x-kom hosting

Pliki widzialne tylko w linuxie

Puru
utworzono
utworzono

Witam,
Na moim dysku przenośnym zainstalował się jakiś wirus i zamienił wszystkie moje pliki w skróty. Potem gdy wszystko starałam się poprzenosić i uporządkować, wydawalo się, że jest ok. Gdy następnym razem podłączyłam dysk do komputera, wydawał się pusty. Nie widać w nim było żadnego pliku, oprócz tego wirusowego. Mimo to 'mój komputer' (mam windowsa) pokazywał, że na dysku jest ponad 100GB plików. Program antywirusowy również pokazywał nazwy plików podczas skanowania. Potem u znajomych okazało się, że te pliki widać tylko w linuksie. Czy linuks ma inny system plików? Jeśli tak, to czy to możliwe, żeby zmienić pliki windowsowe w linuksowe? Czy mozna me przemienić z powrotem w pliki windowsowe? I to używając windowsa? Bo nie mam linuksa. Albo w skrócie - co mam zrobić, zeby odzyskać te pliki i odtwarzać w windowsie?
Z góry dzięki za pomoc.

Gość
komentarz
komentarz

Pobierz[b] USBfix[/b] [b][url="http://www.teamxscript.org/usbfixTelechargement.html"]KLIK[/url][/b] podepnij urządzenie przenośne i wykonaj skan z opcji[b] Listing[/b]. Log z skanu wstaw do posta.

  • Dobra wypowiedź 1
Puru
komentarz
komentarz (edytowane)

Oto to:

[quote]############################## | UsbFix 7.058 | [Research]

User: DARIA (Administrator) # DARIA-HP [Hewlett-Packard HP Pavilion dv6500 Notebook PC]
Updated 24/08/2011 by El Desaparecido
Started at 18:56:56 | 29/08/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385

Windows Firewall: Enabled
RAM -> 2046 Mb
C:\ (%systemdrive%) -> Fixed drive # 105 Gb (16 Mb free - 15%) [] # NTFS
D:\ -> Fixed drive # 7 Gb (2 Mb free - 35%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM

################## | Files # Infected Folders |

Found ! C:\Users\DARIA\AppData\Roaming\1333.tmp
Found ! C:\Users\DARIA\AppData\Roaming\17F7.tmp
Found ! C:\Users\DARIA\AppData\Roaming\1F2D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\202C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\21B4.tmp
Found ! C:\Users\DARIA\AppData\Roaming\235D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2A34.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2A82.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2B57.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2F0D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\30A1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\34DE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\36D8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\36D9.tmp
Found ! C:\Users\DARIA\AppData\Roaming\3849.tmp
Found ! C:\Users\DARIA\AppData\Roaming\3B11.tmp
Found ! C:\Users\DARIA\AppData\Roaming\437B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\43A2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\45BB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\45E1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\46A6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4792.tmp
Found ! C:\Users\DARIA\AppData\Roaming\47C6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4ABD.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4BCB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4BF1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4D2C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4FAE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4FC6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\502.tmp
Found ! C:\Users\DARIA\AppData\Roaming\523B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\5256.tmp
Found ! C:\Users\DARIA\AppData\Roaming\5D51.tmp
Found ! C:\Users\DARIA\AppData\Roaming\5FCD.tmp
Found ! C:\Users\DARIA\AppData\Roaming\60F0.tmp
Found ! C:\Users\DARIA\AppData\Roaming\641A.tmp
Found ! C:\Users\DARIA\AppData\Roaming\67B0.tmp
Found ! C:\Users\DARIA\AppData\Roaming\6C1D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\6FCA.tmp
Found ! C:\Users\DARIA\AppData\Roaming\6FD5.tmp
Found ! C:\Users\DARIA\AppData\Roaming\742.tmp
Found ! C:\Users\DARIA\AppData\Roaming\76DE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\77B9.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7B97.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7C04.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7C63.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7C75.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7CE9.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7CF8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\832A.tmp
Found ! C:\Users\DARIA\AppData\Roaming\83CF.tmp
Found ! C:\Users\DARIA\AppData\Roaming\843B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\8872.tmp
Found ! C:\Users\DARIA\AppData\Roaming\8DC2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\9184.tmp
Found ! C:\Users\DARIA\AppData\Roaming\9200.tmp
Found ! C:\Users\DARIA\AppData\Roaming\92CF.tmp
Found ! C:\Users\DARIA\AppData\Roaming\95C8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\970E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\9763.tmp
Found ! C:\Users\DARIA\AppData\Roaming\99E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A037.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A430.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A433.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A48C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A60A.tmp
Found ! C:\Users\DARIA\AppData\Roaming\AB9E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\AC9F.tmp
Found ! C:\Users\DARIA\AppData\Roaming\AF31.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B0B7.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B30C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B741.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B775.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B9F4.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C1BA.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C2B6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C326.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C6B2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C7BC.tmp
Found ! C:\Users\DARIA\AppData\Roaming\CB6F.tmp
Found ! C:\Users\DARIA\AppData\Roaming\CEBA.tmp
Found ! C:\Users\DARIA\AppData\Roaming\CFB8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D26E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D399.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D529.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D5B0.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D91C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E0EB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E289.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E68E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E9EE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EA53.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EDFB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EEDB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EF53.tmp
Found ! C:\Users\DARIA\AppData\Roaming\F06C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\F12D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FA7B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FAC2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FBC1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FF29.tmp
Found ! C:\Users\DARIA\AppData\Roaming\windows.exe
Found ! C:\Users\DARIA\AppData\Roaming\Wyxdxz.exe
Found ! C:\Windows\system32\secushr.dat
Found ! C:\Users\DARIA\AppData\Local\Temp\mxa.exe
Found ! C:\Users\DARIA\AppData\Local\Temp\qdb.exe

