrndr.ax

2009-02-11 20:15 . 2008-12-05 05:29 177,152 --a------ c:\windows\System32\mpg2splt.ax

2009-02-11 20:15 . 2008-12-05 05:29 80,896 --a------ c:\windows\System32\MSNP.ax

2009-02-11 20:15 . 2008-12-05 05:29 68,608 --a------ c:\windows\System32\Mpeg2Data.ax

2009-02-11 20:15 . 2008-12-05 05:29 57,856 --a------ c:\windows\System32\MSDvbNP.ax

2009-02-10 15:46 . 2009-02-10 15:46

2009-02-10 15:46 . 2009-02-10 15:46

2009-02-10 15:45 . 2009-02-10 15:45

2009-02-10 15:45 . 2009-02-10 15:45

2009-01-30 15:18 . 2009-01-30 15:18

2009-01-30 13:29 . 2009-01-30 13:29

2009-01-30 12:55 . 2009-01-30 12:55

2009-01-24 19:00 . 2009-01-24 19:00

2009-01-23 12:57 . 2009-01-23 12:57

2009-01-22 13:11 . 2009-01-22 13:11

2009-01-22 13:11 . 2009-01-22 13:11

2009-01-22 13:11 . 2009-01-22 13:11

2009-01-22 13:11 . 2009-01-22 13:11

2009-01-22 13:11 . 2009-01-22 13:11 230,733 --a------ c:\windows\Cole2k_Media_Toolbar_Uninstaller_1525.exe

2009-01-21 20:30 . 2009-02-13 16:09

2009-01-21 20:30 . 2009-01-21 20:30 56 --ah----- c:\users\All Users\ezsidmv.dat

2009-01-21 20:30 . 2009-01-21 20:30 56 --ah----- c:\programdata\ezsidmv.dat

2009-01-21 20:29 . 2009-01-21 20:29

2009-01-21 20:29 . 2009-01-21 20:29

2009-01-21 20:18 . 2009-01-21 20:18

2009-01-21 20:17 . 2009-01-21 20:17

2009-01-21 12:12 . 2009-01-21 12:12

2009-01-21 12:12 . 2009-01-22 11:20 56 --a------ c:\users\Pawel&Julia\AppData\Roaming\wklnhst.dat

2009-01-20 11:46 . 2009-02-13 18:43

2009-01-20 11:46 . 2009-01-21 20:29

2009-01-20 11:46 . 2009-01-21 20:29

2009-01-20 11:02 . 2009-01-20 11:02 268,800 --a------ c:\windows\System32\es.dll

2009-01-20 10:58 . 2009-02-15 09:14 27,905 --a------ c:\users\Pawel&Julia\AppData\Roaming\nvModes.dat

2009-01-18 14:25 . 2009-01-30 13:49

2009-01-18 14:11 . 2009-01-18 14:11

2009-01-18 14:10 . 2009-02-15 17:15

2009-01-18 14:07 . 2009-01-23 12:57

2009-01-18 14:06 . 2009-01-18 14:06

2009-01-18 14:05 . 2009-01-18 14:05

2009-01-18 14:05 . 2009-01-21 20:27

2009-01-18 14:05 . 2009-01-21 20:27

2009-01-18 14:05 . 2009-01-18 14:05

2009-01-18 14:05 . 2009-01-18 14:05

2009-01-18 13:31 . 2009-01-18 13:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL

2009-01-18 13:31 . 2009-01-18 13:31 272,896 --a------ c:\windows\System32\polstore.dll

2009-01-18 13:31 . 2009-01-18 13:31 61,440 --a------ c:\windows\System32\winipsec.dll

2009-01-18 13:31 . 2009-01-18 13:31 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll

2009-01-18 13:29 . 2009-01-18 13:29 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2009-01-18 13:29 . 2009-01-18 13:29 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll

2009-01-18 13:29 . 2009-01-18 13:29 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll

2009-01-18 13:28 . 2009-01-18 13:28 205,824 --a------ c:\windows\System32\msoeacct.dll

2009-01-18 13:28 . 2009-01-18 13:28 87,040 --a------ c:\windows\System32\msoert2.dll

2009-01-18 13:28 . 2009-01-18 13:28 39,424 --a------ c:\windows\System32\ACCTRES.dll

2009-01-18 13:26 . 2009-01-18 13:26 194,560 --a------ c:\windows\System32\WebClnt.dll

2009-01-18 13:26 . 2009-01-18 13:26 110,080 --a------ c:\windows\System32\drivers\mrxdav.sys

