adamawa
(Adamawa13)
#1
Nowo zainstalowany windows.
Logfile of HijackThis v1.99.1
Scan saved at 23:55:56, on 2008-09-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Strokeit\strokeit.exe
D:\Program Files\trayit\trayit!.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\System32\WScript.exe
\?\D:\WINDOWS\system32\WBEM\WMIADAP.EXE
D:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [StrokeIt] D:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TrayIt!.lnk = D:\Program Files\trayit\trayit!.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - AppInit_DLLs: prio.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
ComboFix 08-09-19.06 - Administrator 2008-09-20 8:02:32.1 - NTFSx86 NETWORK
huber2t
(huber2t)
#4
Pobierz ComboFix, ale nie uruchamiaj
Otwórz notatnik i wklej do niego:
File::
D:\taqhptr.bat
Plik -> zapisz jako -> CFScript.txt.
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->
Rozpocznie się usuwanie i powstanie log, który dasz na forum.
Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link
adamawa
(Adamawa13)
#5
huber2t
(huber2t)
#6
Log wyglada na czysty
usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.
Przeczyść komputer Ccleanerem
Wykonaj optymalizację autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
Dr.WEB CureIt!
adamawa
(Adamawa13)
#7
Skan przez http://www.kaspersky.pl/virusscanner.html :
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 27, 2008
Operating System: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 27, 2008 17:36:42
Records in database: 1266068
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Folder:
K:\
Scan statistics:
Files scanned: 30593
Threat name: 7
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 00:35:16
File name / Threat name / Threats count
K:\0u.cmd Infected: Worm.Win32.AutoRun.owt 1
K:\1u0o8bnq.cmd Infected: Trojan-GameThief.Win32.Magania.aczm 1
K:\9yqusig.bat Infected: Trojan.Win32.Inject.iav 1
K:\fe.bat Infected: Packed.Win32.Krap.b 1
K:\Recycled\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
K:\taqhptr.bat Infected: Trojan.Win32.Vaklik.doi 1
K:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1
The selected area was scanned.
Leon1
(Leon$)
#8
Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum
kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
przeskanuj jeszcze raz miałeś
czyli obszar Mój komputer
a nie
adamawa
(Adamawa13)
#9
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 28, 2008
Operating System: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 27, 2008 20:43:35
Records in database: 1266393
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Scan statistics:
Files scanned: 120519
Threat name: 148
Infected objects: 328
Suspicious objects: 1
Duration of the scan: 02:34:03
File name / Threat name / Threats count
C:\WINDOWS\system32\sprint.dll/C:\WINDOWS\system32\sprint.dll Infected: Trojan-Downloader.Win32.Agent.ahts 1
C:\WINDOWS\system32\amvo0.dll/C:\WINDOWS\system32\amvo0.dll Infected: Packed.Win32.Krap.b 10
C:\WINDOWS\system32\mstmdm.dll/C:\WINDOWS\system32\mstmdm.dll Infected: Trojan.Win32.Agent.bve 1
C:\WINDOWS\system32\ckvo1.dll/C:\WINDOWS\system32\ckvo1.dll Infected: Trojan-GameThief.Win32.OnLineGames.tjua 7
ctfmon.exe\ctfmon.exe/ctfmon.exe\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\ctfmon.exe/C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
C:\WINDOWS\system32\SkypeComm.dll/C:\WINDOWS\system32\SkypeComm.dll Infected: Trojan-Spy.Win32.BHO.s 1
C:\DOCUME~1\Adam\USTAWI~1\Temp\help.exe/C:\DOCUME~1\Adam\USTAWI~1\Temp\help.exe Infected: Trojan.Win32.Inject.iav 1
C:\0.com Infected: Trojan-GameThief.Win32.OnLineGames.arvn 1
C:\00hoeav.com Infected: Trojan-GameThief.Win32.OnLineGames.sdki 1
C:\0gjn3yw.exe Infected: Trojan.Win32.Vaklik.bpw 1
C:\0hct8ybw.bat Infected: Trojan-GameThief.Win32.OnLineGames.rie 1