################## | Registry |

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wyxdxz

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\F
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\G
Shell\AutoRun\Command = G:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{12fe6cb2-dde3-11de-8828-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{12fe6cc5-dde3-11de-8828-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{12fe6cf4-dde3-11de-8828-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{12fe6cf7-dde3-11de-8828-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{2bba5bc8-b9d0-11e0-a5c8-001e3703d9d9}
Shell\AutoRun\Command = G:\suppress_explorer.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{3b48c24c-e658-11de-8b6b-001e3703d9d9}
Shell\AutoRun\Command = G:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{59b9646c-e70b-11de-9d0c-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{59b9646f-e70b-11de-9d0c-001e3703d9d9}
Shell\AutoRun\Command = H:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{95cf96e7-dde0-11de-9090-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{95cf96ea-dde0-11de-9090-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{a8ab34e3-cfb5-11de-90e9-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cebe9cbd-dde1-11de-8c9d-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cebe9cc1-dde1-11de-8c9d-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cfd372bc-e00c-11de-ae03-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cfd372bf-e00c-11de-ae03-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d259c15c-cfa0-11de-b3b0-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d259c170-cfa0-11de-b3b0-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d259c1a7-cfa0-11de-b3b0-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{f5cb9d33-dde6-11de-8c02-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{f5cb9d36-dde6-11de-8c02-001e3703d9d9}
Shell\AutoRun\Command = G:\AutoRun.exe


################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |[/quote]

Gość
komentarz
komentarz

Z loga wynika że masz infekcje na dysku systemowy C.

[code]C:\ (%systemdrive%) -> Fixed drive # 105 Gb (16 Mb free - 15%) [] # NTFS
D:\ -> Fixed drive # 7 Gb (2 Mb free - 35%) [HP_RECOVERY] # NTFS[/code]

Czy na pewno podpiełaś pendriwa zanim uruchomiłaś USBfix? Pendrajw musi być podpiety do lapka zanim uruchomisz program.

  • Dobra wypowiedź 1
Puru
komentarz
komentarz (edytowane)

Ok, jeszcze raz. W tym folderze 'recycler' był (jest?) wirus, który powinien być skasowany. Jaki jest najlepszy darmowy antywirus, żeby to wszystko oczyścić?

