proszę o sprawdzenie loga

[igael]

log z ComboFix:

ComboFix 08-04-27.3 - Ola 2008-04-28 16:37:01.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.133 [GMT 2:00]
Running from: C:\Documents and Settings\Ola\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\xmg.exe
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-24 12:29 . 2008-04-24 22:30 102,822 -r-hs---- C:\lkxcqdb.bat
2008-04-22 18:37 . 2008-04-13 20:04 102,316 -r-hs---- C:\8de.bat
2008-04-21 09:39 . 2008-04-21 09:39 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-17 09:54 . 2008-04-17 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-17 09:54 . 2008-04-17 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-14 10:01 . 2008-04-14 10:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-10 21:50 . 2008-04-10 21:50 <DIR> d---s---- C:\Documents and Settings\Ola\UserData
2008-04-09 21:10 . 2001-10-26 17:29 177,152 --a------ C:\WINDOWS\system32\LXACSUI.DLL
2008-04-05 19:55 . 2008-04-05 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-05 14:08 . 2008-04-05 14:08 <DIR> d-------- C:\Program Files\PITy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 14:51 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Skype
2008-04-16 14:00 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\skypePM
2008-04-16 12:41 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\BearShare
2008-04-05 17:56 --------- d-----w C:\Program Files\Avast4
2008-03-25 11:21 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Image Zone Express
2008-03-25 11:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-25 10:46 --------- d-----w C:\Program Files\HP
2008-03-25 10:46 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-25 10:46 --------- d-----w C:\Program Files\Common Files\HP
2008-03-25 10:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-03-25 10:42 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\HP
2008-03-25 09:54 --------- d-----w C:\Program Files\PDFCreator
2008-03-25 09:54 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\PDFCreator
2008-03-24 19:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-24 19:49 --------- d-----w C:\Program Files\Microsoft Works
2008-03-24 11:05 --------- d-----w C:\Program Files\Java
2008-03-24 11:01 --------- d-----w C:\Program Files\Common Files\Java
2008-03-23 20:13 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-03-23 20:12 405,504 ----a-w C:\WINDOWS\system32\libmplayer.dll
2008-03-23 20:12 3,138,560 ----a-w C:\WINDOWS\system32\libavcodec.dll
2008-03-23 20:12 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll
2008-03-23 20:11 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-03-23 20:11 56,832 ----a-w C:\WINDOWS\system32\ff_unrar.dll
2008-03-23 20:11 54,784 ----a-w C:\WINDOWS\system32\ff_liba52.dll
2008-03-23 20:11 397,312 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll
2008-03-23 20:11 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2008-03-23 20:11 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-03-23 20:11 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll
2008-03-23 20:11 172,032 ----a-w C:\WINDOWS\system32\ff_libdts.dll
2008-03-23 20:11 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll
2008-03-23 20:11 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll
2008-03-23 20:11 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll
2008-03-23 20:11 102,912 ----a-w C:\WINDOWS\system32\ff_tremor.dll
2008-03-23 20:10 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-03-23 20:10 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-03-23 20:10 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-03-23 20:10 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-03-23 20:10 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-03-23 20:10 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-03-23 20:09 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-03-23 20:09 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-23 20:09 163,840 ----a-w C:\WINDOWS\system32\ts.dll
2008-03-23 20:09 159,744 ----a-w C:\WINDOWS\system32\mmfinfo.dll
2008-03-23 20:09 148,480 ----a-w C:\WINDOWS\system32\mkx.dll
2008-03-23 20:09 141,312 ----a-w C:\WINDOWS\system32\mp4.dll
2008-03-23 20:09 120,832 ----a-w C:\WINDOWS\system32\ogm.dll
2008-03-23 20:09 108,032 ----a-w C:\WINDOWS\system32\avi.dll
2008-03-23 20:08 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll
2008-03-23 20:08 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll
2008-03-23 20:08 --------- d-----w C:\Program Files\Real Alternative
2008-03-23 20:07 --------- d-----w C:\Program Files\QT Lite
2008-03-23 20:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-23 15:31 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-23 15:29 --------- d-----w C:\Program Files\Skype
2008-03-23 15:29 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-23 15:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-23 15:05 --------- d-----w C:\Program Files\BearShare Applications
2008-03-23 15:03 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Winamp
2008-03-23 14:58 --------- d-----w C:\Program Files\Winamp
2008-03-23 14:57 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Gadu-Gadu
2008-03-23 14:55 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-23 14:50 --------- d-----w C:\Program Files\MarBit
2008-03-23 12:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-23 12:53 --------- d-----w C:\Program Files\Ahead
2008-03-23 10:08 --------- d-----w C:\Program Files\totalcmd
2008-03-23 10:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 10:06 --------- d-----w C:\Program Files\Thomson
2008-03-22 20:21 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Logitech
2008-03-22 20:18 --------- d-----w C:\Program Files\SetPoint
2008-03-22 20:18 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-22 20:17 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-03-22 20:17 --------- d-----w C:\Program Files\ASUS Security Center
2008-03-22 20:15 --------- d-----w C:\Program Files\Synaptics
2008-03-22 20:15 --------- d-----w C:\Program Files\Asus
2008-03-22 20:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-22 20:13 --------- d-----w C:\Program Files\Realtek
2008-03-22 20:05 --------- d-----w C:\Program Files\Intel
2008-03-22 13:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-22 12:59 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@={666C7836-A9B6-4AB4-94ED-DC238C81E925}

