BŁAGAM WAS NAPISZCIE MI JAK MAM USUNĄC TEGO TROJANA Win32:Trojan-gen {Other}
WYKRYŁ MI GO AVAST I ZNAJDUJE SIE ON C:\WINDOWS\TEMP\NT4A7232.exe NIE POTRAFIE GO USUNĄĆ ZADNYM PROGRAMEM. NIE ZNAM SIE ZA BARDZO NA USUWANIU WIRUSÓW, JEDYNE CO POTRAFIE ZROBIC TO FORMAT, WIĘC PROSZE WAS NAPISZCIE MI KROK PO KROKU CO ROBIĆ. #-o
pobierz ATF Cleaner http://cybertrash.pl/images/tata/ATF/ATF.html wyczyść tempy
Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642
przeskanuj daj log
Pobierz HijackThis http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 przeskanuj system daj log
kolejność jak podałem
OKEJ POBIERAM
1)Caps Lock:Off
omboFix 08-06-30.2 - NTN 2008-07-01 19:05:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1250.1.1045.18.207 [GMT 1:00]
Running from: C:\Documents and Settings\NTN\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\system32\loadsftpf.dat
.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.
2008-07-01 18:13 . 2008-07-01 18:13
2008-07-01 18:13 . 2008-07-01 18:13
2008-06-30 21:16 . 2008-06-30 21:22
2008-06-29 10:28 . 2008-06-29 10:28 85,504 --a------ C:\WINDOWS\twain_16.dll
2008-06-29 10:14 . 2008-06-30 22:40 32,120 --a------ C:\WINDOWS\system32\wpx2.cpx
2008-06-29 10:10 . 2008-06-29 10:10 109,056 --a------ C:\WINDOWS\system32\wpx5.cpx
2008-06-29 10:10 . 2008-06-29 10:10 20,552 --a------ C:\WINDOWS\system32\wpx7.cpx
2008-06-29 00:08 . 2008-06-29 00:08 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-06-13 12:55 . 2008-06-13 12:55
2008-06-13 12:55 . 2008-06-13 12:55 0 --a------ C:\WINDOWS\iPlayer.INI
2008-06-09 21:06 . 2008-06-09 21:06
2008-06-09 21:06 . 2008-06-09 21:06
2008-06-09 21:06 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 21:05 . 2008-06-09 21:06
2008-06-09 21:05 . 2008-06-09 21:05
2008-06-09 20:37 . 2008-06-09 20:37
2008-06-09 20:37 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-09 07:52 . 2008-06-09 07:52
2008-06-09 07:52 . 2008-06-28 22:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-09 07:49 . 2008-06-16 12:33
2008-06-09 07:48 . 2008-06-09 07:48
2008-06-09 07:48 . 2008-06-09 07:50
2008-06-09 07:48 . 2008-06-09 07:48
2008-06-09 07:48 . 2008-06-09 07:48 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-09 07:47 . 2008-06-09 07:52
2008-06-09 07:47 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-09 07:46 . 2008-06-09 07:46
2008-06-09 07:46 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-09 07:46 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-05 21:08 . 2002-08-29 01:32 21,760 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-05 21:00 . 2008-06-05 21:00
2008-06-05 21:00 . 2008-06-05 21:00 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-05 21:00 . 2008-06-05 21:00 125,690 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-06-05 21:00 . 2008-06-20 23:04 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-06-05 21:00 . 2008-06-05 21:00 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-06-04 09:30 . 2008-06-04 09:30
2008-06-04 09:23 . 2008-06-29 18:09
2008-06-04 09:22 . 2008-06-04 09:23
2008-06-04 09:22 . 2008-07-01 17:23
2008-06-04 09:22 . 2008-06-04 09:22 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-06-04 09:20 . 2008-06-04 09:20
2008-06-04 09:20 . 2008-06-04 09:20
2008-06-04 09:20 . 2008-07-01 18:49
2008-06-04 09:20 . 2008-06-04 09:20
2008-06-03 22:55 . 2008-07-01 18:13
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-03 23:09
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-03 22:55
2008-06-03 22:55 . 2008-06-09 21:06
2008-06-03 22:55 . 2008-06-13 12:55
2008-06-03 22:55 . 2008-06-29 00:08
2008-06-03 22:55 . 2008-06-03 23:10
2008-06-03 22:54 . 2008-07-01 19:00
2008-06-03 22:54 . 2008-06-03 22:54
2008-06-03 22:54 . 2008-06-03 22:55
2008-06-03 22:54 . 2008-06-03 23:12
2008-06-03 22:54 . 2008-06-04 09:22
2008-06-03 22:54 . 2008-06-03 23:12
2008-06-03 22:54 . 2008-06-03 23:22
2008-06-03 22:54 . 2003-04-16 13:00 1,901,593 --a–c— C:\WINDOWS\system32\dllcache\NT5.CAT
2008-06-03 22:54 . 2003-04-16 13:00 1,086,182 -ra------ C:\WINDOWS\SET3.tmp
2008-06-03 22:54 . 2003-04-16 13:00 486,272 --a–c— C:\WINDOWS\system32\dllcache\NT5INF.CAT
2008-06-03 22:54 . 2003-04-16 13:00 13,923 -ra------ C:\WINDOWS\SET7.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 06:46 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-06-04 20:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-03 22:52 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-06-03 22:52 --------- d-----w C:\Program Files\AvRack
2008-06-03 22:51 --------- d-----w C:\Documents and Settings\NTN\Dane aplikacji\InterTrust
2008-06-03 22:46 --------- d-----w C:\Program Files\Creative
2008-06-03 22:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-03 22:29 --------- d-----w C:\Program Files\SubEdit-Player
2008-06-03 22:12 --------- d-----w C:\Program Files\Usługi online
2008-06-03 22:12 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2003-04-16 13:00 13312]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 17:26 22014760]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2006-11-23 15:10 56928]
“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-12-05 22:55 54832]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 15:40 155648]
“SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-02-12 12:23 1620480]
“InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [2007-02-12 12:19 1050112]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 00:19 79224]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe” [2008-03-25 04:28 144784]
“SoundMan”=“SOUNDMAN.EXE” [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2003-04-16 13:00 13312]
R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 00:20]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems]
“Windows”= basempjaf32.dll
*Newly Created Service* - CATCHME
.
HKCU-Run-iexplorer - C:\WINDOWS\iexplorer.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 19:05:58
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\csrss.exe
.
Completion time: 2008-07-01 19:06:23
ComboFix-quarantined-files.txt 2008-07-01 18:06:20
Pre-Run: 27,957,080,064 bajtów wolnych
Post-Run: 28,069,138,432 bajtów wolnych
140
to jest to?? 
W dniu 01.07.2008 , o godzinie 20:09 został dopisany post przez magneto1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:44, on 2008-07-01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\NTN\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.eu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ … leId=21871
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
–
End of file - 6106 bytes
W dniu 01.07.2008 , o godzinie 20:16 został dopisany post przez magneto1
no i co dalej ??? :?: 
W dniu 01.07.2008 , o godzinie 20:26 został dopisany post przez magneto1
Pomocy!!
W dniu 01.07.2008 , o godzinie 20:29 został dopisany post przez magneto1
Leon$ , 