[quote]############################## | UsbFix 7.058 | [Research]

User: DARIA (Administrator) # DARIA-HP [Hewlett-Packard HP Pavilion dv6500 Notebook PC]
Updated 24/08/2011 by El Desaparecido
Started at 19:51:49 | 29/08/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385

Windows Firewall: Enabled
RAM -> 2046 Mb
C:\ (%systemdrive%) -> Fixed drive # 105 Gb (16 Mb free - 15%) [] # NTFS
D:\ -> Fixed drive # 7 Gb (2 Mb free - 35%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> Fixed drive # 233 Gb (31 Mb free - 13%) [Daria] # NTFS

################## | Files # Infected Folders |

Found ! C:\Users\DARIA\AppData\Roaming\1333.tmp
Found ! C:\Users\DARIA\AppData\Roaming\17F7.tmp
Found ! C:\Users\DARIA\AppData\Roaming\1F2D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\202C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\21B4.tmp
Found ! C:\Users\DARIA\AppData\Roaming\235D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2A34.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2A82.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2B57.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2F0D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\30A1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\34DE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\36D8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\36D9.tmp
Found ! C:\Users\DARIA\AppData\Roaming\3849.tmp
Found ! C:\Users\DARIA\AppData\Roaming\3B11.tmp
Found ! C:\Users\DARIA\AppData\Roaming\437B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\43A2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\45BB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\45E1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\46A6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4792.tmp
Found ! C:\Users\DARIA\AppData\Roaming\47C6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4ABD.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4BCB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4BF1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4D2C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4FAE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4FC6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\502.tmp
Found ! C:\Users\DARIA\AppData\Roaming\523B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\5256.tmp
Found ! C:\Users\DARIA\AppData\Roaming\5D51.tmp
Found ! C:\Users\DARIA\AppData\Roaming\5FCD.tmp
Found ! C:\Users\DARIA\AppData\Roaming\60F0.tmp
Found ! C:\Users\DARIA\AppData\Roaming\641A.tmp
Found ! C:\Users\DARIA\AppData\Roaming\67B0.tmp
Found ! C:\Users\DARIA\AppData\Roaming\6C1D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\6FCA.tmp
Found ! C:\Users\DARIA\AppData\Roaming\6FD5.tmp
Found ! C:\Users\DARIA\AppData\Roaming\742.tmp
Found ! C:\Users\DARIA\AppData\Roaming\76DE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\77B9.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7B97.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7C04.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7C63.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7C75.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7CE9.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7CF8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\832A.tmp
Found ! C:\Users\DARIA\AppData\Roaming\83CF.tmp
Found ! C:\Users\DARIA\AppData\Roaming\843B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\8872.tmp
Found ! C:\Users\DARIA\AppData\Roaming\8DC2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\9184.tmp
Found ! C:\Users\DARIA\AppData\Roaming\9200.tmp
Found ! C:\Users\DARIA\AppData\Roaming\92CF.tmp
Found ! C:\Users\DARIA\AppData\Roaming\95C8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\970E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\9763.tmp
Found ! C:\Users\DARIA\AppData\Roaming\99E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A037.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A430.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A433.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A48C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A60A.tmp
Found ! C:\Users\DARIA\AppData\Roaming\AB9E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\AC9F.tmp
Found ! C:\Users\DARIA\AppData\Roaming\AF31.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B0B7.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B30C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B741.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B775.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B9F4.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C1BA.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C2B6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C326.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C6B2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C7BC.tmp
Found ! C:\Users\DARIA\AppData\Roaming\CB6F.tmp
Found ! C:\Users\DARIA\AppData\Roaming\CEBA.tmp
Found ! C:\Users\DARIA\AppData\Roaming\CFB8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D26E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D399.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D529.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D5B0.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D91C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E0EB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E289.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E68E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E9EE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EA53.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EDFB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EEDB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EF53.tmp
Found ! C:\Users\DARIA\AppData\Roaming\F06C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\F12D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FA7B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FAC2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FBC1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FF29.tmp
Found ! C:\Users\DARIA\AppData\Roaming\windows.exe
Found ! C:\Users\DARIA\AppData\Roaming\Wyxdxz.exe
Found ! C:\Windows\system32\secushr.dat
Found ! C:\Users\DARIA\AppData\Local\Temp\mxa.exe
Found ! C:\Users\DARIA\AppData\Local\Temp\qdb.exe
Found ! H:\RECYCLER\0xFFD12566.exe
Found ! H:\MUZYKA
Found ! H:\R