C:\0n.bat Infected: Trojan-PSW.Win32.OnLineGames.acdy 1
C:\0u.cmd Infected: Worm.Win32.AutoRun.owt 1
C:\1dg.exe Infected: Trojan-PSW.Win32.OnLineGames.acas 1
C:\1u0o8bnq.cmd Infected: Trojan-GameThief.Win32.Magania.aczm 1
C:\22wcb21o.exe Infected: Trojan-PSW.Win32.OnLineGames.ubg 1
C:\22xo.exe Infected: Trojan-GameThief.Win32.Magania.abkz 1
C:\32e2.com Infected: Trojan-PSW.Win32.OnLineGames.uek 1
C:\39lpji.com Infected: Worm.Win32.AutoRun.nan 1
C:\6l6w8.com Infected: Trojan-PSW.Win32.OnLineGames.ywy 1
C:\9yqusig.bat Infected: Trojan.Win32.Inject.iav 1
C:\bpu.exe Infected: Worm.Win32.AutoRun.lpk 1
C:\cayfq2.cmd Infected: Trojan-PSW.Win32.OnLineGames.ujl 1
C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\22umqpcg.dll Infected: Trojan-PSW.Win32.OnLineGames.yub 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\54mo4e.dll Infected: Trojan-PSW.Win32.OnLineGames.acbe 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\7bpapp.dll Infected: Trojan-PSW.Win32.OnLineGames.aina 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\7iipw8do.dll Infected: Trojan-GameThief.Win32.OnLineGames.sarp 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\8mmxdjlw.dll Infected: Trojan-GameThief.Win32.OnLineGames.skue 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\98hgb.dll Infected: Trojan-GameThief.Win32.OnLineGames.sged 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\9ba4xn.dll Infected: Rootkit.Win32.Agent.wa 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\9sky8pia.dll Infected: Trojan-PSW.Win32.OnLineGames.abeg 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\9sob2.dll Infected: Trojan-PSW.Win32.OnLineGames.urp 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\aqb2.dll Infected: Trojan-PSW.Win32.OnLineGames.ahiy 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\boalrz.dll Infected: Trojan-PSW.Win32.OnLineGames.yuc 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\c5yd.dll Infected: Trojan-GameThief.Win32.OnLineGames.sqie 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\cfmwfbi.dll Infected: Trojan-PSW.Win32.OnLineGames.urw 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\d7xfi.dll Infected: Trojan-PSW.Win32.OnLineGames.ahiw 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\dtzr9je.dll Infected: Worm.Win32.AutoRun.dml 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\dxw.dll Infected: Trojan.Win32.Pakes.cin 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\ep.dll Infected: Trojan.Win32.Pakes.cgq 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\es8m88z.dll Infected: Trojan-PSW.Win32.OnLineGames.acdy 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\f.dll Infected: Trojan-GameThief.Win32.OnLineGames.sfwg 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\gj4hn.dll Infected: Worm.Win32.AutoRun.dan 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\gjrud8qh.dll Infected: Trojan-GameThief.Win32.OnLineGames.sdkj 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\help.exe Infected: Trojan.Win32.Inject.iav 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\hg2d.dll Infected: Trojan-PSW.Win32.OnLineGames.abuz 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\hnlro54.dll Infected: Trojan-GameThief.Win32.OnLineGames.rzxs 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\ilpggjj.dll Infected: Trojan-PSW.Win32.OnLineGames.skg 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\k4jm.dll Infected: Trojan-GameThief.Win32.OnLineGames.arvm 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\kqyg5uy.