Witam.Mam wirusa w komputerze.
Przepraszam ,że zamieszczam 2 raz ten sam wątek ,ale doszły nowe okoliczności ;/
Do uruchamiania doszły 3 pliki
*Tok-Cirrhatus = otwiera cmss.exe
*Bron-Spizaetus = otwiera bronstab.exe
W procesach robią się od czasu do czasu 4 procesy PING.EXE oraz 3 conhost.exe
RegEdit nie da się otworzyć "Nie ma uprawnień administratora sieci."
Po uruchomieniu systemu i zalogowaniu jest tani trick z explorerem a mianowicie jest pusty pulpit ,który da się naprawić po uruchomieniu explorer.exe.
Ale najgorsza rzecz to to ,że co jakiś czas przy dowolnej czynności (Nie ma na to reguły czasowej)zazwyczaj przy uruchmieniu aplikacji lub klikaniu na różne buttony uruchamia się ponownie komputer.
Proszę o pomoc :( To przerasta moje możliwości informatyczne :/
SpyHunter znalazł tylko mojego własnego keyloggera ,a SpyBot - Search&Destroy tylko bardziej uszkodził mój komputer :/
Combofix nic nie znalazł.
POMOCY!!!
OTL logfile created on: 5/29/2011 7:17:32 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = F:\Users\Ludvio\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd
3.50 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 60.29% Memory free
7.00 Gb Paging File | 5.40 Gb Available in Paging File | 77.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = X:\
Drive C: | 96.68 Gb Total Space | 69.12 Gb Free Space | 71.49% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 24.82 Gb Free Space | 82.74% Space Free | Partition Type: NTFS
Drive F: | 30.00 Gb Total Space | 1.59 Gb Free Space | 5.30% Space Free | Partition Type: NTFS
Drive K: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive X: | 309.08 Gb Total Space | 13.97 Gb Free Space | 4.52% Space Free | Partition Type: NTFS
Computer Name: COREI7 | User Name: Ludvio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011/05/29 19:17:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\Users\Ludvio\Downloads\OTL (1).exe
PRC - [2011/04/27 13:49:22 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- X:\Program Files\BitTorrent\bittorrent.exe
PRC - [2010/10/11 06:03:56 | 000,072,704 | ---- | M] (Autodesk) -- F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/09/02 12:54:08 | 001,677,096 | ---- | M] (ClanServers Hosting LLC) -- X:\Program Files\GameTracker\GSInGameService.exe
PRC - [2010/08/28 01:32:26 | 000,360,960 | ---- | M] (iZ3D Inc.) -- F:\Program Files\iZ3D Driver\Win32\S3DCService.exe
PRC - [2010/04/22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- F:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2010/04/07 10:12:38 | 000,372,736 | ---- | M] (AMD) -- F:\Windows\System32\atieclxx.exe
PRC - [2010/04/07 10:12:04 | 000,172,032 | ---- | M] (AMD) -- F:\Windows\System32\atiesrxx.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- F:\Program Files\DAEMON Toolz\DTLite.exe
PRC - [2010/02/18 15:01:06 | 000,462,632 | ---- | M] (Nero AG) -- F:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/02/02 23:25:08 | 000,389,120 | ---- | M] () -- F:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe
PRC - [2010/02/02 23:24:54 | 000,569,344 | ---- | M] (AMD) -- F:\Program Files\ATI Technologies\HydraVision\HydraMD.exe
PRC - [2010/02/02 23:24:26 | 000,385,024 | ---- | M] (AMD) -- F:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/12/02 19:40:40 | 000,068,136 | ---- | M] () -- F:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2009/12/01 14:13:08 | 000,035,880 | ---- | M] () -- F:\Program Files\GIGABYTE\smart6\dbios\SDBMSG.exe
PRC - [2009/11/20 04:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- X:\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- F:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/08/05 22:51:20 | 000,065,536 | R--- | M] () -- F:\Windows\System32\XSrvSetup.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- F:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- F:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\PING.EXE
PRC - [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- F:\Windows\explorer.exe
PRC - [2009/07/13 18:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\conhost.exe
PRC - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () -- F:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- F:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/04/23 23:43:40 | 000,114,176 | ---- | M] () -- F:\Users\Ludvio\AppData\Local\winlogon.exe
PRC - [2008/04/23 23:43:40 | 000,114,176 | ---- | M] () -- F:\Users\Ludvio\AppData\Local\services.exe
PRC - [2008/04/23 23:43:40 | 000,114,176 | ---- | M] () -- F:\Users\Ludvio\AppData\Local\lsass.exe
PRC - [2008/04/23 23:43:40 | 000,114,176 | ---- | M] () -- F:\Users\Ludvio\AppData\Local\csrss.exe
PRC - [2008/01/14 05:18:20 | 003,182,248 | ---- | M] (Beepa P/L) -- X:\Fraps\fraps.exe
PRC - [2007/06/16 09:30:42 | 000,208,896 | ---- | M] (UASSOFT.COM) -- F:\Program Files\Silvercrest MTS2118 drive