################## | Registry |

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wyxdxz

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\F
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\G
Shell\AutoRun\Command = G:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{12fe6cb2-dde3-11de-8828-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{12fe6cc5-dde3-11de-8828-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{12fe6cf4-dde3-11de-8828-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{12fe6cf7-dde3-11de-8828-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{2bba5bc8-b9d0-11e0-a5c8-001e3703d9d9}
Shell\AutoRun\Command = G:\suppress_explorer.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{3b48c24c-e658-11de-8b6b-001e3703d9d9}
Shell\AutoRun\Command = G:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{59b9646c-e70b-11de-9d0c-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{59b9646f-e70b-11de-9d0c-001e3703d9d9}
Shell\AutoRun\Command = H:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{95cf96e7-dde0-11de-9090-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{95cf96ea-dde0-11de-9090-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{a8ab34e3-cfb5-11de-90e9-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cebe9cbd-dde1-11de-8c9d-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cebe9cc1-dde1-11de-8c9d-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cfd372bc-e00c-11de-ae03-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cfd372bf-e00c-11de-ae03-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d259c15c-cfa0-11de-b3b0-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d259c170-cfa0-11de-b3b0-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{d259c1a7-cfa0-11de-b3b0-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{f5cb9d33-dde6-11de-8c02-001e3703d9d9}
Shell\AutoRun\Command = F:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{f5cb9d36-dde6-11de-8c02-001e3703d9d9}
Shell\AutoRun\Command = G:\AutoRun.exe


################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |[/quote]

Gość
komentarz
komentarz

No teraz podpiełaś dysk i go widze pojawił się jako F. Na razie nic nie rób.

Pobierz OTL [b][url="http://oldtimer.geekstogo.com/OTL.exe"]KLIK[/url][/b] i wykonaj logi wg poniższych ustawień:

Po uruchomieniu OTL pojawi sie okienko główne i w nim masz zaznaczyć następujące opcje:

Wszystkie sekcje ustawione na[b] Użyj filtrowania[/b] (Use SafeList).
Należy zaznaczyć [b]Wszyscy użytkownicy[/b] (Scan All Users)
Dodatkowo postawić ptaszki przy pozycjach [b]Infekcja LOP[/b] (LOP Check) +[b] Infekcja Purity[/b] (Purity Check)

Potem klikasz Skanuj. Jak program skończy powstaną dwa logi OTL i Extras, obydwa wstaw na [b]wklej.to[/b] albo iinny hosting.

  • Dobra wypowiedź 1
Puru
komentarz
komentarz (edytowane)

Found ! H:\RECYCLER\0xFFD12566.exe
Found ! H:\MUZYKA
Found ! H:\R


Mi chodzi o ten dysk. Na nim wszystko jest niewidzialne.


http://wklej.to/MrP2h

ok. Zrobiłam pliki 'młodsze niż 30 dni' i zorientowalam się dopiero po fakcie. Zrobić młodsze niż 360?

Gość
komentarz
komentarz

[quote]Mi chodzi o ten dysk. Na nim wszystko jest niewidzialne. [/quote]

Wiem, pomyliłem litere dysku zewnetrznego. Czy możesz wykonać logi z OTL, o które prosiłem. Potem zaczniemy usuwanie.

  • Dobra wypowiedź 1
Puru
komentarz
komentarz

Zrobiłam wyżej, ale z 30 dni. Ten dysk jest popsuty dłużej niż 30 dni, więc zrobię nowy z 360 dni. Plik recycler został chyba usunięty, kiedy dałam dysk znajomym do sprawdzenia.

Gość
komentarz
komentarz

[quote]więc zrobię nowy z 360 dni [/quote]

Nie rób nic. Miały byc dwa logi wstaw jeszce Extras. Infekcja znajduje sie w systemie też.

  • Dobra wypowiedź 1
Puru
komentarz
komentarz

Ou, nie zauważyłam, że dwa pliki mi się otworzyły. http://wklej.to/xw2hM tutaj. Jak coś to zrobiłam już te z 360 dni też.

