Wyraźny wirus, wieszanie, blokady

pootom · 15 Maj 2008 20:40

Złapałem coś dzisiaj jeśli próbuję to sprawdzić to system blokuje mi program…

Proszę, sprawdźćcie to…

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:36:36, on 2008-05-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20772) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmona.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\igfxext.exe C:\DOCUME~1\bubu\USTAWI~1\Temp\RtkBtMnt.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: QXK Rhythm - {89A9CC26-4818-4FFD-82E0-9C3CF815FEB2} - C:\WINDOWS\fvowketqonp.dll O3 - Toolbar: pvnsmfor - {E738884B-E75D-4AC3-B03F-62F7E7DD853E} - C:\WINDOWS\pvnsmfor.dll O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM…\Run: [iNPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice O4 - HKLM…\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe O4 - HKLM…\Run: [iSTray] “C:\Program Files\Spyware Doctor\pctsTray.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [DAEMON Tools Pro Agent] “C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” O4 - HKCU…\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’) O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll O21 - SSODL: mpfanvqg - {68C5FF72-2921-4EA7-9AB9-94ABA2BEF215} - C:\WINDOWS\mpfanvqg.dll O21 - SSODL: vbksrofa - {AD8D50C2-F492-4924-8D1F-9DB992378A3A} - C:\WINDOWS\vbksrofa.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe – End of file - 7180 bytes

Leon1 · 15 Maj 2008 20:53

wpisy

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2 O2 - BHO: QXK Rhythm - {89A9CC26-4818-4FFD-82E0-9C3CF815FEB2} - C:\WINDOWS\fvowketqonp.dll O3 - Toolbar: pvnsmfor - {E738884B-E75D-4AC3-B03F-62F7E7DD853E} - C:\WINDOWS\pvnsmfor.dll O4 - HKLM…\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’) O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll O21 - SSODL: mpfanvqg - {68C5FF72-2921-4EA7-9AB9-94ABA2BEF215} - C:\WINDOWS\mpfanvqg.dll O21 - SSODL: vbksrofa - {AD8D50C2-F492-4924-8D1F-9DB992378A3A} - C:\WINDOWS\vbksrofa.dll

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

pootom · 15 Maj 2008 21:06

Przeciągnąłem ikonkę. Spyware Doctor o jakimś trojanie wyświetli komunikat, czytając wcześniej że Combofixa może uznać za wirusa, nie blokowałem tego. i teraz niebieskie okno od 3minut jest. Co robić?

Leon1 · 15 Maj 2008 21:10

ludzie czy wy czytać nie umiecie?

