Patato
(Patatoo)
8 Grudzień 2007 15:07
#1
Witam Wszystkich! Od pewnego Avast zaczął wykrywać mi trojana WIn32:tiny-jc. Pomimo usuwania co 24 godziny dostawałem informację o zainfekowaniu tym samym trojanem. Z czasem lista szkodników rozszerzyła się o Win32:Obfuscated, Win32:Adware-gen, Win32:Agent-NMK, Win32:Rbot-ETN. BitDefender wykrył jeszcze jakieś dodatkowe, a ponadto “nieusuwalnego” Vundo. Proszę o poradę, jak pozbyć się pasożytów Z góry dziękuję wszystkim spieszącym z pomocą.
Zamieszczam logi z HijackThis i ComboFix
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:12:27, on 2007-12-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: {de4204af-0e73-1429-dcc4-c87c9cb5b624} - {426b5bc9-c78c-4ccd-9241-37e0fa4024ed} - C:\WINDOWS\system32\pullhote.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {811A61DA-C6B3-4FB9-94A3-A6584A13E489} - C:\WINDOWS\system32\pmnnk.dll O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKLM…\Run: [84d54465] rundll32.exe “C:\WINDOWS\system32\qelnkwlk.dll”,b O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe” -onlytray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc … oscan8.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: nnnljkh - nnnljkh.dll (file missing) O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – End of file - 6686 bytes
ComboFix 07-12-08.1 - Mylki 2007-12-08 15:17:41.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.158 [GMT 1:00] Running from: C:\Documents and Settings\Mylki\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Mylki\Dane aplikacji\inst.exe C:\WINDOWS\cookies.ini C:\WINDOWS\system32\brymakpg.dll C:\WINDOWS\system32\cswgsaux.dll C:\WINDOWS\system32\dnmwvnik.dll C:\WINDOWS\system32\ftewycju.dll C:\WINDOWS\system32\klwknleq.ini C:\WINDOWS\system32\knnmp.bak1 C:\WINDOWS\system32\knnmp.bak2 C:\WINDOWS\system32\knnmp.ini C:\WINDOWS\system32\knnmp.ini2 C:\WINDOWS\system32\knnmp.tmp C:\WINDOWS\system32\pmnnk.dll C:\WINDOWS\system32\pullhote.dll C:\WINDOWS\system32\qelnkwlk.dll C:\WINDOWS\system32\tixrytoj.dll . ((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))) . 2007-12-07 19:49 . 2007-12-07 19:49 1,918 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-07 19:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-07 19:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-07 19:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-07 19:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-07 19:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-06 23:22 . 2007-12-08 00:04 2007-12-06 23:21 . 2007-12-07 19:58 809,577 —hs---- C:\WINDOWS\system32\fjebyyve.ini 2007-12-06 23:03 . 2007-12-07 23:33 2007-12-06 13:56 . 2007-12-06 13:56 2007-12-05 23:22 . 2007-12-06 13:42 872,895 —hs---- C:\WINDOWS\system32\royjsvvs.ini 2007-12-04 23:25 . 2007-12-05 17:05 806,620 —hs---- C:\WINDOWS\system32\dcxowiji.ini 2007-12-03 23:28 . 2007-12-04 15:36 794,280 —hs---- C:\WINDOWS\system32\piklvvht.ini 2007-12-03 22:42 . 2007-12-03 22:42 2007-12-03 21:20 . 2007-12-03 21:20 2007-12-03 21:16 . 2007-12-03 21:16 2007-12-03 21:14 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-12-03 21:14 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-12-03 21:14 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-12-03 21:14 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-12-03 21:14 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-12-03 01:09 . 2007-12-03 01:09 2007-12-03 00:07 . 2007-12-03 00:07 2007-12-02 23:22 . 2007-12-03 22:19 793,784 —hs---- C:\WINDOWS\system32\tymjpxud.ini 2007-12-01 23:23 . 2007-12-01 23:24 793,664 —hs---- C:\WINDOWS\system32\nhgmwguw.ini 2007-12-01 13:49 . 2007-12-06 14:09 266 --a------ C:\WINDOWS\maketorrent.ini 2007-12-01 13:48 . 2007-12-01 13:48 2007-12-01 09:25 . 2007-12-01 09:25 2007-12-01 09:25 . 2007-12-08 14:51 2007-12-01 01:51 . 2007-12-01 02:08 2007-12-01 01:51 . 2007-12-01 01:51 2007-12-01 01:49 . 