Gość
komentarz
komentarz (edytowane)

[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:


[php]:Files
C:\Users\DARIA\AppData\Roaming\windows.exe
C:\autoexec.bat --
H:\RECYCLER\0xFFD12566.exe

:Services
FontCache3.0.0.0
clr_optimization_v2.0.50727_32

:OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3680645043-850025330-1969426876-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3680645043-850025330-1969426876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://redirecturls.info/
O3 - HKU\S-1-5-21-3680645043-850025330-1969426876-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{12fe6cb2-dde3-11de-8828-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{12fe6cb2-dde3-11de-8828-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{12fe6cc5-dde3-11de-8828-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{12fe6cc5-dde3-11de-8828-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{12fe6cf4-dde3-11de-8828-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{12fe6cf4-dde3-11de-8828-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{12fe6cf7-dde3-11de-8828-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{12fe6cf7-dde3-11de-8828-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2bba5bc8-b9d0-11e0-a5c8-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{2bba5bc8-b9d0-11e0-a5c8-001e3703d9d9}\Shell\AutoRun\command - "" = G:\suppress_explorer.exe
O33 - MountPoints2\{3b48c24c-e658-11de-8b6b-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{3b48c24c-e658-11de-8b6b-001e3703d9d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{59b9646c-e70b-11de-9d0c-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{59b9646c-e70b-11de-9d0c-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{59b9646f-e70b-11de-9d0c-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{59b9646f-e70b-11de-9d0c-001e3703d9d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{95cf96e7-dde0-11de-9090-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{95cf96e7-dde0-11de-9090-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{95cf96ea-dde0-11de-9090-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{95cf96ea-dde0-11de-9090-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a8ab34e3-cfb5-11de-90e9-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{a8ab34e3-cfb5-11de-90e9-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cebe9cbd-dde1-11de-8c9d-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{cebe9cbd-dde1-11de-8c9d-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cebe9cc1-dde1-11de-8c9d-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{cebe9cc1-dde1-11de-8c9d-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cfd372bc-e00c-11de-ae03-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{cfd372bc-e00c-11de-ae03-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cfd372bf-e00c-11de-ae03-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{cfd372bf-e00c-11de-ae03-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d259c15c-cfa0-11de-b3b0-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{d259c15c-cfa0-11de-b3b0-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d259c170-cfa0-11de-b3b0-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{d259c170-cfa0-11de-b3b0-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d259c1a7-cfa0-11de-b3b0-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{d259c1a7-cfa0-11de-b3b0-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f5cb9d33-dde6-11de-8c02-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{f5cb9d33-dde6-11de-8c02-001e3703d9d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f5cb9d36-dde6-11de-8c02-001e3703d9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{f5cb9d36-dde6-11de-8c02-001e3703d9d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
@Alternate Data Stream - 164 bytes -> C:\Users\DARIA\Desktop\zdjecie2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\DARIA\Desktop\zdjecie.jpeg:3or4kl4x13tuuug3Byamue2s4b

:Commands
[resethosts]
[emptyflash]
[emptytemp][/php]


Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. Bedzie log z usuwania daj do niego link.

[b]2.[/b] Z panelu usuwania programów odinstaluj zbędne sponsoringi - [b]Conduit Engine[/b] [b]/ uTorrentBar Toolbar[/b] [b]ICQToolbar[/b]

[b]3.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL

  • Dobra wypowiedź 1
Puru
komentarz
komentarz

http://wklej.to/H71oB tutaj po resecie

utorrent bar nie chce się odinstalować, ale odinstalowałam gmote (chociaż nadal pokazuje się w tym tekście...)

http://wklej.to/1JyI3 :)

Gość
komentarz
komentarz

Co znaczy ten usmieszek? Widać foldery na dysku przenosnym czy jeszcze nie?

[quote]utorrent bar nie chce się odinstalować[/quote]

Usuniemy resztki śmieci. Uruchom OTL i wklej następujący skrypt:


[php]:Files
C:\Program Files\ICQ6Toolbar\ICQ Service.exe

:Services
ICQ Service


:OTL
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
[2011-04-10 12:29:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\DARIA\AppData\Roaming\mozilla\Firefox\Profiles\oyt70que.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011-07-17 17:06:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\DARIA\AppData\Roaming\mozilla\Firefox\Profiles\oyt70que.default\extensions\engine@conduit.com
[2011-07-17 17:06:34 | 000,000,863 | ---- | M] () -- C:\Users\DARIA\AppData\Roaming\Mozilla\Firefox\Profiles\oyt70que.default\searchplugins\conduit.xml
[2011-08-27 19:35:19 | 000,000,961 | ---- | M] () -- C:\Users\DARIA\AppData\Roaming\Mozilla\Firefox\Profiles\oyt70que.default\searchplugins\icqplugin-1.xml
[2011-07-19 04:30:32 | 000,000,961 | ---- | M] () -- C:\Users\DARIA\AppData\Roaming\Mozilla\Firefox\Profiles\oyt70que.default\searchplugins\icqplugin-2.xml
[2010-09-23 16:11:05 | 000,000,958 | ---- | M] () -- C:\Users\DARIA\AppData\Roaming\Mozilla\Firefox\Profiles\oyt70que.default\searchplugins\icqplugin.x[/php]