[-X

pootom · 15 Maj 2008 21:35

Jest plik… combofix.txt

ComboFix 08-05-12.1 - bubu 2008-05-15 23:10:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.480 [GMT 2:00] Running from: C:\Documents and Settings\bubu\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\bubu\Pulpit\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED FILE :: C:\WINDOWS\fvowketqonp.dll C:\WINDOWS\mpfanvqg.dll C:\WINDOWS\pvnsmfor.dll C:\WINDOWS\system32\ctfmona.exe C:\WINDOWS\SYSTEM32\WLCtrl32.dll C:\WINDOWS\vbksrofa.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\bubu\Pulpit\Error Cleaner.url C:\Documents and Settings\bubu\Pulpit\Privacy Protector.url C:\Documents and Settings\bubu\Pulpit\SpywareMalware Protection.url C:\Documents and Settings\bubu\Ulubione\Error Cleaner.url C:\Documents and Settings\bubu\Ulubione\Privacy Protector.url C:\Documents and Settings\bubu\Ulubione\SpywareMalware Protection.url C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\History\search C:\WINDOWS\fvowketqonp.dll C:\WINDOWS\mpfanvqg.dll C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\pvnsmfor.dll C:\WINDOWS\rs.txt C:\WINDOWS\system32\ctfmona.exe c:\windows\system32\Drivers\Mtb31.sys C:\WINDOWS\system32\WLCtrl32.dl_ C:\WINDOWS\SYSTEM32\WLCtrl32.dll C:\WINDOWS\vbksrofa.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MTB31 -------\Service_Mtb31 ((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))) . 2008-05-15 23:24 . 2008-05-15 23:24 2008-05-15 23:24 . 2008-05-15 23:24 2008-05-15 23:24 . 2008-05-15 23:24 2008-05-15 23:24 . 2008-05-15 23:24 2008-05-15 23:10 . 2008-05-15 23:10 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG 2008-05-15 22:35 . 2008-05-15 22:35 2008-05-15 22:27 . 2008-05-15 22:27 2008-05-15 22:27 . 2008-05-15 23:24 2008-05-15 21:22 . 2008-05-15 23:25 2008-05-15 21:21 . 2008-05-15 22:03 2008-05-15 21:21 . 2008-05-15 21:21 2008-05-15 21:21 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-05-15 21:21 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-05-15 21:21 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-05-15 21:21 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-05-15 20:57 . 2008-05-15 20:57 2008-05-15 19:26 . 2008-05-15 21:12 2008-05-15 19:26 . 2008-05-15 21:01 2008-05-15 19:26 . 2008-05-15 23:24 2008-05-15 19:13 . 2008-05-15 22:14 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp 2008-05-15 19:13 . 2008-05-15 22:14 160,256 --a------ C:\WINDOWS\system32\blackster.scr 2008-05-15 19:13 . 2008-05-15 17:41 94,208 --a------ C:\WINDOWS\exqb.exe 2008-05-15 19:13 . 2008-05-15 17:41 81,920 --a------ C:\WINDOWS\oadkxrts.exe 2008-05-15 18:57 . 2008-05-15 18:57 2008-05-15 18:56 . 2008-05-15 18:57 2008-05-15 18:53 . 2008-05-15 18:53 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-05-15 09:48 . 2008-05-15 09:48 2008-05-15 09:46 . 2008-05-15 09:46 2008-05-15 09:17 . 2008-05-15 09:18 2008-05-15 09:05 . 2007-10-25 18:44 8,488,960 --------- C:\WINDOWS\system32\dllcache\shell32.dll 2008-05-15 09:03 . 2008-05-15 09:03 1,160 --a------ C:\WINDOWS\mozver.dat 2008-05-15 09:03 . 2008-05-15 09:03 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-15 08:57 . 2008-05-15 08:57 . 2008-05-15 08:54 . 2007-05-02 11:00 546,976 --a------ C:\WINDOWS\system32\drivers\ar5211.sys 2008-05-15 08:54 . 2007-05-02 11:00 546,976 --a------ C:\WINDOWS\system32\ar5211.sys 2008-05-15 08:54 . 2007-05-02 11:00 84,470 --a------ C:\WINDOWS\system32\net5211.inf 2008-05-15 08:54 . 2007-05-09 10:16 20,888 --a------ C:\WINDOWS\system32\net5211.cat 2008-05-15 08:54 . 2007-01-09 09:25 8 -rahs---- C:\WINDOWS\system32\Desktop_.ini 2008-05-15 08:53 . 2008-05-15 08:53 2008-05-15 08:53 . 2008-05-15 08:53 2008-05-15 08:41 . 2005-12-13 23:08 1,124,097 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys 2008-05-15 08:41 . 2005-12-13 21:50 88,204 --a------ C:\WINDOWS\AGRSMMSG.exe 2008-05-15 08:41 . 2005-05-03 18:10 68,096 --a------ C:\WINDOWS\agrsmdel.exe 2008-05-15 08:41 . 2006-07-04 17:48 64,512 --------- C:\WINDOWS\system32\agrsmdel.exe 2008-05-15 08:35 . 