2007-12-01 12:34 2007-12-01 00:39 . 2007-12-01 00:45 2007-11-30 23:48 . 2007-12-08 14:48 2007-11-30 23:25 . 2007-12-01 01:00 793,664 —hs---- C:\WINDOWS\system32\aumukvdq.ini 2007-11-29 22:39 . 2002-07-17 09:20 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2007-11-29 22:39 . 2002-07-17 08:53 16,877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-11-29 22:39 . 2002-07-17 16:22 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2007-11-29 22:39 . 2002-07-17 16:22 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2007-11-29 22:25 . 2007-11-29 22:25 2007-11-29 22:25 . 2007-11-29 23:03 2007-11-28 00:12 . 2007-11-28 00:34 2007-11-27 22:25 . 2007-11-27 22:25 2007-11-27 22:16 . 2007-11-27 22:16 2007-11-27 22:16 . 2007-11-27 22:16 2007-11-26 21:04 . 2007-11-27 22:05 2007-11-26 21:03 . 2007-11-26 21:03 2007-11-26 18:10 . 2007-11-26 18:10 2007-11-23 21:12 . 2007-11-23 21:12 2007-11-22 23:55 . 2007-11-22 23:56 2007-11-22 23:55 . 2007-11-25 01:41 679 --a------ C:\WINDOWS\wincmd.ini 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF 2007-11-22 21:19 . 2007-11-22 21:19 2007-11-22 20:40 . 2007-12-04 01:09 2007-11-22 20:13 . 2007-11-22 20:13 2007-11-22 20:10 . 2007-12-03 22:19 2007-11-22 20:10 . 2007-11-22 20:10 2007-11-22 20:09 . 2007-11-22 20:09 2007-11-22 20:09 . 2007-12-03 21:19 2007-11-22 20:09 . 2007-11-22 21:06 2007-11-22 20:08 . 2007-12-03 21:22 2007-11-22 20:08 . 2007-12-03 21:14 2007-11-22 20:08 . 2007-12-03 21:08 2007-11-22 20:08 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-11-22 20:07 . 2007-12-08 15:09 2007-11-21 23:40 . 2007-11-21 23:40 2007-11-21 19:33 . 2007-12-04 21:54 3,244 --a------ C:\WINDOWS\polonica.ini 2007-11-21 17:35 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-11-21 17:33 . 2007-11-21 17:33 2007-11-21 17:33 . 2007-11-21 17:33 2007-11-21 17:28 . 2007-11-21 17:32 2007-11-21 17:27 . 2007-11-21 17:27 2007-11-21 17:27 . 2007-11-21 17:35 2007-11-21 17:22 . 2007-11-21 17:22 2007-11-21 17:14 . 2007-11-21 17:14 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-21 00:07 . 2007-12-08 14:49 2007-11-20 17:12 . 2007-11-20 17:12 2007-11-20 17:12 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-20 17:12 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-11-20 17:12 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-11-20 17:12 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-11-20 17:12 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-11-20 17:12 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-11-20 17:12 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-20 17:12 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-11-20 16:49 . 2007-11-20 16:49 2007-11-20 16:40 . 2007-11-20 16:40 2007-11-20 16:40 . 2007-11-21 21:24 2007-11-19 19:35 . 2007-11-19 19:35 2007-11-18 23:33 . 2007-11-18 23:33 2007-11-18 10:38 . 2007-11-18 10:38 2007-11-18 10:19 . 2007-11-18 10:19 2007-11-18 00:12 . 2007-11-18 00:12 2007-11-17 07:46 . 2007-12-07 19:02 69 --a------ C:\WINDOWS\NeroDigital.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 10:20 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-11 10:18 --------- d-----w C:\Program Files\Usługi online 2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2007-09-17 18:00 56,360 ----a-w C:\WINDOWS\system32\WBHELP2.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] @={99FD978C-D287-4F50-827F-B2C658EDA8E7} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] @={AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] @={920E6DB1-9907-4370-B3A0-BAFC03D81399} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] @={16F3DD56-1AF5-4347-846D-7C10C4192619} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] @={2916C86E-86A6-43FE-8112-43ABE6BF8DCC} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Offline