Po wykonaniu skryptu daj nowe logi z OTL.

  • Dobra wypowiedź 1
Puru
komentarz
komentarz

http://wklej.to/QdQWX

Nie-e, nie działa. Uśmieszek tak z wdzięczności za spędzanie kilku h na naprawianiu mi kompa :P Btw, nie wiem, czy sama naprawa laptopa coś pomoże. Ten dysk nie działał na kilku laptopach. A wirus też może byc z innego lapa.

Gość
komentarz
komentarz

Pliki maja atrybut ukryty. Puść jeszce raz skan USBfix i daj log. Niech zobacze jak wygląda to na dysku.
Spróbuj zrobić tak [b]Panel sterowania > Opcje folderów > Widok i na liście odznacz Ukruj chronione plik i zaznacz pokaż Ukryte pliki foldery i dyski[/b]
Powinnaś zobaczyć katalogi
[b]H:\MUZYKA
H:\R[/b]

  • Dobra wypowiedź 1
Puru
komentarz
komentarz (edytowane)

... i to wystarczyło? :P Widać... demyt, czuję się jak idiotka teraz :P Miałam zaznaczone, żeby było widać ukryte pliki i widziałam folder recycler jako ukryty, więc myślałam, że to już jest odznaczone :P Ale widze o wiele wiele więcej folderów.

Btw - jak zrobić, żeby te pliki nie były ukryte?

Tu jeszcze z USBFixa
[quote]############################## | UsbFix 7.058 | [Research]

User: DARIA (Administrator) # DARIA-HP [Hewlett-Packard HP Pavilion dv6500 Notebook PC]
Updated 24/08/2011 by El Desaparecido
Started at 23:23:54 | 29/08/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385

Windows Firewall: Enabled
RAM -> 2046 Mb
C:\ (%systemdrive%) -> Fixed drive # 105 Gb (20 Mb free - 19%) [] # NTFS
D:\ -> Fixed drive # 7 Gb (2 Mb free - 35%) [HP_RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> Fixed drive # 233 Gb (34 Mb free - 15%) [Daria] # NTFS