[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-03 02:08 381952 -ra------ C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 11:24 110592]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 02:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 02:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 02:40 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 10:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 08:26 761945]
"UMonit"="C:\WINDOWS\system32\UMonit.exe" [2006-06-09 12:47 200704]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 14:12 17920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 14:58 28160 C:\WINDOWS\KHALMNPR.Exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 10:45 877568]
"ashMaiSv"="C:\PROGRA~1\Avast4\ashmaisv.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Logitech SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2008-03-22 22:18:57 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll 2006-05-03 07:23 40448 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 ItSDisk;ItSDisk;C:\WINDOWS\system32\Drivers\ItSDisk.sys [2006-05-16 20:14]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:44]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 FIXUSTOR;FIXUSTOR;C:\WINDOWS\system32\DRIVERS\fixustor.sys [2006-01-26 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 16:38:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = C:\WINDOWS\system32\UMonit.exe??f??|????????????????????????????????????????????????LQ??????????????????????pP????'?0??????|p??|????m??|d??w???????????????w????????????????LQ??????????????\Q???????Q?????w??????????'???'??????S???>'???'???'?TJ(??????S??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-28 16:38:53
ComboFix-quarantined-files.txt 2008-04-28 14:38:47

Pre-Run: 5,227,200,512 bajtów wolnych
Post-Run: 5,237,444,608 bajtów wolnych

185

[pp3088]

otwórz notatnik i wklej

C:\lkxcqdb.bat
C:\8de.bat

Z menu Notatnika Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg

Plik uruchom. Reset. Skasuj kwarantanne C:\Qoobox. Daj nowy log.

Możesz dać też log z HJT i Deckard's System Scanner

[huber2t]

Panie moderatorze tak plików się nie usuwa


Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\lkxcqdb.bat
C:\8de.bat


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

[igael]

ComboFix 08-04-27.3 - Ola 2008-04-28 18:05:42.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.116 [GMT 2:00]
Running from: C:\Documents and Settings\Ola\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ola\Pulpit\CFScript.txt.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\8de.bat
C:\lkxcqdb.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\8de.bat
C:\lkxcqdb.bat