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgen 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\m.dll Infected: Trojan-PSW.Win32.OnLineGames.ywx 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\n.dll Infected: Trojan-GameThief.Win32.OnLineGames.spps 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\n2.dll Infected: Worm.Win32.AutoRun.dsv 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\nod2.tmp Infected: Trojan.Win32.Agent.adpj 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\nod3.tmp Infected: Trojan.Win32.Agent.adpj 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\nod4.tmp Infected: Trojan.Win32.Agent.adpj 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\nod5.tmp Infected: Trojan.Win32.Agent.adpj 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\nod6.tmp Infected: Trojan.Win32.Vaklik.doh 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\nod7.tmp Infected: Trojan.Win32.Vaklik.doh 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\nod8.tmp Infected: Trojan.Win32.Vaklik.doh 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\nod9.tmp Infected: Trojan.Win32.Vaklik.doh 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\nx.dll Infected: Trojan-GameThief.Win32.OnLineGames.sghq 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\oji.dll Infected: Trojan-PSW.Win32.OnLineGames.acyr 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\ovlx.dll Infected: Trojan-GameThief.Win32.OnLineGames.sfyf 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\port.dll Infected: Worm.Win32.AutoRun.ekw 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\psdtohkm.dll Infected: Trojan-PSW.Win32.OnLineGames.abkg 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\q5jh9.dll Infected: Trojan-GameThief.Win32.OnLineGames.sjnt 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\q8gqt.dll Infected: Trojan-GameThief.Win32.OnLineGames.sbrj 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\q8k4m7wy.dll Infected: Trojan-GameThief.Win32.OnLineGames.sars 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\qrwafza.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgmo 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\rlbaort.dll Infected: Trojan-GameThief.Win32.OnLineGames.sjpm 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\skmu.dll Infected: Worm.Win32.AutoRun.dla 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\t.dll Infected: Trojan-GameThief.Win32.OnLineGames.sezk 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\t4h.dll Infected: Worm.Win32.AutoRun.efb 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru1.tmp Infected: Trojan-Dropper.Win32.Agent.tbo 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru10.tmp Infected: Trojan.Win32.Vaklik.bar 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru11.tmp Infected: Trojan.Win32.Vaklik.bbn 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru12.tmp Infected: Trojan.Win32.Vaklik.bbn 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru13.tmp Infected: Trojan.Win32.Vaklik.bel 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru14.tmp Infected: Trojan.Win32.Vaklik.bil 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru15.tmp Infected: Trojan.Win32.Vaklik.biv 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru16.tmp Infected: Trojan.Win32.Vaklik.bje 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru17.tmp Infected: Trojan.Win32.Vaklik.bkh 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru18.tmp Infected: Trojan.Win32.Vaklik.bku 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru19.tmp Infected: Trojan.Win32.Vaklik.blc 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru1A.tmp Infected: Trojan.Win32.Vaklik.bnk 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru1B.tmp Infected: Trojan.Win32.Vaklik.cgv 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru1C.tmp Infected: Trojan.Win32.Vaklik.ckl 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru1D.tmp Infected: Trojan.Win32.Vaklik.cly 