2009-01-18 13:24 . 2009-01-18 13:24 376,320 --a------ c:\windows\System32\winsrv.dll

2009-01-18 13:24 . 2009-01-18 13:24 49,664 --a------ c:\windows\System32\csrsrv.dll

2009-01-18 13:22 . 2009-01-18 13:22 297,472 --a------ c:\windows\System32\gdi32.dll

2009-01-18 13:21 . 2009-01-18 13:21 1,060,920 --a------ c:\windows\System32\drivers\ntfs.sys

2009-01-18 13:21 . 2009-01-18 13:21 41,984 --a------ c:\windows\System32\drivers\monitor.sys

2009-01-18 13:19 . 2009-01-18 13:19 374,456 --a------ c:\windows\System32\mcupdate_GenuineIntel.dll

2009-01-18 13:19 . 2009-01-18 13:19 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2009-01-18 13:18 . 2009-01-18 13:18 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2009-01-18 13:18 . 2009-01-18 13:18 1,687,040 --a------ c:\windows\System32\gameux.dll

2009-01-18 13:18 . 2009-01-18 13:18 303,616 --a------ c:\windows\System32\wmpeffects.dll

2009-01-18 13:18 . 2009-01-18 13:18 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2009-01-18 13:17 . 2009-01-18 13:17 2,027,520 --a------ c:\windows\System32\win32k.sys

2009-01-18 13:16 . 2009-01-18 13:16 1,194,496 --a------ c:\windows\System32\msxml3.dll

2009-01-18 13:16 . 2009-01-18 13:16 414,208 --a------ c:\windows\System32\msscp.dll

2009-01-18 13:16 . 2009-01-18 13:16 2,048 --a------ c:\windows\System32\msxml3r.dll

2009-01-18 13:15 . 2009-01-18 13:15 8,147,968 --a------ c:\windows\System32\wmploc.DLL

2009-01-18 13:15 . 2009-01-18 13:15 356,864 --a------ c:\windows\System32\MediaMetadataHandler.dll

2009-01-18 13:15 . 2009-01-18 13:15 7,680 --a------ c:\windows\System32\spwmp.dll

2009-01-18 13:15 . 2009-01-18 13:15 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-01-18 13:15 . 2009-01-18 13:15 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-01-18 13:14 . 2009-01-18 13:14 396,800 --a------ c:\windows\System32\MPSSVC.dll

2009-01-18 13:14 . 2009-01-18 13:14 392,192 --a------ c:\windows\System32\FirewallAPI.dll

2009-01-18 13:14 . 2009-01-18 13:14 178,688 --a------ c:\windows\System32\iphlpsvc.dll

2009-01-18 13:14 . 2009-01-18 13:14 86,016 --a------ c:\windows\System32\icfupgd.dll

2009-01-18 13:14 . 2009-01-18 13:14 63,488 --a------ c:\windows\System32\drivers\mpsdrv.sys

2009-01-18 13:14 . 2009-01-18 13:14 61,952 --a------ c:\windows\System32\cmifw.dll

2009-01-18 13:14 . 2009-01-18 13:14 23,040 --a------ c:\windows\System32\drivers\tunnel.sys

2009-01-18 13:14 . 2009-01-18 13:14 16,896 --a------ c:\windows\System32\wfapigp.dll

2009-01-18 13:14 . 2009-01-18 13:14 15,360 --a------ c:\windows\System32\drivers\TUNMP.SYS

2009-01-18 13:13 . 2009-01-18 13:13 2,048 --a------ c:\windows\System32\tzres.dll

2009-01-18 13:09 . 2009-01-18 13:09 2,923,520 --a------ c:\windows\explorer.exe

2009-01-18 13:09 . 2009-01-18 13:09 211,000 --a------ c:\windows\System32\drivers\volsnap.sys

2009-01-18 13:09 . 2009-01-18 13:09 154,624 --a------ c:\windows\System32\drivers\nwifi.sys

2009-01-18 13:09 . 2009-01-18 13:09 109,624 --a------ c:\windows\System32\drivers\ataport.sys

2009-01-18 13:09 . 2009-01-18 13:09 45,112 --a------ c:\windows\System32\drivers\pciidex.sys

2009-01-18 13:09 . 2009-01-18 13:09 21,560 --a------ c:\windows\System32\drivers\atapi.sys

2009-01-18 13:09 . 2009-01-18 13:09 15,928 --a------ c:\windows\System32\drivers\pciide.sys

2009-01-18 13:05 . 2009-01-18 13:05 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll