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-21 09:39 . 2008-04-21 09:39 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-17 09:54 . 2008-04-17 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-17 09:54 . 2008-04-17 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-14 10:01 . 2008-04-14 10:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-10 21:50 . 2008-04-10 21:50 <DIR> d---s---- C:\Documents and Settings\Ola\UserData
2008-04-09 21:10 . 2001-10-26 17:29 177,152 --a------ C:\WINDOWS\system32\LXACSUI.DLL
2008-04-05 19:55 . 2008-04-05 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-05 14:08 . 2008-04-05 14:08 <DIR> d-------- C:\Program Files\PITy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 14:51 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Skype
2008-04-16 14:00 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\skypePM
2008-04-16 12:41 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\BearShare
2008-04-05 17:56 --------- d-----w C:\Program Files\Avast4
2008-03-25 11:21 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Image Zone Express
2008-03-25 11:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-25 10:46 --------- d-----w C:\Program Files\HP
2008-03-25 10:46 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-25 10:46 --------- d-----w C:\Program Files\Common Files\HP
2008-03-25 10:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-03-25 10:42 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\HP
2008-03-25 09:54 --------- d-----w C:\Program Files\PDFCreator
2008-03-25 09:54 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\PDFCreator
2008-03-24 19:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-24 19:49 --------- d-----w C:\Program Files\Microsoft Works
2008-03-24 11:05 --------- d-----w C:\Program Files\Java
2008-03-24 11:01 --------- d-----w C:\Program Files\Common Files\Java
2008-03-23 20:13 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-03-23 20:12 405,504 ----a-w C:\WINDOWS\system32\libmplayer.dll
2008-03-23 20:12 3,138,560 ----a-w C:\WINDOWS\system32\libavcodec.dll
2008-03-23 20:12 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll
2008-03-23 20:11 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-03-23 20:11 56,832 ----a-w C:\WINDOWS\system32\ff_unrar.dll
2008-03-23 20:11 54,784 ----a-w C:\WINDOWS\system32\ff_liba52.dll
2008-03-23 20:11 397,312 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll
2008-03-23 20:11 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2008-03-23 20:11 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-03-23 20:11 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll
2008-03-23 20:11 172,032 ----a-w C:\WINDOWS\system32\ff_libdts.dll
2008-03-23 20:11 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll
2008-03-23 20:11 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll
2008-03-23 20:11 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll
2008-03-23 20:11 102,912 ----a-w C:\WINDOWS\system32\ff_tremor.dll
2008-03-23 20:10 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-03-23 20:10 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-03-23 20:10 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-03-23 20:10 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-03-23 20:10 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-03-23 20:10 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-03-23 20:09 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-03-23 20:09 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-23 20:09 163,840 ----a-w C:\WINDOWS\system32\ts.dll
2008-03-23 20:09 159,744 ----a-w C:\WINDOWS\system32\mmfinfo.dll
2008-03-23 20:09 148,480 ----a-w C:\WINDOWS\system32\mkx.dll
2008-03-23 20:09 141,312 ----a-w C:\WINDOWS\system32\mp4.dll
2008-03-23 20:09 120,832 ----a-w C:\WINDOWS\system32\ogm.dll
2008-03-23 20:09 108,032 ----a-w C:\WINDOWS\system32\avi.dll
2008-03-23 20:08 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll
2008-03-23 20:08 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll
2008-03-23 20:08 --------- d-----w C:\Program Files\Real Alternative
2008-03-23 20:07 --------- d-----w C:\Program Files\QT Lite
2008-03-23 20:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-23 15:31 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-23 15:29 --------- d-----w C:\Program Files\Skype
2008-03-23 15:29 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-23 15:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-23 15:05 --------- d-----w C:\Program Files\BearShare Applications
2008-03-23 15:03 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Winamp
2008-03-23 14:58 --------- d-----w C:\Program Files\Winamp
2008-03-23 14:57 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Gadu-Gadu
2008-03-23 14:55 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-23 14:50 --------- d-----w C:\Program Files\MarBit
2008-03-23 12:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-23 12:53 --------- d-----w C:\Program Files\Ahead
2008-03-23 10:08 --------- d-----w C:\Program Files\totalcmd
2008-03-23 10:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 10:06 --------- d-----w C:\Program Files\Thomson
2008-03-22 20:21 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Logitech
2008-03-22 20:18 --------- d-----w C:\Program Files\SetPoint
2008-03-22 20:18 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-22 20:17 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-03-22 20:17 --------- d-----w C:\Program Files\ASUS Security Center
2008-03-22 20:15 --------- d-----w C:\Program Files\Synaptics
2008-03-22 20:15 --------- d-----w C:\Program Files\Asus
2008-03-22 20:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-22 20:13 --------- d-----w C:\Program Files\Realtek
2008-03-22 20:05 --------- d-----w C:\Program Files\Intel
2008-03-22 13:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-22 12:59 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@={666C7836-A9B6-4AB4-94ED-DC238C81E925}