2006-06-13 09:57 143,360 --a------ C:\WINDOWS\system32\igfxres.dll 2008-05-15 08:31 . 2008-05-15 08:31 2008-05-15 08:30 . 2008-05-15 08:30 2008-05-15 08:26 . 2008-05-15 08:26 2008-05-15 08:26 . 2006-07-14 12:13 147,456 --a------ C:\WINDOWS\UNINST32.EXE 2008-05-15 08:26 . 2006-07-14 12:13 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll 2008-05-15 08:26 . 2006-07-14 12:13 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS 2008-05-15 08:26 . 2006-07-14 12:13 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL 2008-05-15 08:26 . 2008-05-15 08:26 83 --a------ C:\WINDOWS\QtZgAcer.UNI 2008-05-15 08:24 . 2005-06-21 13:32 28,544 --a------ C:\WINDOWS\system32\drivers\callistx.sys 2008-05-15 08:23 . 2006-07-19 09:41 487,424 --a------ C:\WINDOWS\RtlExUpd.dll 2008-05-15 08:23 . 2006-07-19 09:42 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll 2008-05-15 08:23 . 2006-07-19 09:41 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-05-15 08:21 . 2008-05-15 08:21 2008-05-15 08:21 . 2006-04-29 05:54 193,056 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2008-05-15 08:21 . 2006-04-29 06:00 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll 2008-05-15 08:21 . 2006-04-29 06:00 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2008-05-15 08:21 . 2006-04-29 05:59 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll 2008-05-15 08:21 . 2006-04-29 06:17 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll 2008-05-15 08:21 . 2006-04-29 06:14 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll 2008-05-15 00:04 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-05-15 00:03 . 2004-08-04 02:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2008-05-15 00:03 . 2004-08-04 01:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys 2008-05-15 00:03 . 2001-08-17 23:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys 2008-05-15 00:03 . 2001-08-17 23:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys 2008-05-15 00:03 . 2004-08-04 01:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys 2008-05-14 23:57 . 2008-05-15 10:07 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-05-14 23:56 . 2008-05-15 23:15 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-14 22:10 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-15 21:21 2008-05-14 23:56 . 2008-05-15 08:32 2008-05-14 23:56 . 2008-05-15 19:51 2008-05-14 23:55 . 2008-05-14 23:56 2008-05-14 23:55 . 2008-05-15 23:10 2008-05-14 23:55 . 2008-05-15 22:27 2008-05-14 23:55 . 2008-05-15 18:56 2008-05-14 23:55 . 2004-08-04 07:32 1,014,483 -ra------ C:\WINDOWS\SET3.tmp 2008-05-14 23:54 . 2008-05-14 22:16 606 --a------ C:\WINDOWS\system32$winnt$.inf 2008-05-14 23:46 . 2008-05-14 22:13 2008-05-14 23:46 . 2008-05-14 23:46 2008-05-14 23:46 . 2008-05-14 23:49 2008-05-14 22:37 . 2008-05-14 22:37 2008-05-14 22:34 . 2008-05-15 09:37 2008-05-14 22:21 . 2008-05-14 23:56 2008-05-14 22:21 . 2008-05-15 23:15 2008-05-14 22:21 . 2008-05-14 22:10 2008-05-14 22:21 . 2008-05-15 23:16 2008-05-14 22:21 . 2008-05-15 21:24 2008-05-14 22:21 . 2008-05-14 22:34 2008-05-14 22:21 . 2008-05-15 21:21 2008-05-14 22:21 . 2008-05-15 22:17 2008-05-14 22:21 . 2008-05-14 22:21 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-05-14 22:21 . 2008-05-15 23:24 167,936 --ah----- C:\Documents and Settings\bubu\ntuser.dat.LOG 2008-05-14 22:21 . 2008-05-14 22:21 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-05-14 22:17 . 2008-05-14 22:17 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 2008-05-14 22:17 . 241,664 C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT 2008-05-14 22:17 . 241,664 C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT 2008-05-14 22:17 . 241,664 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT 2008-05-14 22:17 . 