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru1E.tmp Infected: Trojan.Win32.Vaklik.cpf 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru1F.tmp Infected: Trojan.Win32.Vaklik.cpf 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru2.tmp Infected: Worm.Win32.AutoRun.dkw 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru20.tmp Infected: Trojan.Win32.Vaklik.cpu 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru21.tmp Infected: Trojan.Win32.Crypt.lr 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru23.tmp Infected: Trojan.Win32.Crypt.jd 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru24.tmp Infected: Trojan.Win32.Crypt.jd 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru25.tmp Infected: Trojan.Win32.Vaklik.cwu 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru27.tmp Infected: Trojan.Win32.Crypt.le 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru28.tmp Infected: Trojan.Win32.Crypt.ks 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru29.tmp Infected: Trojan.Win32.Vaklik.cxq 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru2B.tmp Infected: Trojan.Win32.Crypt.lz 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru2D.tmp Infected: Trojan-GameThief.Win32.OnLineGames.szad 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru2E.tmp Infected: Trojan-GameThief.Win32.OnLineGames.szad 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru2F.tmp Infected: Worm.Win32.AutoRun.dlz 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru3.tmp Infected: Trojan-PSW.Win32.OnLineGames.abvb 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru30.tmp Infected: Trojan-GameThief.Win32.OnLineGames.szad 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru31.tmp Infected: Trojan-GameThief.Win32.OnLineGames.szad 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru4.tmp Infected: Worm.Win32.AutoRun.dmt 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru5.tmp Infected: Worm.Win32.AutoRun.dmt 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru51.tmp Infected: Worm.Win32.AutoRun.dlc 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru6.tmp Infected: Trojan-PSW.Win32.OnLineGames.acdy 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru7.tmp Infected: Worm.Win32.AutoRun.dni 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru8.tmp Infected: Trojan-PSW.Win32.OnLineGames.acyr 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\tru9.tmp Infected: Trojan-PSW.Win32.OnLineGames.aehj 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\truA.tmp Infected: Trojan-PSW.Win32.OnLineGames.aenm 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\truB.tmp Infected: Worm.Win32.AutoRun.dxg 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\truC.tmp Infected: Trojan.Win32.Vaklik.aqj 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\truD.tmp Infected: Trojan-Dropper.Win32.Agent.sli 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\truE.tmp Infected: Trojan-Dropper.Win32.Crypter.t 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\truF.tmp Infected: Trojan-Dropper.Win32.Crypter.v 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\vyjx4s.dll Infected: Worm.Win32.AutoRun.egi 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\w.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgem 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\yut.dll Infected: Trojan-GameThief.Win32.OnLineGames.szps 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\yv.dll Infected: Trojan-GameThief.Win32.OnLineGames.sezl 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\z.dll Infected: Trojan-PSW.Win32.OnLineGames.abqm 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\z5.dll Infected: Trojan-GameThief.Win32.OnLineGames.rio 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\z8.dll Infected: Trojan-PSW.Win32.OnLineGames.xji 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\zsh4zci.dll Infected: Trojan-PSW.Win32.OnLineGames.yuf 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF129.