[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-03 02:08 381952 -ra------ C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 11:24 110592]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 02:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 02:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 02:40 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 10:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 08:26 761945]
"UMonit"="C:\WINDOWS\system32\UMonit.exe" [2006-06-09 12:47 200704]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 14:12 17920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 14:58 28160 C:\WINDOWS\KHALMNPR.Exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 10:45 877568]
"ashMaiSv"="C:\PROGRA~1\Avast4\ashmaisv.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Logitech SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2008-03-22 22:18:57 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll 2006-05-03 07:23 40448 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 ItSDisk;ItSDisk;C:\WINDOWS\system32\Drivers\ItSDisk.sys [2006-05-16 20:14]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:44]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 FIXUSTOR;FIXUSTOR;C:\WINDOWS\system32\DRIVERS\fixustor.sys [2006-01-26 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 18:06:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = C:\WINDOWS\system32\UMonit.exe??f??|????????????????????????????????????????????????LQ??????????????????????pP????'?0??????|p??|????m??|d??w???????????????w????????????????LQ??????????????\Q???????Q?????w??????????'???'??????S???>'???'???'?TJ(??????S??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-28 18:07:17
ComboFix-quarantined-files.txt 2008-04-28 16:07:13
ComboFix2.txt 2008-04-28 14:38:54

Pre-Run: 5,222,731,776 bajtów wolnych
Post-Run: 5,213,827,072 bajtów wolnych

185

[igael]

ComboFix 08-04-27.3 - Ola 2008-04-28 18:05:42.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.116 [GMT 2:00]
Running from: C:\Documents and Settings\Ola\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ola\Pulpit\CFScript.txt.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\8de.bat
C:\lkxcqdb.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\8de.bat
C:\lkxcqdb.bat

