Mam problem z wirusem jak w tytule. wszystko zaczeło się od wirusa Ukash. wczoraj zablokowało mi komputer (po restarcie działał normalnie), kaspersky wykrył trojana - usunął. przeskanowałam komputer i był już czysty, a problem pojawiła się po uruchomieniu czyszczenia ccleanerem (byc moze to tylko zbieg okoliczoności) - wtedy pojawiły się ostrzeżenia, aż o 8 trojanach, ktore kaspersky usunął. wg Kasperskiego komputer jest już czysty, ale windows defender za kazdym uruchomieniem komputera wykrywa mi infekcję z tematu, którą niby usuwa.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-28 05:56:47
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000005c Hitachi_ rev.FB4O
Running: ewtzozmr.exe; Driver: C:\Users\Talerz\AppData\Local\Temp\pfriipow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E604340, 0x3EB347, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\vssvc.exe[172] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[544] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 00171F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[636] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text ...
.text C:\Windows\Explorer.EXE[2676] SHELL32.dll!InitNetworkAddressControl + 2939 76C8006C 4 Bytes [b0, 22, 8B, 00] {MOV AL, 0x22; MOV EAX, [EAX]}
.text C:\Windows\Explorer.EXE[2676] SHELL32.dll!ShellExecuteExW + 121F 76CB11DC 4 Bytes [20, 1B, 8B, 00] {AND [EBX], BL; MOV EAX, [EAX]}
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[2716] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Windows\system32\taskeng.exe[2720] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Program Files\Windows Defender\MSASCui.exe[3016] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74968864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749A9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7496B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7495FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74967A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7495EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7499B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7496BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74960756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749606BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749571B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749ED9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74987329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7495E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7495697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749569A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74962475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [008B2480] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [008B1DA0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [008B27D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [008B1290] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Threads - GMER 1.0.15 ----
Thread System [4:440] 878566F0
Thread System [4:448] 878566F0
Thread System [4:452] 878A3EB0
Thread System [4:456] 878A3EB0
Thread System [4:460] 878A3EB0
---- EOF - GMER 1.0.15 ----
OTL.Txt
Extras.Txt