241,664 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 16:55 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-05-15 07:18 --------- d-----w C:\Program Files\Winamp 2008-05-15 06:55 --------- d-----w C:\Program Files\Atheros 2008-05-15 06:24 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-05-14 20:13 --------- d-----w C:\Program Files\Usługi online 2008-05-14 20:10 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-05-14 19:37 --------- d-----w C:\Program Files\Kalendarz XP 2008-05-14 19:28 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\skypePM 2008-05-14 19:28 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype 2008-05-14 12:50 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Vso 2008-05-02 07:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-21 20:32 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Hamachi 2008-04-17 08:05 --------- d-----w C:\Program Files\BearShare Applications 2008-04-17 07:23 --------- d-----w C:\Program Files\Common Files\MAGIX Shared 2008-04-13 05:34 --------- d-----w C:\Program Files\ESET 2008-04-12 14:45 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Thinstall 2008-04-05 18:04 --------- d-----w C:\Program Files\plasq 2008-04-05 18:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-05 17:30 --------- d-----w C:\Program Files\AMS Photo Effects 2008-04-05 07:56 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\MagicEffect Photo 2008-04-05 07:33 --------- d-----w C:\Program Files\iFoxSoft 2008-04-05 07:26 --------- d-----w C:\Program Files\MagicEffect Photo Editor 2007 2008-04-02 16:09 --------- d-----w C:\Program Files\Gadu-Gadu 2008-03-31 13:44 --------- d-----w C:\Program Files\Banner Maker Pro 7 2008-03-31 11:51 --------- d-----w C:\Program Files\CDisplay 2008-03-29 14:16 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\vlc 2008-03-29 14:09 --------- d-----w C:\Program Files\VideoLAN 2008-03-29 13:59 --------- d-----w C:\Program Files\Elecard 2008-03-29 13:59 --------- d-----w C:\Program Files\Common Files\Elecard 2008-03-29 13:46 --------- d-----w C:\Program Files\GoldWave 2008-03-29 12:33 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp 2008-03-27 17:12 --------- d-----w C:\Program Files\Paint.NET 2008-03-26 17:30 --------- d-----w C:\Program Files\Deskshare 2008-03-25 19:29 --------- d-----w C:\Program Files\Hamachi 2008-03-25 10:02 --------- d-----w C:\Program Files\Java . ------- Sigcheck ------- 2007-07-10 17:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 06:44 15360] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36 2111176] “DAEMON Tools Pro Agent”=“C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 15:08 136136] “IDMan”=“C:\Program Files\Internet Download Manager\IDMan.exe” [2008-05-13 14:49 2594224] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SkyTel”=“SkyTel.EXE” [2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-04-29 06:13 766041] “RTHDCPL”=“RTHDCPL.EXE” [2006-07-19 09:42 16248320 C:\WINDOWS\RTHDCPL.exe] “AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2006-07-19 09:41 53248] “INPROCOMMWireless”=“C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe” [] “LManager”=“C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE” [2006-07-14 12:13 471040] “igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-06-13 09:57 94208] “igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-06-13 09:57 77824] “igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-06-13 09:57 118784] “egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe” [2007-11-23 21:51 1410304] “ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-04-10 15:14 1107848] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 06:44 15360] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nltide_3”=“advpack.dll” [2008-03-01 14:35 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ YouTube Uploader.lnk - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableStatusMessages”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “mpfanvqg”= {45F2571A-A6FA-4935-8036-20A9FB50A203} - C:\WINDOWS\mpfanvqg.dll [] [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusDisableNotify”=dword:00000001 “AntiVirusOverride”=dword:00000001 “FirewallOverride”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\Network Diagnostic\xpnetdiag.exe”= “%windir%\system32\sessmgr.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= .