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-21 09:39 . 2008-04-21 09:39 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-17 09:54 . 2008-04-17 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-17 09:54 . 2008-04-17 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-14 10:01 . 2008-04-14 10:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-10 21:50 . 2008-04-10 21:50 <DIR> d---s---- C:\Documents and Settings\Ola\UserData
2008-04-09 21:10 . 2001-10-26 17:29 177,152 --a------ C:\WINDOWS\system32\LXACSUI.DLL
2008-04-05 19:55 . 2008-04-05 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-05 14:08 . 2008-04-05 14:08 <DIR> d-------- C:\Program Files\PITy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 14:51 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Skype
2008-04-16 14:00 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\skypePM
2008-04-16 12:41 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\BearShare
2008-04-05 17:56 --------- d-----w C:\Program Files\Avast4
2008-03-25 11:21 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Image Zone Express
2008-03-25 11:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-25 10:46 --------- d-----w C:\Program Files\HP
2008-03-25 10:46 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-25 10:46 --------- d-----w C:\Program Files\Common Files\HP
2008-03-25 10:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-03-25 10:42 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\HP
2008-03-25 09:54 --------- d-----w C:\Program Files\PDFCreator
2008-03-25 09:54 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\PDFCreator
2008-03-24 19:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-24 19:49 --------- d-----w C:\Program Files\Microsoft Works
2008-03-24 11:05 --------- d-----w C:\Program Files\Java
2008-03-24 11:01 --------- d-----w C:\Program Files\Common Files\Java
2008-03-23 20:13 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-03-23 20:12 405,504 ----a-w C:\WINDOWS\system32\libmplayer.dll
2008-03-23 20:12 3,138,560 ----a-w C:\WINDOWS\system32\libavcodec.dll
2008-03-23 20:12 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll
2008-03-23 20:11 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-03-23 20:11 56,832 ----a-w C:\WINDOWS\system32\ff_unrar.dll
2008-03-23 20:11 54,784 ----a-w C:\WINDOWS\system32\ff_liba52.dll
2008-03-23 20:11 397,312 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll
2008-03-23 20:11 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2008-03-23 20:11 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-03-23 20:11 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll
2008-03-23 20:11 172,032 ----a-w C:\WINDOWS\system32\ff_libdts.dll
2008-03-23 20:11 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll
2008-03-23 20:11 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll
2008-03-23 20:11 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll
2008-03-23 20:11 102,912 ----a-w C:\WINDOWS\system32\ff_tremor.dll
2008-03-23 20:10 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-03-23 20:10 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-03-23 20:10 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-03-23 20:10 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-03-23 20:10 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-03-23 20:10 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-03-23 20:09 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-03-23 20:09 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-23 20:09 163,840 ----a-w C:\WINDOWS\system32\ts.dll
2008-03-23 20:09 159,744 ----a-w C:\WINDOWS\system32\mmfinfo.dll
2008-03-23 20:09 148,480 ----a-w C:\WINDOWS\system32\mkx.dll
2008-03-23 20:09 141,312 ----a-w C:\WINDOWS\system32\mp4.dll
2008-03-23 20:09 120,832 ----a-w C:\WINDOWS\system32\ogm.dll
2008-03-23 20:09 108,032 ----a-w C:\WINDOWS\system32\avi.dll
2008-03-23 20:08 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll
2008-03-23 20:08 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll
2008-03-23 20:08 --------- d-----w C:\Program Files\Real Alternative
2008-03-23 20:07 --------- d-----w C:\Program Files\QT Lite
2008-03-23 20:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-23 15:31 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-23 15:29 --------- d-----w C:\Program Files\Skype
2008-03-23 15:29 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-23 15:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-23 15:05 --------- d-----w C:\Program Files\BearShare Applications
2008-03-23 15:03 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Winamp
2008-03-23 14:58 --------- d-----w C:\Program Files\Winamp
2008-03-23 14:57 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Gadu-Gadu
2008-03-23 14:55 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-23 14:50 --------- d-----w C:\Program Files\MarBit
2008-03-23 12:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-23 12:53 --------- d-----w C:\Program Files\Ahead
2008-03-23 10:08 --------- d-----w C:\Program Files\totalcmd
2008-03-23 10:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 10:06 --------- d-----w C:\Program Files\Thomson
2008-03-22 20:21 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Logitech
2008-03-22 20:18 --------- d-----w C:\Program Files\SetPoint
2008-03-22 20:18 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-22 20:17 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-03-22 20:17 --------- d-----w C:\Program Files\ASUS Security Center
2008-03-22 20:15 --------- d-----w C:\Program Files\Synaptics
2008-03-22 20:15 --------- d-----w C:\Program Files\Asus
2008-03-22 20:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-22 20:13 --------- d-----w C:\Program Files\Realtek
2008-03-22 20:05 --------- d-----w C:\Program Files\Intel
2008-03-22 13:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-22 12:59 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@={666C7836-A9B6-4AB4-94ED-DC238C81E925}

[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-03 02:08 381952 -ra------ C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 11:24 110592]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 02:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 02:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 02:40 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 10:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 08:26 761945]
"UMonit"="C:\WINDOWS\system32\UMonit.exe" [2006-06-09 12:47 200704]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 14:12 17920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 14:58 28160 C:\WINDOWS\KHALMNPR.Exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 10:45 877568]
"ashMaiSv"="C:\PROGRA~1\Avast4\ashmaisv.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Logitech SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2008-03-22 22:18:57 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll 2006-05-03 07:23 40448 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 ItSDisk;ItSDisk;C:\WINDOWS\system32\Drivers\ItSDisk.sys [2006-05-16 20:14]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:44]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 FIXUSTOR;FIXUSTOR;C:\WINDOWS\system32\DRIVERS\fixustor.sys [2006-01-26 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 18:06:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = C:\WINDOWS\system32\UMonit.exe??f??|????????????????????????????????????????????????LQ??????????????????????pP????'?0??????|p??|????m??|d??w???????????????w????????????????LQ??????????????\Q???????Q?????w??????????'???'??????S???>'???'???'?TJ(??????S??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-28 18:07:17
ComboFix-quarantined-files.txt 2008-04-28 16:07:13
ComboFix2.txt 2008-04-28 14:38:54