Files] [HKEY_CLASSES_ROOT\CLSID{99FD978C-D287-4F50-827F-B2C658EDA8E7}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID{920E6DB1-9907-4370-B3A0-BAFC03D81399}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID{16F3DD56-1AF5-4347-846D-7C10C4192619}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “PC Suite Tray”=“C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe” [2007-11-09 13:16] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2003-04-02 15:40 C:\WINDOWS\system32\nwiz.exe] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47] “Ad-Watch”=“C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe” [2007-09-26 15:18] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44] “Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnljkh] nnnljkh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32] winbue32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys . Contents of the ‘Scheduled Tasks’ folder “2007-12-07 23:01:06 C:\WINDOWS\Tasks\WebReg psc 1500 series.job” - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-08 15:30:04 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-08 15:31:50 - machine was rebooted . — E O F —
Gutek
(Gutek)
8 Grudzień 2007 17:00
#2
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo
Patato
(Patatoo)
8 Grudzień 2007 17:46
#3
Zrobione zgodnie z zaleceniami
ComboFix 07-12-08.1 - Mylki 2007-12-08 18:36:17.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.250 [GMT 1:00] Running from: C:\Documents and Settings\Mylki\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))) . 2007-12-08 16:15 . 2007-12-08 16:15 2007-12-08 16:14 . 2007-12-08 15:31 2007-12-08 16:14 . 2007-11-12 18:42 2007-12-08 16:14 . 2007-11-12 18:47 2007-12-08 16:14 . 2007-11-12 18:42 2007-12-08 16:14 . 2007-11-12 18:42 2007-12-08 16:14 . 2007-11-12 18:42 2007-12-08 16:14 . 2007-11-12 18:42 2007-12-07 19:49 . 2007-12-07 19:49 1,918 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-07 19:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-07 19:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-07 19:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-07 19:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-07 19:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-06 23:22 . 2007-12-08 00:04 2007-12-06 23:03 . 2007-12-07 23:33 2007-12-06 13:56 . 2007-12-06 13:56 2007-12-03 22:42 . 2007-12-03 22:42 2007-12-03 21:20 . 2007-12-03 21:20 2007-12-03 21:16 . 2007-12-03 21:16 2007-12-03 21:14 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-12-03 21:14 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-12-03 21:14 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-12-03 21:14 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-12-03 21:14 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-12-03 01:09 . 2007-12-03 01:09 2007-12-03 00:07 . 2007-12-03 00:07 2007-12-01 13:49 . 2007-12-06 14:09 266 --a------ C:\WINDOWS\maketorrent.ini 2007-12-01 13:48 . 2007-12-01 13:48 2007-12-01 09:25 . 2007-12-01 09:25 2007-12-01 09:25 . 2007-12-08 18:31 2007-12-01 01:51 . 2007-12-01 02:08 2007-12-01 01:51 . 2007-12-01 01:51 2007-12-01 01:49 . 2007-12-01 12:34 2007-12-01 00:39 . 2007-12-01 00:45 2007-11-30 23:48 . 2007-12-08 14:48 2007-11-29 22:39 . 2002-07-17 09:20 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2007-11-29 22:39 . 2002-07-17 08:53 16,877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-11-29 22:39 . 2002-07-17 16:22 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2007-11-29 22:39 . 2002-07-17 16:22 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2007-11-29 22:25 . 2007-11-29 22:25 2007-11-29 22:25 . 2007-11-29 23:03 2007-11-28 00:12 . 2007-11-28 00:34 2007-11-27 22:25 . 2007-11-27 22:25 2007-11-27 22:16 . 2007-11-27 22:16 2007-11-27 22:16 . 2007-11-27 22:16 2007-11-26 21:04 . 2007-11-27 22:05 2007-11-26 21:03 . 2007-11-26 21:03 2007-11-26 18:10 . 2007-11-26 18:10 2007-11-23 21:12 . 2007-11-23 21:12 2007-11-22 23:55 . 2007-11-22 23:56 2007-11-22 23:55 . 