huber2t · 16 Maj 2008 03:18

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\system32\ctfmonb.bmp

C:\WINDOWS\system32\blackster.scr

C:\WINDOWS\exqb.exe

C:\WINDOWS\oadkxrts.exe

C:\WINDOWS\SET3.tmp

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

pootom · 16 Maj 2008 07:20

Ok, zrobione. A oto LOG:

ComboFix 08-05-15.2 - bubu 2008-05-16 8:56:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.523 [GMT 2:00] Running from: C:\Documents and Settings\bubu\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\bubu\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED FILE :: C:\WINDOWS\exqb.exe C:\WINDOWS\oadkxrts.exe C:\WINDOWS\SET3.tmp C:\WINDOWS\system32\blackster.scr C:\WINDOWS\system32\ctfmonb.bmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\exqb.exe C:\WINDOWS\oadkxrts.exe C:\WINDOWS\SET3.tmp C:\WINDOWS\system32\blackster.scr C:\WINDOWS\system32\ctfmonb.bmp C:\WINDOWS\system32\Desktop_.ini . ---- Previous Run ------- . C:\Documents and Settings\bubu\Pulpit\Error Cleaner.url C:\Documents and Settings\bubu\Pulpit\Privacy Protector.url C:\Documents and Settings\bubu\Pulpit\SpywareMalware Protection.url C:\Documents and Settings\bubu\Ulubione\Error Cleaner.url C:\Documents and Settings\bubu\Ulubione\Privacy Protector.url C:\Documents and Settings\bubu\Ulubione\SpywareMalware Protection.url C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\History\search C:\WINDOWS\fvowketqonp.dll C:\WINDOWS\mpfanvqg.dll C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\pvnsmfor.dll C:\WINDOWS\rs.txt C:\WINDOWS\system32\ctfmona.exe c:\windows\system32\Drivers\Mtb31.sys C:\WINDOWS\system32\WLCtrl32.dl_ C:\WINDOWS\SYSTEM32\WLCtrl32.dll C:\WINDOWS\vbksrofa.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MTB31 -------\Service_Mtb31 ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-16 00:21 . 2008-05-16 00:29 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-05-16 00:21 . 2008-05-16 00:29 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-05-16 00:20 . 2008-05-16 00:20 2008-05-16 00:20 . 2008-05-16 08:40 2008-05-16 00:20 . 2008-05-16 09:01 136,224 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-16 00:20 . 2008-05-16 09:01 6,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-16 00:20 . 2008-05-16 00:37 2,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-16 00:20 . 2008-05-16 00:37 1,292 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-16 00:19 . 2008-05-16 00:19 2008-05-15 23:24 . 2008-05-15 23:24 2008-05-15 23:24 . 2008-05-15 23:24 2008-05-15 23:24 . 2008-05-15 23:24 2008-05-15 23:24 . 2008-05-15 23:24 2008-05-15 23:10 . 2008-05-16 08:56 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG 2008-05-15 22:35 . 2008-05-15 22:35 2008-05-15 22:27 . 2008-05-15 23:58 2008-05-15 21:22 . 2008-05-15 23:57 2008-05-15 20:57 . 2008-05-15 20:57 2008-05-15 19:26 . 2008-05-15 21:12 2008-05-15 19:26 . 2008-05-15 21:01 2008-05-15 19:26 . 2008-05-16 08:39 2008-05-15 18:56 . 2008-05-15 18:57 2008-05-15 18:53 . 2008-05-15 18:53 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-05-15 09:48 . 2008-05-15 09:48 2008-05-15 09:46 . 2008-05-15 09:46 2008-05-15 09:17 . 2008-05-15 09:18 2008-05-15 09:05 . 2007-10-25 18:44 8,488,960 --------- C:\WINDOWS\system32\dllcache\shell32.dll 2008-05-15 09:03 . 2008-05-15 09:03 1,160 --a------ C:\WINDOWS\mozver.dat 2008-05-15 09:03 . 2008-05-15 09:03 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-15 08:57 . 2008-05-15 08:57 2008-05-15 08:57 . 2008-05-15 08:57 2008-05-15 08:54 . 2007-05-02 11:00 546,976 --a------ C:\WINDOWS\system32\drivers\ar5211.sys 2008-05-15 08:54 . 2007-05-02 11:00 546,976 --a------ C:\WINDOWS\system32\ar5211.sys 2008-05-15 08:54 . 2007-05-02 11:00 84,470 --a------ C:\WINDOWS\system32\net5211.inf 2008-05-15 08:54 . 2007-05-09 10:16 20,888 --a------ C:\WINDOWS\system32\net5211.cat 2008-05-15 08:53 . 2008-05-15 08:53 2008-05-15 08:53 . 2008-05-15 08:53 2008-05-15 08:41 . 2005-12-13 23:08 1,124,097 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys 2008-05-15 08:41 . 2005-12-13 21:50 88,204 --a------ C:\WINDOWS\AGRSMMSG.exe 2008-05-15 08:41 . 2005-05-03 18:10 68,096 --a------ C:\WINDOWS\agrsmdel.exe 2008-05-15 08:41 . 2006-07-04 17:48 64,512 --------- C:\WINDOWS\system32\agrsmdel.exe 2008-05-15 08:35 . 2006-06-13 09:57 143,360 --a------ C:\WINDOWS\system32\igfxres.dll 2008-05-15 08:31 . 2008-05-15 08:31 2008-05-15 08:30 . 2008-05-15 08:30 2008-05-15 08:26 . 2008-05-15 08:26 2008-05-15 08:26 . 2006-07-14 12:13 147,456 --a------ C:\WINDOWS\UNINST32.EXE 2008-05-15 08:26 . 2006-07-14 12:13 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll 2008-05-15 08:26 . 2006-07-14 12:13 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS 2008-05-15 08:26 . 2006-07-14 12:13 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL 2008-05-15 08:26 . 2008-05-15 08:26 83 --a------ C:\WINDOWS\QtZgAcer.UNI 2008-05-15 08:24 . 2005-06-21 13:32 28,544 --a------ C:\WINDOWS\system32\drivers\callistx.sys 2008-05-15 08:23 . 2006-07-19 09:41 487,424 --a------ C:\WINDOWS\RtlExUpd.dll 2008-05-15 08:23 . 