Pre-Run: 5,222,731,776 bajtów wolnych
Post-Run: 5,213,827,072 bajtów wolnych

185

[igael]

ComboFix 08-04-27.3 - Ola 2008-04-28 18:05:42.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.116 [GMT 2:00]
Running from: C:\Documents and Settings\Ola\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ola\Pulpit\CFScript.txt.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\8de.bat
C:\lkxcqdb.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\8de.bat
C:\lkxcqdb.bat

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-21 09:39 . 2008-04-21 09:39 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-17 09:54 . 2008-04-17 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-17 09:54 . 2008-04-17 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-14 10:01 . 2008-04-14 10:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-10 21:50 . 2008-04-10 21:50 <DIR> d---s---- C:\Documents and Settings\Ola\UserData
2008-04-09 21:10 . 2001-10-26 17:29 177,152 --a------ C:\WINDOWS\system32\LXACSUI.DLL
2008-04-05 19:55 . 2008-04-05 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-05 14:08 . 2008-04-05 14:08 <DIR> d-------- C:\Program Files\PITy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 14:51 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Skype
2008-04-16 14:00 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\skypePM
2008-04-16 12:41 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\BearShare
2008-04-05 17:56 --------- d-----w C:\Program Files\Avast4
2008-03-25 11:21 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Image Zone Express
2008-03-25 11:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-25 10:46 --------- d-----w C:\Program Files\HP
2008-03-25 10:46 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-25 10:46 --------- d-----w C:\Program Files\Common Files\HP
2008-03-25 10:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-03-25 10:42 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\HP
2008-03-25 09:54 --------- d-----w C:\Program Files\PDFCreator
2008-03-25 09:54 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\PDFCreator
2008-03-24 19:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-24 19:49 --------- d-----w C:\Program Files\Microsoft Works
2008-03-24 11:05 --------- d-----w C:\Program Files\Java
2008-03-24 11:01 --------- d-----w C:\Program Files\Common Files\Java
2008-03-23 20:13 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-03-23 20:12 405,504 ----a-w C:\WINDOWS\system32\libmplayer.dll
2008-03-23 20:12 3,138,560 ----a-w C:\WINDOWS\system32\libavcodec.dll
2008-03-23 20:12 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll
2008-03-23 20:11 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-03-23 20:11 56,832 ----a-w C:\WINDOWS\system32\ff_unrar.dll
2008-03-23 20:11 54,784 ----a-w C:\WINDOWS\system32\ff_liba52.dll
2008-03-23 20:11 397,312 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll
2008-03-23 20:11 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2008-03-23 20:11 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-03-23 20:11 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll
2008-03-23 20:11 172,032 ----a-w C:\WINDOWS\system32\ff_libdts.dll
2008-03-23 20:11 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll
2008-03-23 20:11 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll
2008-03-23 20:11 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll
2008-03-23 20:11 102,912 ----a-w C:\WINDOWS\system32\ff_tremor.dll
2008-03-23 20:10 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-03-23 20:10 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-03-23 20:10 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-03-23 20:10 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-03-23 20:10 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-03-23 20:10 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-03-23 20:09 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-03-23 20:09 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-23 20:09 163,840 ----a-w C:\WINDOWS\system32\ts.dll
2008-03-23 20:09 159,744 ----a-w C:\WINDOWS\system32\mmfinfo.dll
2008-03-23 20:09 148,480 ----a-w C:\WINDOWS\system32\mkx.dll
2008-03-23 20:09 141,312 ----a-w C:\WINDOWS\system32\mp4.dll
2008-03-23 20:09 120,832 ----a-w C:\WINDOWS\system32\ogm.dll
2008-03-23 20:09 108,032 ----a-w C:\WINDOWS\system32\avi.dll
2008-03-23 20:08 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll
2008-03-23 20:08 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll
2008-03-23 20:08 --------- d-----w C:\Program Files\Real Alternative
2008-03-23 20:07 --------- d-----w C:\Program Files\QT Lite
2008-03-23 20:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-23 15:31 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-23 15:29 --------- d-----w C:\Program Files\Skype
2008-03-23 15:29 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-23 15:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-23 15:05 --------- d-----w C:\Program Files\BearShare Applications
2008-03-23 15:03 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Winamp
2008-03-23 14:58 --------- d-----w C:\Program Files\Winamp
2008-03-23 14:57 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Gadu-Gadu
2008-03-23 14:55 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-23 14:50 --------- d-----w C:\Program Files\MarBit
2008-03-23 12:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-23 12:53 --------- d-----w C:\Program Files\Ahead
2008-03-23 10:08 --------- d-----w C:\Program Files\totalcmd
2008-03-23 10:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 10:06 --------- d-----w C:\Program Files\Thomson
2008-03-22 20:21 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Logitech
2008-03-22 20:18 --------- d-----w C:\Program Files\SetPoint
2008-03-22 20:18 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-22 20:17 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-03-22 20:17 --------- d-----w C:\Program Files\ASUS Security Center
2008-03-22 20:15 --------- d-----w C:\Program Files\Synaptics
2008-03-22 20:15 --------- d-----w C:\Program Files\Asus
2008-03-22 20:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-22 20:13 --------- d-----w C:\Program Files\Realtek
2008-03-22 20:05 --------- d-----w C:\Program Files\Intel
2008-03-22 13:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-22 12:59 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@={666C7836-A9B6-4AB4-94ED-DC238C81E925}