2009-01-18 13:03 . 2009-01-18 13:03 1,585,664 --a------ c:\windows\System32\setupapi.dll

2009-01-18 13:02 . 2009-01-18 13:02 82,432 --a------ c:\windows\System32\drivers\sdbus.sys

2009-01-18 13:00 . 2009-01-18 13:00 8,138,240 --a------ c:\windows\System32\ssBranded.scr

2009-01-18 12:59 . 2009-01-18 12:59 290,304 --a------ c:\windows\System32\drivers\srv.sys

2009-01-18 12:59 . 2009-01-18 12:59 113,664 --a------ c:\windows\System32\drivers\rmcast.sys

2009-01-18 12:59 . 2009-01-18 12:59 83,968 --a------ c:\windows\System32\dnsrslvr.dll

2009-01-18 12:59 . 2009-01-18 12:59 24,576 --a------ c:\windows\System32\dnscacheugc.exe

2009-01-18 12:59 . 2009-01-18 12:59 14,848 --a------ c:\windows\System32\wshrm.dll

2009-01-18 12:59 . 2009-01-18 12:59 11,776 --a------ c:\windows\System32\sbunattend.exe

2009-01-18 12:57 . 2009-01-18 12:57

2009-01-18 12:57 . 2009-01-18 12:57 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe

2009-01-18 12:57 . 2009-01-18 12:57 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe

2009-01-18 12:57 . 2009-01-18 12:57 1,341,440 --a------ c:\windows\System32\msxml6.dll

2009-01-18 12:57 . 2009-01-18 12:57 1,327,104 --a------ c:\windows\System32\quartz.dll

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-15 09:23 --------- d-----w c:\programdata\Roxio

2009-02-11 19:45 --------- d-----w c:\program files\Windows Mail

2009-02-10 11:34 33,808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-01-24 18:00 --------- d-----w c:\programdata\Sonic

2009-01-21 19:17 --------- d-----w c:\programdata\HP

2009-01-18 12:43 174 --sha-w c:\program files\desktop.ini

2009-01-18 12:34 --------- d-----w c:\program files\Windows Sidebar

2009-01-18 12:34 --------- d-----w c:\program files\Windows Defender

2009-01-18 12:34 --------- d-----w c:\program files\Windows Calendar

2009-01-18 12:27 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr

2009-01-18 12:27 67,584 ----a-w c:\windows\System32\wlanhlp.dll

2009-01-18 12:27 542,720 ----a-w c:\windows\System32\sysmain.dll

2009-01-18 12:27 502,784 ----a-w c:\windows\System32\wlansvc.dll

2009-01-18 12:27 47,104 ----a-w c:\windows\System32\wlanapi.dll

2009-01-18 12:27 297,984 ----a-w c:\windows\System32\wlansec.dll

2009-01-18 12:27 290,816 ----a-w c:\windows\System32\wlanmsm.dll

2009-01-18 12:27 28,344 ----a-w c:\windows\system32\drivers\battc.sys

2009-01-18 12:27 258,232 ----a-w c:\windows\system32\drivers\acpi.sys

2009-01-18 12:27 24,064 ----a-w c:\windows\System32\wtsapi32.dll

2009-01-18 12:27 20,920 ----a-w c:\windows\system32\drivers\compbatt.sys

2009-01-18 12:27 14,208 ----a-w c:\windows\system32\drivers\CmBatt.sys

2009-01-18 12:27 11,264 ----a-w c:\windows\system32\drivers\wmiacpi.sys

2009-01-18 12:18 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll

2009-01-18 12:18 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2009-01-18 12:18 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2009-01-18 12:18 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll

2009-01-18 12:18 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2009-01-18 12:05 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll

2009-01-18 12:03 944,184 ----a-w c:\windows\System32\winload.exe

2009-01-18 12:01 9,728 ----a-w c:\windows\System32\LAPRXY.DLL

2009-01-18 12:00 88,576 ----a-w c:\windows\System32\avifil32.dll

2009-01-18 11:58 996,352 ----a-w c:\windows\System32\WMNetMgr.dll

2009-01-18 11:30 --------- d-----w c:\programdata\Symantec

2009-01-18 11:30 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-18 11:28 --------- d–h--w c:\program files\InstallShield Installation Information