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF13.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF153.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF167.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF2.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF216.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF217.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF219.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF225.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF251.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF26.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF26C.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF26D.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF2A9.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF2BD.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF2DB.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF31D.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF37C.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF3AC.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF3B1.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF3E.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF43.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF451.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF490.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DF4C.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DFBE.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temp\~DFF8.tmp Infected: Trojan.Win32.Agent.bve 1
C:\Documents and Settings\Adam\Ustawienia lokalne\Temporary Internet Files\Content.IE5\W5V3Q1W8\help[2].exe Infected: Trojan.Win32.Vaklik.doh 1
C:\dwvo.cmd Infected: Trojan-PSW.Win32.OnLineGames.abop 1
C:\fe.bat Infected: Packed.Win32.Krap.b 1
C:\g2pfnid.com Infected: Trojan.Win32.Vaklik.cfe 1
C:\igxv.cmd Infected: Trojan-PSW.Win32.OnLineGames.adye 1
C:\jdhc2x2.com Infected: Trojan-GameThief.Win32.OnLineGames.wvs 1
C:\knupkb.com Infected: Trojan.Win32.Pakes.jzz 1
C:\lkxcqdb.bat Infected: Worm.Win32.AutoRun.dml 1
C:\mgjpcfdg.cmd Infected: Worm.Win32.AutoRun.dan 1
C:\mnl6on3.com Infected: Trojan-GameThief.Win32.OnLineGames.swzp 1
C:\mug0sd.cmd Infected: Trojan-PSW.Win32.OnLineGames.abki 1
C:\nby.bat Infected: Trojan.Win32.Vaklik.aqk 1
C:\oq.cmd Infected: Worm.Win32.AutoRun.dni 1
C:\ph.com Infected: Trojan-GameThief.Win32.Magania.aaye 1
C:\Program Files\MSTpscre\Tpscrex.exe Infected: Trojan-Downloader.Win32.Agent.loz 1
C:\Program Files\TimeSink\AdGateway\TSAdBot.exe Infected: not-a-virus:AdWare.Win32.TimeSink 1
C:\qa8sywva.cmd Infected: Trojan.Win32.Vaklik.amc 1
C:\qwc.exe Infected: Trojan-PSW.Win32.Magania.jag 1
C:\Recycled\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
C:\Recycled\Recycled\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
C:\ser.com Infected: Trojan.Win32.Vaklik.xe 1
C:\t1ypkh.exe Infected: Trojan-GameThief.Win32.Magania.zou 1
C:\t9peum02.exe Infected: Worm.Win32.AutoRun.egi 1
C:\taqhptr.bat Infected: Trojan.Win32.Vaklik.doi 1
C:\tym8a.exe Infected: Worm.Win32.AutoRun.dly 1
C:\uis.com Infected: Trojan.Win32.Vaklik.clx 1
C:\v.com Infected: Trojan-PSW.Win32.OnLineGames.too 1
C:\vqv.exe Infected: Trojan-PSW.Win32.OnLineGames.abwv 1
C:\vy.cmd Infected: Worm.Win32.AutoRun.dla 1
C:\w0o.com Infected: Worm.Win32.AutoRun.llh 1
C:\WINDOWS\pss\ctfmon.exeStartup Infected: Trojan.Win32.VB.aqt 1
C:\WINDOWS\system32\amvo.exe Infected: Trojan.Win32.Vaklik.doi 1
C:\WINDOWS\system32\amvo0.dll Infected: Packed.Win32.Krap.b 1
C:\WINDOWS\system32\amvo1.dll Infected: Packed.Win32.Krap.b 1