[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-04-03 02:08 381952 -ra------ C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 11:24 110592]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 02:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 02:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 02:40 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 10:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 08:26 761945]
"UMonit"="C:\WINDOWS\system32\UMonit.exe" [2006-06-09 12:47 200704]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 14:12 17920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 14:58 28160 C:\WINDOWS\KHALMNPR.Exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 10:45 877568]
"ashMaiSv"="C:\PROGRA~1\Avast4\ashmaisv.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Logitech SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2008-03-22 22:18:57 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll 2006-05-03 07:23 40448 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 ItSDisk;ItSDisk;C:\WINDOWS\system32\Drivers\ItSDisk.sys [2006-05-16 20:14]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:44]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 FIXUSTOR;FIXUSTOR;C:\WINDOWS\system32\DRIVERS\fixustor.sys [2006-01-26 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 18:06:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = C:\WINDOWS\system32\UMonit.exe??f??|????????????????????????????????????????????????LQ??????????????????????pP????'?0??????|p??|????m??|d??w???????????????w????????????????LQ??????????????\Q???????Q?????w??????????'???'??????S???>'???'???'?TJ(??????S??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-28 18:07:17
ComboFix-quarantined-files.txt 2008-04-28 16:07:13
ComboFix2.txt 2008-04-28 14:38:54

Pre-Run: 5,222,731,776 bajtów wolnych
Post-Run: 5,213,827,072 bajtów wolnych

185

[pp3088]

Czysto. Wszystko jest w porządku.

[huber2t]

Log wyglada na czysty

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

Usuń ręcznie folder C: \Qoobox

usuń instalkę Combofix z dysku.

[igael]

Skan obszarów krytycznych:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-02 15:54
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus 2/05/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus735450
-------------------------------------------------------------------------------

Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak

Obszar skanowania - Obszary krytyczne:
C:\WINDOWS
C:\DOCUME~1\Ola\USTAWI~1\Temp\

Statystyki skanowania:
Liczba skanowanych obiektów: 10207
Liczba wykrytych wirusów: 0
Liczba zainfekowanych obiektów: 0
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 00:05:48

Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\ASUS Sec.evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
C:\DOCUME~1\Ola\USTAWI~1\Temp\hpodvd09.log Object is locked pominięty

Proces skanowania został zakończony.