2007-11-25 01:41 679 --a------ C:\WINDOWS\wincmd.ini 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF 2007-11-22 23:55 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF 2007-11-22 21:19 . 2007-11-22 21:19 2007-11-22 20:40 . 2007-12-04 01:09 2007-11-22 20:13 . 2007-11-22 20:13 2007-11-22 20:10 . 2007-12-03 22:19 2007-11-22 20:10 . 2007-11-22 20:10 2007-11-22 20:09 . 2007-11-22 20:09 2007-11-22 20:09 . 2007-12-03 21:19 2007-11-22 20:09 . 2007-11-22 21:06 2007-11-22 20:08 . 2007-12-03 21:22 2007-11-22 20:08 . 2007-12-03 21:14 2007-11-22 20:08 . 2007-12-03 21:08 2007-11-22 20:08 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-11-22 20:07 . 2007-12-08 15:09 2007-11-21 23:40 . 2007-11-21 23:40 2007-11-21 19:33 . 2007-12-08 18:26 3,244 --a------ C:\WINDOWS\polonica.ini 2007-11-21 17:35 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-11-21 17:33 . 2007-11-21 17:33 2007-11-21 17:33 . 2007-11-21 17:33 2007-11-21 17:28 . 2007-11-21 17:32 2007-11-21 17:27 . 2007-11-21 17:27 2007-11-21 17:27 . 2007-11-21 17:35 2007-11-21 17:22 . 2007-11-21 17:22 2007-11-21 17:14 . 2007-11-21 17:14 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-21 00:07 . 2007-12-08 14:49 2007-11-20 17:12 . 2007-11-20 17:12 2007-11-20 17:12 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-20 17:12 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-11-20 17:12 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-11-20 17:12 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-11-20 17:12 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-11-20 17:12 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-11-20 17:12 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-20 17:12 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-11-20 16:49 . 2007-11-20 16:49 2007-11-20 16:40 . 2007-11-20 16:40 2007-11-20 16:40 . 2007-11-21 21:24 2007-11-19 19:35 . 2007-11-19 19:35 2007-11-18 23:33 . 2007-11-18 23:33 2007-11-18 10:38 . 2007-11-18 10:38 2007-11-18 10:19 . 2007-11-18 10:19 2007-11-18 00:12 . 2007-11-18 00:12 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 10:20 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-11 10:18 --------- d-----w C:\Program Files\Usługi online 2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2007-09-17 18:00 56,360 ----a-w C:\WINDOWS\system32\WBHELP2.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] @={99FD978C-D287-4F50-827F-B2C658EDA8E7} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] @={AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] @={920E6DB1-9907-4370-B3A0-BAFC03D81399} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] @={16F3DD56-1AF5-4347-846D-7C10C4192619} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] @={2916C86E-86A6-43FE-8112-43ABE6BF8DCC} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Offline Files] [HKEY_CLASSES_ROOT\CLSID{99FD978C-D287-4F50-827F-B2C658EDA8E7}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID{920E6DB1-9907-4370-B3A0-BAFC03D81399}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID{16F3DD56-1AF5-4347-846D-7C10C4192619}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_CLASSES_ROOT\CLSID{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2003-04-02 15:40 C:\WINDOWS\system32\nwiz.exe] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] “Ad-Watch”=“C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe” [2007-09-26 15:18] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44] “Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 00:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys *Newly Created Service* - AD-WATCH_REGISTRY_FILTER . Contents of the ‘Scheduled Tasks’ folder “2007-12-07 23:01:06 C:\WINDOWS\Tasks\WebReg psc 1500 series.job” - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-08 18:40:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-08 18:42:21 . — E O F —
Gutek
(Gutek)