2009-01-18 11:28 --------- d-----w c:\programdata\Napster

2009-01-18 10:55 --------- d-sh–w c:\programdata\Vorlagen

2009-01-18 10:55 --------- d-sh–w c:\programdata\Startmenü

2009-01-18 10:55 --------- d-sh–w c:\programdata\Favoriten

2009-01-18 10:55 --------- d-sh–w c:\programdata\Dokumente

2009-01-18 10:55 --------- d-sh–w c:\programdata\Desktop

2009-01-18 10:55 --------- d-sh–w c:\programdata\Anwendungsdaten

2009-01-18 10:55 --------- d-sh–w c:\program files\Gemeinsame Dateien

2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll

2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll

2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-01-18 1232896]

“EPSON SX100 Series”=“c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE” [2008-02-05 188928]

“AdobeUpdater”=“c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe” [2009-01-26 2356088]

“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SMSERIAL”=“c:\program files\Motorola\SMSERIAL\sm56hlpr.exe” [2006-10-09 729088]

“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-01-13 827392]

“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2007-02-12 174872]

“QPService”=“c:\program files\HP\QuickPlay\QPService.exe” [2007-04-24 176128]

“QlbCtrl”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-02-13 159744]

“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2007-03-12 50696]

“hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-03-01 472776]

“WAWifiMessage”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-11 317128]

“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-17 49152]

“NvSvc”=“c:\windows\system32\nvsvc.dll” [2007-05-01 86016]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-05-01 8429568]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-05-01 81920]

“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0\bin\jusched.exe” [2007-06-22 77824]

“CognizanceTS”=“c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll” [2003-12-22 17920]

“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-02-10 201992]

“RtHDVCpl”=“RtHDVCpl.exe” [2007-03-09 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

“Launcher”=“c:\windows\SMINST\launcher.exe” [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=APSHook.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.ac3filter”= ac3filter.acm

“vidc.hfyu”= huffyuv.dll

“msacm.divxa32”= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{A135B423-55F3-4C84-A506-7B379A04AAD6}”= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

“{368C2428-A4EA-4C3B-8643-EEB015803EB9}”= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

“{DBB2A0AD-6FC2-429E-86BB-16F160CD6431}”= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

“{3024F221-CAE3-4C28-9E6E-02AE9AF33A60}”= c:\program files\HP\QuickPlay\QP.exe:Quick Play

“{54C1652A-4DED-4586-9782-EF22008D6A8B}”= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

“{06338346-F314-4117-B52B-92AA76FB9C91}”= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

“{04A33BD7-6A4A-417A-B39B-60F62A00B2C5}”= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

“{1247F1BA-839A-45E8-9002-558E2FE292F0}”= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype

“{106CF2B0-6D2F-426C-ACB0-A198E6C2D16B}”= TCP:c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

“EnableFirewall”= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-03-26 20496]

R2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe -k Cognizance [2006-11-02 22016]

R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [2006-11-02 22016]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASBroker ASChannel

bthsvcs REG_MULTI_SZ BthServ

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://de.youtube.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= … &pf=laptop

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-15 20:36:37

Windows 6.0.6000 NTFS

Scanne versteckte Prozesse…

Scanne versteckte Autostarteinträge…

Scanne versteckte Dateien…

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

• • • • • • • > ‘lsass.exe’(724)

c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll

c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

• • • • • • • > ‘Explorer.exe’(3984)

c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\rundll32.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2009-02-15 20:40:46 - PC wurde neu gestartet

ComboFix-quarantined-files.txt 2009-02-15 19:40:38

Vor Suchlauf: 17 Verzeichnis(se), 72.003.153.920 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 71,661,010,944 Bytes frei

316 — E O F — 2009-02-11 19:38:05

– Dodane 15.02.2009 (N) 20:48 –

o to chodzilo? sorry ale jestem slaby jesli chodzi o kompy…

Tak o to chodziło

Log wygląda na czysty.

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wykonaj optymalizacje Autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj system Dr.WEB CureIt!

jak mam wlaczyc i wylaczyc przywracanie systemu na wszystkich dyskach… jak wlaczam ta instrukcje obok wyskakuje mi pusta strona…

a tam przy optymalizacji autostartu mam usunac wszystkie te wpisy ktore tam sa? sory za utrudnienia

– Dodane 16.02.2009 (Pn) 19:17 –

juz mi sie ta instrukcja otworzyla ale tam jest wszystko do xp a ja mam viste

W autostarcie usuwasz tylko wpisy zbędnych programów. Ich przykłady masz w linku który podałem ale decyzje podejmujesz sama bo tylko Ty wiesz który program jest dla Ciebie zbędny.

Wyłączenie przywracania systemu dla Visty http://www.vista.pl/artykuly/11250_przy … vista.html