2006-07-19 09:42 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll 2008-05-15 08:23 . 2006-07-19 09:41 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-05-15 08:21 . 2008-05-15 08:21 2008-05-15 08:21 . 2006-04-29 05:54 193,056 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2008-05-15 08:21 . 2006-04-29 06:00 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll 2008-05-15 08:21 . 2006-04-29 06:00 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2008-05-15 08:21 . 2006-04-29 05:59 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll 2008-05-15 08:21 . 2006-04-29 06:17 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll 2008-05-15 08:21 . 2006-04-29 06:14 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll 2008-05-15 00:04 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-05-15 00:03 . 2004-08-04 02:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2008-05-15 00:03 . 2004-08-04 01:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys 2008-05-15 00:03 . 2001-08-17 23:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys 2008-05-15 00:03 . 2001-08-17 23:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys 2008-05-15 00:03 . 2004-08-04 01:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys 2008-05-14 23:57 . 2008-05-15 10:07 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-05-14 23:56 . 2008-05-16 09:01 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-14 22:10 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-14 23:56 2008-05-14 23:56 . 2008-05-16 00:08 2008-05-14 23:56 . 2008-05-15 08:32 2008-05-14 23:56 . 2008-05-15 19:51 2008-05-14 23:55 . 2008-05-14 23:56 2008-05-14 23:55 . 2008-05-15 23:10 2008-05-14 23:55 . 2008-05-16 00:20 2008-05-14 23:55 . 2008-05-15 18:56 2008-05-14 23:54 . 2008-05-14 22:16 606 --a------ C:\WINDOWS\system32$winnt$.inf 2008-05-14 23:46 . 2008-05-14 22:13 2008-05-14 23:46 . 2008-05-14 23:46 2008-05-14 23:46 . 2008-05-14 23:49 2008-05-14 22:37 . 2008-05-14 22:37 2008-05-14 22:34 . 2008-05-15 09:37 2008-05-14 22:21 . 2008-05-16 09:01 2008-05-14 22:21 . 2008-05-15 23:15 2008-05-14 22:21 . 2008-05-14 22:10 2008-05-14 22:21 . 2008-05-16 08:56 2008-05-14 22:21 . 2008-05-16 00:22 2008-05-14 22:21 . 2008-05-14 22:34 2008-05-14 22:21 . 2008-05-15 23:57 2008-05-14 22:21 . 2008-05-16 00:36 2008-05-14 22:21 . 2008-05-14 22:21 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-05-14 22:21 . 2008-05-14 22:21 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-05-14 22:21 . 2008-05-16 09:01 65,536 --ah----- C:\Documents and Settings\bubu\ntuser.dat.LOG 2008-05-14 22:17 . 2008-05-16 09:01 2008-05-14 22:17 . 2008-05-16 09:01 2008-05-14 22:17 . 2008-05-14 22:17 2008-05-14 22:17 . 2008-05-14 22:17 2008-05-14 22:17 . 2008-05-14 22:17 2008-05-14 22:17 . 2008-05-16 09:01 2008-05-14 22:17 . 2008-05-16 09:01 2008-05-14 22:17 . 2008-05-14 22:17 2008-05-14 22:17 . 2008-05-14 22:17 2008-05-14 22:17 . 2008-05-14 22:17 2008-05-14 22:17 . 2008-05-14 22:17 8,192 --a------ C:\WINDOWS\REGLOCS.OLD 2008-05-14 22:17 . 2008-05-16 08:40 1,024 --ah----- C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\ntuser.dat.LOG 2008-05-14 22:17 . 2008-05-16 08:40 1,024 --ah----- C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\ntuser.dat.LOG 2008-05-14 22:17 . 2008-05-16 08:48 1,024 --ah----- C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\ntuser.dat.LOG 2008-05-14 22:17 . 2008-05-16 08:48 1,024 --ah----- C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\ntuser.dat.LOG 2008-05-14 22:15 . 2008-05-14 22:15 316,640 --a------ C:\WINDOWS\WMSysPr9.prx 2008-05-14 22:15 . 2006-11-08 10:51 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys 2008-05-14 22:15 . 2008-05-14 22:15 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb 2008-05-14 22:15 . 2008-05-14 22:15 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb 2008-05-14 22:15 . 2006-11-08 10:51 10,752 --------- C:\WINDOWS\system32\rspndr.exe 2008-05-14 22:15 . 2008-05-14 22:15 2,596 --a------ C:\WINDOWS\system32\CONFIG.NT 2008-05-14 22:15 . 2008-05-14 22:15 0 --a------ C:\WINDOWS\control.ini 2008-05-14 22:14 . 2008-05-15 10:07 2008-05-14 22:14 . 2008-05-15 19:49 2008-05-14 22:13 . 2008-05-14 22:13 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 07:18 --------- d-----w C:\Program Files\Winamp 2008-05-15 06:55 --------- d-----w C:\Program Files\Atheros 2008-05-15 06:24 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-05-14 20:10 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-05-14 19:37 --------- d-----w C:\Program Files\Kalendarz XP 2008-05-14 19:28 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\skypePM 2008-05-14 19:28 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype 2008-05-14 12:50 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Vso 2008-05-03 16:12 --------- d-----w C:\Program Files\Vstplugins 2008-05-02 07:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-21 20:32 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Hamachi 2008-04-17 07:23 --------- d-----w C:\Program Files\Common Files\MAGIX Shared 2008-04-15 08:29 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Publish