8 Grudzień 2007 18:31
#4
Patato
(Patatoo)
8 Grudzień 2007 19:16
#5
Optymalizacja i czyszczenie systemu się robi , ale BitDefender cały czas wykrywa Vundo :co:
Patato
(Patatoo)
8 Grudzień 2007 21:52
#7
To jest wynik skanowania Kaspersky’m
System operacyjny: Microsoft Windows XP Home Edition, Dodatek Service Pack 2 (Build 2600) Kaspersky Online Scanner wersja: 5.0.98.0 Ostatnia aktualizacja Kaspersky Anti-Virus 8/12/2007 Liczba wpisów w bazie danych Kaspersky Anti-Virus477399 Ustawienia skanowania Skanowanie przy użyciu następujących baz danych rozszerzone Skanuj archiwa tak Skanuj pocztowe bazy danych tak Obszar skanowania Mój komputer A:\ C:\ D:\ E:\ F:\ G:\ Statystyki skanowania Liczba skanowanych obiektów 55304 Liczba wykrytych wirusów 6 Liczba zainfekowanych obiektów 12 Liczba podejrzanych obiektów 0 Czas trwania skanowania 01:33:08 Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Lavasoft\Ad-Aware 2007\logs\AWProcessesLog.log Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Lavasoft\Ad-Aware 2007\logs\CoreEngineCommunicationLog.log Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\Mylki\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\Mylki\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\cert8.db Object is locked pominięty C:\Documents and Settings\Mylki\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\formhistory.dat Object is locked pominięty C:\Documents and Settings\Mylki\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\history.dat Object is locked pominięty C:\Documents and Settings\Mylki\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\key3.db Object is locked pominięty C:\Documents and Settings\Mylki\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\parent.lock Object is locked pominięty C:\Documents and Settings\Mylki\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\search.sqlite Object is locked pominięty C:\Documents and Settings\Mylki\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\urlclassifier2.sqlite Object is locked pominięty C:\Documents and Settings\Mylki\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\Mylki\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\Mylki\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\Mylki\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\Mylki\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\Cache_CACHE_001_ Object is locked pominięty C:\Documents and Settings\Mylki\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\Cache_CACHE_002_ Object is locked pominięty C:\Documents and Settings\Mylki\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\Cache_CACHE_003_ Object is locked pominięty C:\Documents and Settings\Mylki\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\3037nd72.default\Cache_CACHE_MAP_ Object is locked pominięty C:\Documents and Settings\Mylki\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\Mylki\Ustawienia lokalne\Historia\History.IE5\MSHist012007120820071209\index.dat Object is locked pominięty C:\Documents and Settings\Mylki\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked pominięty C:\Documents and Settings\Mylki\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked pominięty C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked pominięty C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked pominięty C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked pominięty C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked pominięty C:\Program Files\Alwil Software\Avast4\DATA\report\Osłona rezydentna.txt Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked pominięty C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked pominięty C:\RECYCLER\S-1-5-21-1202660629-492894223-839522115-1004\Dc8\Install\ntbasepl.nup/setup.exe Zainfekowanych: Worm.Win32.Downloader.cl pominięty C:\RECYCLER\S-1-5-21-1202660629-492894223-839522115-1004\Dc8\Install\ntbasepl.nup