C:\WINDOWS\system32\ckvo.exe Infected: Trojan.Win32.Inject.iav 1
C:\WINDOWS\system32\ckvo0.dll Infected: Trojan-GameThief.Win32.OnLineGames.tjua 1
C:\WINDOWS\system32\ckvo1.dll Infected: Trojan-GameThief.Win32.OnLineGames.tjua 1
C:\WINDOWS\system32\ckvo2.dll Infected: Worm.Win32.AutoRun.lxx 1
C:\WINDOWS\system32\mstmdm.dll Infected: Trojan.Win32.Agent.bve 1
C:\WINDOWS\system32\SkypeComm.dll Infected: Trojan-Spy.Win32.BHO.s 1
C:\WINDOWS\system32\sprint.dll Infected: Trojan-Downloader.Win32.Agent.ahts 1
C:\WINDOWS\TSAd.dll Infected: not-a-virus:AdWare.Win32.TimeSink 1
C:\WINDOWS\VcpDLL.dll Infected: not-a-virus:AdWare.Win32.TimeSink 1
C:\xp19.com Infected: Packed.Win32.PolyCrypt.h 1
D:\0.com Infected: Trojan-GameThief.Win32.OnLineGames.arvn 1
D:\00hoeav.com Infected: Trojan-GameThief.Win32.OnLineGames.sdki 1
D:\0gjn3yw.exe Infected: Trojan.Win32.Vaklik.bpw 1
D:\0hct8ybw.bat Infected: Trojan-GameThief.Win32.OnLineGames.rie 1
D:\0n.bat Infected: Trojan-PSW.Win32.OnLineGames.acdy 1
D:\0u.cmd Infected: Worm.Win32.AutoRun.owt 1
D:\1dg.exe Infected: Trojan-PSW.Win32.OnLineGames.acas 1
D:\1u0o8bnq.cmd Infected: Trojan-GameThief.Win32.Magania.aczm 1
D:\22wcb21o.exe Infected: Trojan-PSW.Win32.OnLineGames.ubg 1
D:\22xo.exe Infected: Trojan-GameThief.Win32.Magania.abkz 1
D:\32e2.com Infected: Trojan-PSW.Win32.OnLineGames.uek 1
D:\39lpji.com Infected: Worm.Win32.AutoRun.nan 1
D:\6l6w8.com Infected: Trojan-PSW.Win32.OnLineGames.ywy 1
D:\9yqusig.bat Infected: Trojan.Win32.Inject.iav 1
D:\bpu.exe Infected: Worm.Win32.AutoRun.lpk 1
D:\cayfq2.cmd Infected: Trojan-PSW.Win32.OnLineGames.ujl 1
D:\Dokumenty\Adam\SX1\Symbian\Restart\restart.v1.10_191.sis Infected: Trojan.SymbOS.Skuller.gen 1
D:\dwvo.cmd Infected: Trojan-PSW.Win32.OnLineGames.abop 1
D:\fe.bat Infected: Packed.Win32.Krap.b 1
D:\g2pfnid.com Infected: Trojan.Win32.Vaklik.cfe 1
D:\igxv.cmd Infected: Trojan-PSW.Win32.OnLineGames.adye 1
D:\jdhc2x2.com Infected: Trojan-GameThief.Win32.OnLineGames.wvs 1
D:\knupkb.com Infected: Trojan.Win32.Pakes.jzz 1
D:\lkxcqdb.bat Infected: Worm.Win32.AutoRun.dml 1
D:\mgjpcfdg.cmd Infected: Worm.Win32.AutoRun.dan 1
D:\mnl6on3.com Infected: Trojan-GameThief.Win32.OnLineGames.swzp 1
D:\mug0sd.cmd Infected: Trojan-PSW.Win32.OnLineGames.abki 1
D:\My Downloads\ayumi hamasaki song for xx.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
D:\nby.bat Infected: Trojan.Win32.Vaklik.aqk 1
D:\oq.cmd Infected: Worm.Win32.AutoRun.dni 1
D:\ph.com Infected: Trojan-GameThief.Win32.Magania.aaye 1
D:\Propellerhead\Reason\ReasonRpsPatch.exe Infected: Backdoor.Win32.PcClient.jhu 1
D:\qa8sywva.cmd Infected: Trojan.Win32.Vaklik.amc 1
D:\qwc.exe Infected: Trojan-PSW.Win32.Magania.jag 1
D:\Recycled\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
D:\ser.com Infected: Trojan.Win32.Vaklik.xe 1
D:\t1ypkh.exe Infected: Trojan-GameThief.Win32.Magania.zou 1
D:\t9peum02.exe Infected: Worm.Win32.AutoRun.egi 1
D:\taqhptr.bat Infected: Trojan.Win32.Vaklik.doi 1
D:\tym8a.exe Infected: Worm.Win32.AutoRun.dly 1
D:\uis.com Infected: Trojan.Win32.Vaklik.clx 1
D:\v.com Infected: Trojan-PSW.Win32.OnLineGames.too 1
D:\vqv.exe Infected: Trojan-PSW.Win32.OnLineGames.abwv 1
D:\vy.cmd Infected: Worm.Win32.AutoRun.dla 1
D:\w0o.com Infected: Worm.Win32.AutoRun.llh 1
D:\xp19.com Infected: Packed.Win32.PolyCrypt.h 1
E:\0.com Infected: Trojan-GameThief.Win32.OnLineGames.arvn 1
E:\00hoeav.com Infected: Trojan-GameThief.Win32.OnLineGames.sdki 1
E:\0gjn3yw.exe Infected: Trojan.Win32.Vaklik.bpw 1
E:\0hct8ybw.bat Infected: Trojan-GameThief.Win32.OnLineGames.rie 1
E:\0n.bat Infected: Trojan-PSW.Win32.OnLineGames.acdy 1
E:\0u.cmd Infected: Worm.Win32.AutoRun.owt 1
E:\1dg.exe Infected: Trojan-PSW.Win32.OnLineGames.acas 1
E:\1u0o8bnq.cmd Infected: Trojan-GameThief.Win32.Magania.aczm 1
E:\22wcb21o.exe Infected: Trojan-PSW.Win32.OnLineGames.ubg 1