Providers 2008-04-15 08:28 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Sony 2008-04-13 05:34 --------- d-----w C:\Program Files\ESET 2008-04-12 14:45 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Thinstall 2008-04-05 18:04 --------- d-----w C:\Program Files\plasq 2008-04-05 18:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-05 07:56 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\MagicEffect Photo 2008-04-05 07:33 --------- d-----w C:\Program Files\iFoxSoft 2008-04-05 07:26 --------- d-----w C:\Program Files\MagicEffect Photo Editor 2007 2008-04-02 16:09 --------- d-----w C:\Program Files\Gadu-Gadu 2008-03-31 11:51 --------- d-----w C:\Program Files\CDisplay 2008-03-29 14:16 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\vlc 2008-03-29 14:09 --------- d-----w C:\Program Files\VideoLAN 2008-03-29 13:59 --------- d-----w C:\Program Files\Elecard 2008-03-29 13:59 --------- d-----w C:\Program Files\Common Files\Elecard 2008-03-29 13:46 --------- d-----w C:\Program Files\GoldWave 2008-03-29 12:33 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp 2008-03-27 17:12 --------- d-----w C:\Program Files\Paint.NET 2008-03-25 19:29 --------- d-----w C:\Program Files\Hamachi 2008-03-25 10:02 --------- d-----w C:\Program Files\Java 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:52 178,976 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:01 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:01 1,846,144 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-02-22 09:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-22 09:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-22 09:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 18:53 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:53 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:23 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll . ------- Sigcheck ------- 2007-07-10 17:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-15_23.30.23.73 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-15 21:24:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-16 06:39:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2007-10-31 11:41:16 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys + 2007-12-28 17:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys + 2007-12-13 11:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys + 2008-02-08 16:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat + 2008-02-08 16:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll - 2008-05-15 20:20:51 39,056 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-05-16 06:44:19 39,056 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-15 20:20:51 48,316 ----a-w C:\WINDOWS\system32\perfc015.dat + 2008-05-16 06:44:19 48,316 ----a-w C:\WINDOWS\system32\perfc015.dat - 2008-05-15 20:20:51 309,428 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-05-16 06:44:19 309,428 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-15 20:20:51 353,352 ----a-w C:\WINDOWS\system32\perfh015.dat + 2008-05-16 06:44:19 353,352 ----a-w C:\WINDOWS\system32\perfh015.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 06:44 15360] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36 2111176] “IDMan”=“C:\Program Files\Internet Download Manager\IDMan.exe” [2008-05-13 14:49 2594224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SkyTel”=“SkyTel.EXE” [2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-04-29 06:13 766041] “RTHDCPL”=“RTHDCPL.EXE” [2006-07-19 09:42 16248320 C:\WINDOWS\RTHDCPL.exe] “AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2006-07-19 09:41 53248] “INPROCOMMWireless”=“C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe” [] “LManager”=“C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE” [2006-07-14 12:13 471040] “igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-06-13 09:57 94208] “igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-06-13 09:57 77824] “igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-06-13 09:57 118784] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2008-02-08 18:36 227856] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 06:44 15360] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nltide_3”=“advpack.dll” [2008-03-01 14:35 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ YouTube Uploader.lnk - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableStatusMessages”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “mpfanvqg”= {45F2571A-A6FA-4935-8036-20A9FB50A203} - C:\WINDOWS\mpfanvqg.dll [] [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusDisableNotify”=dword:00000001 “AntiVirusOverride”=dword:00000001 “FirewallOverride”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\Network Diagnostic\xpnetdiag.exe”= “%windir%\system32\sessmgr.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 09:01:25 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-16 9:03:01 ComboFix-quarantined-files.txt 2008-05-16 07:02:54 Pre-Run: 20,804,104,192 bajtów wolnych Post-Run: 20,840,439,808 bajtów wolnych 319 — E O F — 2008-05-15 08:07:44