RAR: zainfekowany - 1 pominięty C:\RECYCLER\S-1-5-21-1202660629-492894223-839522115-1004\Dc8\Install\setup.exe Zainfekowanych: Worm.Win32.Downloader.cl pominięty C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty C:\System Volume Information_restore{9EEF0287-E418-46F4-B5E3-3B6537B12678}\RP58\A0011131.exe/data.rar/SmitfraudFix/Reboot.exe Zainfekowanych: not-a-virus:RiskTool.Win32.Reboot.f pominięty C:\System Volume Information_restore{9EEF0287-E418-46F4-B5E3-3B6537B12678}\RP58\A0011131.exe/data.rar Zainfekowanych: not-a-virus:RiskTool.Win32.Reboot.f pominięty C:\System Volume Information_restore{9EEF0287-E418-46F4-B5E3-3B6537B12678}\RP58\A0011131.exe RarSFX: zainfekowany - 2 pominięty C:\System Volume Information_restore{9EEF0287-E418-46F4-B5E3-3B6537B12678}\RP59\A0011251.dll Zainfekowanych: not-a-virus:AdWare.Win32.SuperJuan.ak pominięty C:\System Volume Information_restore{9EEF0287-E418-46F4-B5E3-3B6537B12678}\RP59\A0011252.dll Zainfekowanych: not-a-virus:AdWare.Win32.SuperJuan.ao pominięty C:\System Volume Information_restore{9EEF0287-E418-46F4-B5E3-3B6537B12678}\RP59\A0011253.dll Zainfekowanych: not-a-virus:AdWare.Win32.SuperJuan.ae pominięty C:\System Volume Information_restore{9EEF0287-E418-46F4-B5E3-3B6537B12678}\RP59\A0011254.dll Zainfekowanych: not-a-virus:AdWare.Win32.SuperJuan.ao pominięty C:\System Volume Information_restore{9EEF0287-E418-46F4-B5E3-3B6537B12678}\RP59\A0011256.dll Zainfekowanych: not-a-virus:AdWare.Win32.SuperJuan.af pominięty C:\System Volume Information_restore{9EEF0287-E418-46F4-B5E3-3B6537B12678}\RP60\A0011430.exe Zainfekowanych: not-a-virus:RiskTool.Win32.Reboot.f pominięty C:\System Volume Information_restore{9EEF0287-E418-46F4-B5E3-3B6537B12678}\RP61\change.log Object is locked pominięty C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty C:\WINDOWS\SchedLgU.Txt Object is locked pominięty C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty C:\WINDOWS\Sti_Trace.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty C:\WINDOWS\system32\config\Antivirus.Evt Object is locked pominięty C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\default Object is locked pominięty C:\WINDOWS\system32\config\default.LOG Object is locked pominięty C:\WINDOWS\system32\config\Internet.evt Object is locked pominięty C:\WINDOWS\system32\config\ODiag.evt Object is locked pominięty C:\WINDOWS\system32\config\OSession.evt Object is locked pominięty C:\WINDOWS\system32\config\SAM Object is locked pominięty C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\SECURITY Object is locked pominięty C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty C:\WINDOWS\system32\config\software Object is locked pominięty C:\WINDOWS\system32\config\software.LOG Object is locked pominięty C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\system Object is locked pominięty C:\WINDOWS\system32\config\system.LOG Object is locked pominięty C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty C:\WINDOWS\system32\h323log.txt Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty C:\WINDOWS\Temp\Perflib_Perfdata_588.dat Object is locked pominięty C:\WINDOWS\Temp_avast4_\Webshlock.txt Object is locked pominięty C:\WINDOWS\wiadebug.log Object is locked pominięty C:\WINDOWS\wiaservc.log Object is locked pominięty C:\WINDOWS\WindowsUpdate.log Object is locked pominięty D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty Proces skanowania został zakończony.
Gutek
(Gutek)
8 Grudzień 2007 21:55
#8
Prawoklik na Mój Komputer>>Przywracanie systemu>> wyłącz przywracanie systemu na wszystkich dyskach.
Gutek
(Gutek)
8 Grudzień 2007 22:14
#10
To juz nie powinno być syfu w C:\System Volume Information\
Patato
(Patatoo)
8 Grudzień 2007 22:24
#11
Przeleciałem jeszcze raz wszystko BitDefenderem i czysto :mrgreen:
Mam nadzieję, że na razie mam spokój Jeśli tak, to Wielkie Dzięki!