Skan mojego komputera:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-02 16:16
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus 2/05/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus735450
-------------------------------------------------------------------------------

Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
C:\
D:\
E:\
F:\
G:\
H:\

Statystyki skanowania:
Liczba skanowanych obiektów: 30276
Liczba wykrytych wirusów: 5
Liczba zainfekowanych obiektów: 62
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 00:20:44

Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\Ola\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\Ola\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\Ola\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\Ola\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\Ola\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\Ola\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\Ola\Ustawienia lokalne\Historia\History.IE5\MSHist012008050220080503\index.dat Object is locked pominięty
C:\Documents and Settings\Ola\Ustawienia lokalne\Temp\hpodvd09.log Object is locked pominięty
C:\Documents and Settings\Ola\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007481.dll Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapr pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007482.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007534.dll Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapr pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007535.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007571.dll Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapr pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007572.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007580.exe Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007635.dll Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapr pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007636.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007637.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008637.dll Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008639.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008640.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008647.exe Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008648.dll Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008659.dll Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008660.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008661.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP30\A0008702.exe Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP30\A0008703.exe Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP30\A0008704.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP31\A0008771.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP31\A0008772.bat Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
C:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP32\change.log Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\ASUS Sec.evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\8de.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
D:\lkxcqdb.bat Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
D:\m9j.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.zli pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
D:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007484.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
D:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007537.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
D:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007574.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
D:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007638.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
D:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007639.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
D:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008641.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
D:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008642.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
D:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008662.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
D:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008663.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
D:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP30\A0008705.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
E:\8de.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
E:\lkxcqdb.bat Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
E:\m9j.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.zli pominięty
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
E:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007486.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
E:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007539.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
E:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007576.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
E:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007640.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
E:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007641.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
E:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008643.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
E:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008644.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
E:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008664.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
E:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008665.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
E:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP30\A0008706.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
F:\8de.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
F:\lkxcqdb.bat Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
F:\m9j.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.zli pominięty
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
F:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007488.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
F:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007541.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
F:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007578.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.aapt pominięty
F:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007642.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
F:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0007643.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
F:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008645.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
F:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008646.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
F:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008666.bat Zainfekowanych: Trojan-PSW.Win32.OnLineGames.acac pominięty
F:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP29\A0008667.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty
F:\System Volume Information\_restore{198F2A8F-0526-45AA-9BC0-D8A19308A73C}\RP30\A0008707.inf Zainfekowanych: Worm.Win32.AutoRun.dml pominięty

Proces skanowania został zakończony.

[huber2t]

Pobierz Avenger

wklej do niego ten tekst:

Kod: Zaznacz wszystko

Files to delete:
D:\8de.bat
D:\lkxcqdb.bat
D:\m9j.com
E:\8de.bat
E:\lkxcqdb.bat
E:\m9j.com
F:\8de.bat
F:\lkxcqdb.bat
F:\m9j.com


kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

[igael]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "D:\8de.bat" deleted successfully.
File "D:\lkxcqdb.bat" deleted successfully.
File "D:\m9j.com" deleted successfully.
File "E:\8de.bat" deleted successfully.
File "E:\lkxcqdb.bat" deleted successfully.
File "E:\m9j.com" deleted successfully.
File "F:\8de.bat" deleted successfully.
File "F:\lkxcqdb.bat" deleted successfully.
File "F:\m9j.com" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[huber2t]

Wszystko już powinno być ok

Oby tak dalje

[igael]

Dziękuję bardzo Mam jeszcze tylko pytanie: czy jak mam zainstalowanego avasta to czy bez problemów mogę skanować komp Kasperskim on-line? Czy muszę odinstalowywać avasta?

[huber2t]

Nie musisz odinstalowywać Avasta na czas skanowania Kasperskim