huber2t · 16 Maj 2008 07:24

Log wyglada na czysty

Usuń ręcznie folder C:\Qoobox,usuń instalkę Combofix z dysku

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

Włącz przywracanie systemu.

Leon1 · 16 Maj 2008 12:41

Oprócz tego co hubert zalecił Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

pootom · 16 Maj 2008 17:42

Witam ponownie. A oto log z Kasperskiego

------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT 16 maj 2008 19:19:53 System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600) Kaspersky Online Scanner wersja: 5.0.98.0 Ostatnia aktualizacja Kaspersky Anti-Virus16/05/2008 Liczba wpisów w bazie danych Kaspersky Anti-Virus777412 ------------------------------------------------------------------------------- Ustawienia skanowania: Skanowanie przy użyciu następujących baz danych: rozszerzone Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Mój komputer: C:\ D:\ E:\ Statystyki skanowania: Liczba skanowanych obiektów: 121251 Liczba wykrytych wirusów: 3 Liczba zainfekowanych obiektów: 7 Liczba podejrzanych obiektów: 0 Czas trwania skanowania: 02:43:15 Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\Earthview_3.7.1.rar.part/Earthview 3.7.1/EVSetup.exe/data0000.cab/Setup.exe Zainfekowanych: Backdoor.Win32.Rbot.fto pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\Earthview_3.7.1.rar.part/Earthview 3.7.1/EVSetup.exe/data0000.cab Zainfekowanych: Backdoor.Win32.Rbot.fto pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\Earthview_3.7.1.rar.part/Earthview 3.7.1/EVSetup.exe Zainfekowanych: Backdoor.Win32.Rbot.fto pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\Earthview_3.7.1.rar.part RAR: zainfekowany - 3 pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\NOD32_PL.rar/NOD32_PL/NOD32_PL_3.0.572.0_/New.Addon/User & Pass v8.0.exe Zainfekowanych: Trojan.Win32.Autoit.bg pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\NOD32_PL.rar RAR: zainfekowany - 1 pominięty C:\Documents and Settings\Administrator\Pulpit\film o pszczołach( bee movie)lektor pl.avi Object is locked pominięty C:\Documents and Settings\All Users\Dokumenty\Config\desktop2.idf Object is locked pominięty C:\Documents and Settings\All Users\Dokumenty\Fonts\SwUniNew.tff Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP7\Report\0025_AdBlocker_eventcritlog.rpt Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP7\Report\0025_AdBlocker_eventlog.rpt Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP7\Report\002d_File_Monitoring_eventlog.rpt Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP7\Report\002f_Web_Monitoring_eventlog.rpt Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP7\Report\detected.idx Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP7\Report\eventlog Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab\AVP7\Report\report.rpt Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty C:\Documents and Settings\bubu\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\bubu\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\cert8.db Object is locked pominięty C:\Documents and Settings\bubu\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\formhistory.dat Object is locked pominięty C:\Documents and Settings\bubu\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\history.dat Object is locked pominięty C:\Documents and Settings\bubu\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\key3.db Object is locked pominięty C:\Documents and Settings\bubu\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\parent.lock Object is locked pominięty C:\Documents and Settings\bubu\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\search.sqlite Object is locked pominięty C:\Documents and Settings\bubu\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\urlclassifier2.sqlite Object is locked pominięty C:\Documents and Settings\bubu\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\bubu\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\bubu\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\bubu\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\bubu\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\Cache_CACHE_001_ Object is locked pominięty C:\Documents and Settings\bubu\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\Cache_CACHE_002_ Object is locked pominięty C:\Documents and Settings\bubu\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\Cache_CACHE_003_ Object is locked pominięty C:\Documents and Settings\bubu\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\uv8g9ga0.default\Cache_CACHE_MAP_ Object is locked pominięty C:\Documents and Settings\bubu\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\bubu\Ustawienia lokalne\Historia\History.IE5\MSHist012008051620080517\index.dat Object is locked pominięty C:\Documents and Settings\bubu\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked pominięty C:\Documents and Settings\bubu\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty C:\System Volume Information_restore{2D4DB8A3-6EBF-4DB2-B1B7-C69C3B1FA9A4}\RP152\A0041255.dll Zainfekowanych: Trojan-Downloader.Win32.Agent.hkl pominięty C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty C:\WINDOWS\SchedLgU.Txt Object is locked pominięty C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\default Object is locked pominięty C:\WINDOWS\system32\config\default.LOG Object is locked pominięty C:\WINDOWS\system32\config\Internet.evt Object is locked pominięty C:\WINDOWS\system32\config\SAM Object is locked pominięty C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\SECURITY Object is locked pominięty C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty C:\WINDOWS\system32\config\software Object is locked pominięty C:\WINDOWS\system32\config\software.LOG Object is locked pominięty C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\system Object is locked pominięty C:\WINDOWS\system32\config\system.LOG Object is locked pominięty C:\WINDOWS\system32\drivers\fidbox.dat Object is locked pominięty C:\WINDOWS\system32\drivers\fidbox.idx Object is locked pominięty C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked pominięty C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked pominięty C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty C:\WINDOWS\system32\h323log.txt Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty C:\WINDOWS\WindowsUpdate.log Object is locked pominięty Proces skanowania został zakończony.

EDIT:

Plik.reg dodany do rejestru

Idzie burza, za jakaś godzinę wrócę

huber2t · 16 Maj 2008 17:46

Usuń te pliki:

Wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Powinno byc ok

Leon1 · 16 Maj 2008 17:50

usuń ręcznie

C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\Earthview_3.7.1.rar.part/Earthview 3.7.1/EVSetup.exe/data0000.cab/Setup.exe Zainfekowanych: Backdoor.Win32.Rbot.fto pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\Earthview_3.7.1.rar.part/Earthview 3.7.1/EVSetup.exe/data0000.cab Zainfekowanych: Backdoor.Win32.Rbot.fto pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\Earthview_3.7.1.rar.part/Earthview 3.7.1/EVSetup.exe Zainfekowanych: Backdoor.Win32.Rbot.fto pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\Earthview_3.7.1.rar.part RAR: zainfekowany - 3 pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\NOD32_PL.rar/NOD32_PL/NOD32_PL_3.0.572.0_/New.Addon/User & Pass v8.0.exe Zainfekowanych: Trojan.Win32.Autoit.bg pominięty C:\Documents and Settings\Administrator\Moje dokumenty\mozilla\NOD32_PL.rar RAR: zainfekowany - 1 pominięty

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

powinno być już dobrze

pootom · 16 Maj 2008 19:02

Dzięki Wam za pomoc

Temat może zostać zamknięty