E:\22xo.exe Infected: Trojan-GameThief.Win32.Magania.abkz 1
E:\32e2.com Infected: Trojan-PSW.Win32.OnLineGames.uek 1
E:\39lpji.com Infected: Worm.Win32.AutoRun.nan 1
E:\6l6w8.com Infected: Trojan-PSW.Win32.OnLineGames.ywy 1
E:\9yqusig.bat Infected: Trojan.Win32.Inject.iav 1
E:\bpu.exe Infected: Worm.Win32.AutoRun.lpk 1
E:\cayfq2.cmd Infected: Trojan-PSW.Win32.OnLineGames.ujl 1
E:\dwvo.cmd Infected: Trojan-PSW.Win32.OnLineGames.abop 1
E:\fe.bat Infected: Packed.Win32.Krap.b 1
E:\g2pfnid.com Infected: Trojan.Win32.Vaklik.cfe 1
E:\GG Serwer Changer\GG Serwer Changer.exe Infected: Trojan-Downloader.Win32.Delf.kes 1
E:\igxv.cmd Infected: Trojan-PSW.Win32.OnLineGames.adye 1
E:\jdhc2x2.com Infected: Trojan-GameThief.Win32.OnLineGames.wvs 1
E:\knupkb.com Infected: Trojan.Win32.Pakes.jzz 1
E:\lkxcqdb.bat Infected: Worm.Win32.AutoRun.dml 1
E:\mgjpcfdg.cmd Infected: Worm.Win32.AutoRun.dan 1
E:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
E:\mnl6on3.com Infected: Trojan-GameThief.Win32.OnLineGames.swzp 1
E:\mug0sd.cmd Infected: Trojan-PSW.Win32.OnLineGames.abki 1
E:\nby.bat Infected: Trojan.Win32.Vaklik.aqk 1
E:\oq.cmd Infected: Worm.Win32.AutoRun.dni 1
E:\ph.com Infected: Trojan-GameThief.Win32.Magania.aaye 1
E:\qa8sywva.cmd Infected: Trojan.Win32.Vaklik.amc 1
E:\qwc.exe Infected: Trojan-PSW.Win32.Magania.jag 1
E:\Recycled\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
E:\ser.com Infected: Trojan.Win32.Vaklik.xe 1
E:\t1ypkh.exe Infected: Trojan-GameThief.Win32.Magania.zou 1
E:\t9peum02.exe Infected: Worm.Win32.AutoRun.egi 1
E:\taqhptr.bat Infected: Trojan.Win32.Vaklik.doi 1
E:\The Bat!\Konta\Trash\MESSAGES.TBB Suspicious: Trojan-Spy.HTML.Fraud.gen 1
E:\The Bat!\Konta\Trash\MESSAGES.TBB Infected: Email-Worm.Win32.Luder.a 1
E:\The Bat!\Konta\Trash\MESSAGES.TBB Infected: Email-Worm.Win32.Zhelatin.d 1
E:\The Bat!\Konta\Trash\MESSAGES.TBB Infected: Email-Worm.Win32.Zhelatin.h 2
E:\The Bat!\Konta\Trash\MESSAGES.TBB Infected: Email-Worm.Win32.Zhelatin.m 1
E:\The Bat!\Konta\Trash\MESSAGES.TBB Infected: Email-Worm.Win32.Zhelatin.u 1
E:\The Bat!\Konta\Trash\MESSAGES.TBB Infected: Email-Worm.Win32.Zhelatin.cq 1
E:\The Bat!\Konta\Trash\MESSAGES.TBB Infected: Email-Worm.Win32.Zhelatin.ct 2
E:\The Bat!\Konta\Trash\MESSAGES.TBB Infected: Email-Worm.Win32.NetSky.q 1
E:\The Bat!\Konta\Trash\MESSAGES.TBB Infected: Worm.Win32.Feebs.gen 1
E:\tym8a.exe Infected: Worm.Win32.AutoRun.dly 1
E:\uis.com Infected: Trojan.Win32.Vaklik.clx 1
E:\v.com Infected: Trojan-PSW.Win32.OnLineGames.too 1
E:\vqv.exe Infected: Trojan-PSW.Win32.OnLineGames.abwv 1
E:\vy.cmd Infected: Worm.Win32.AutoRun.dla 1
E:\w0o.com Infected: Worm.Win32.AutoRun.llh 1
E:\xp19.com Infected: Packed.Win32.PolyCrypt.h 1
K:\9yqusig.bat Infected: Trojan.Win32.Inject.iav 1
K:\Recycled\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
K:\taqhptr.bat Infected: Trojan.Win32.Vaklik.doi 1
L:\0u.cmd Infected: Worm.Win32.AutoRun.owt 1
L:\1u0o8bnq.cmd Infected: Trojan-GameThief.Win32.Magania.aczm 1
L:\9yqusig.bat Infected: Trojan.Win32.Inject.iav 1
L:\fe.bat Infected: Packed.Win32.Krap.b 1
L:\Recycled\ctfmon.exe Infected: Trojan.Win32.VB.aqt 1
L:\taqhptr.bat Infected: Trojan.Win32.Vaklik.doi 1
The selected area was scanned.
Leon1
(Leon$)
#10
pozamykaj dziurawe porty WWDC http://cybertrash.pl/images/tata/WWDC.html
pobierz i zastosuj ATF Cleaner http://cybertrash.pl/images/tata/ATF/ATF.html
pobierz i zainstaluj Kaspersky Anti-Virus http://www.kaspersky.pl/download.html?s=trial
pełna 30 dniowa wersja
wtedy przeskanuj cały komp
zrób nowe logi Combofix ,HijackThis Pobierz System Repair Engineer
http://www.cybertrash.pl/images/tata/System%20Repair/System%20Repair%20Engineer.html
przeskanuj daj log
wszystkie logi robisz po skanowaniu kasperskim w kolejności którą podałem