################## | Files # Infected Folders |

Found ! C:\Users\DARIA\AppData\Roaming\1333.tmp
Found ! C:\Users\DARIA\AppData\Roaming\17F7.tmp
Found ! C:\Users\DARIA\AppData\Roaming\1F2D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\202C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\21B4.tmp
Found ! C:\Users\DARIA\AppData\Roaming\235D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2A34.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2A82.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2B57.tmp
Found ! C:\Users\DARIA\AppData\Roaming\2F0D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\30A1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\34DE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\36D8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\36D9.tmp
Found ! C:\Users\DARIA\AppData\Roaming\3849.tmp
Found ! C:\Users\DARIA\AppData\Roaming\3B11.tmp
Found ! C:\Users\DARIA\AppData\Roaming\437B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\43A2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\45BB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\45E1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\46A6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4792.tmp
Found ! C:\Users\DARIA\AppData\Roaming\47C6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4ABD.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4BCB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4BF1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4D2C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4FAE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\4FC6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\502.tmp
Found ! C:\Users\DARIA\AppData\Roaming\523B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\5256.tmp
Found ! C:\Users\DARIA\AppData\Roaming\5D51.tmp
Found ! C:\Users\DARIA\AppData\Roaming\5FCD.tmp
Found ! C:\Users\DARIA\AppData\Roaming\60F0.tmp
Found ! C:\Users\DARIA\AppData\Roaming\641A.tmp
Found ! C:\Users\DARIA\AppData\Roaming\67B0.tmp
Found ! C:\Users\DARIA\AppData\Roaming\6C1D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\6FCA.tmp
Found ! C:\Users\DARIA\AppData\Roaming\6FD5.tmp
Found ! C:\Users\DARIA\AppData\Roaming\742.tmp
Found ! C:\Users\DARIA\AppData\Roaming\76DE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\77B9.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7B97.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7C04.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7C63.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7C75.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7CE9.tmp
Found ! C:\Users\DARIA\AppData\Roaming\7CF8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\832A.tmp
Found ! C:\Users\DARIA\AppData\Roaming\83CF.tmp
Found ! C:\Users\DARIA\AppData\Roaming\843B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\8872.tmp
Found ! C:\Users\DARIA\AppData\Roaming\8DC2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\9184.tmp
Found ! C:\Users\DARIA\AppData\Roaming\9200.tmp
Found ! C:\Users\DARIA\AppData\Roaming\92CF.tmp
Found ! C:\Users\DARIA\AppData\Roaming\95C8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\970E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\9763.tmp
Found ! C:\Users\DARIA\AppData\Roaming\99E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A037.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A430.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A433.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A48C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\A60A.tmp
Found ! C:\Users\DARIA\AppData\Roaming\AB9E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\AC9F.tmp
Found ! C:\Users\DARIA\AppData\Roaming\AF31.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B0B7.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B30C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B741.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B775.tmp
Found ! C:\Users\DARIA\AppData\Roaming\B9F4.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C1BA.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C2B6.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C326.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C6B2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\C7BC.tmp
Found ! C:\Users\DARIA\AppData\Roaming\CB6F.tmp
Found ! C:\Users\DARIA\AppData\Roaming\CEBA.tmp
Found ! C:\Users\DARIA\AppData\Roaming\CFB8.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D26E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D399.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D529.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D5B0.tmp
Found ! C:\Users\DARIA\AppData\Roaming\D91C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E0EB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E289.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E68E.tmp
Found ! C:\Users\DARIA\AppData\Roaming\E9EE.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EA53.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EDFB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EEDB.tmp
Found ! C:\Users\DARIA\AppData\Roaming\EF53.tmp
Found ! C:\Users\DARIA\AppData\Roaming\F06C.tmp
Found ! C:\Users\DARIA\AppData\Roaming\F12D.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FA7B.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FAC2.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FBC1.tmp
Found ! C:\Users\DARIA\AppData\Roaming\FF29.tmp
Found ! C:\Users\DARIA\AppData\Roaming\Wyxdxz.exe
Found ! C:\Windows\system32\secushr.dat
Found ! H:\MUZYKA
Found ! H:\R

################## | Registry |

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wyxdxz

################## | Mountpoints2 |


################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |
[/quote]

Gość
komentarz
komentarz

[quote]Btw - jak zrobić, żeby te pliki nie były ukryte? [/quote]

Wklej do notatnika ten tekst:

[php]H:
attrib /d /s -s -h H:\*
pause[/php]


[b]Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.BAT > Uruchom ten plik[/b] z prawokliku jako administrator

  • Dobra wypowiedź 1
Puru
komentarz
komentarz (edytowane)

Yay! Dzięki :D! Teraz chyba wszystko jest ok! Nie mam jak Ci sensownie podziękować, ale znalazlam Ci to! http://www.meme4u.com/ecards/thank_you/at_work/card_145.htm lol :P

PS: Oglądaj z dźwiękiem! To połowa efektu! :P

Gość
komentarz
komentarz

[quote]Yay! Dzięki [img]public/style_emoticons/default/biggrin.gif[/img]! Teraz chyba wszystko jest ok! Nie mam jak Ci sensownie podziękować, ale znalazlam Ci to! [/quote]

Ok. Fajnie. Ale to nie koniec. Zostało jeszce parę rzeczy do zrobienia.

1. Wyłacz Przywracanie systemu na minute, dwie potem włacz. To opróżni foldery [b]System Volume Information[/b]. Instrukcja [color="#0000FF"][b][url="http://www.fixitpc.pl/topic/5-dezynfekcja-metody-usuwania-czesc-1/#1"]KLIK[/url][/b][/color]

2. Urucho [b]USBfix[/b] i kliknij Unistall - to usunie program zdysku.

3. Uruchom OTL i kliknij opcje Sprzątanie. To usunie kwarantanne i program.

proponuje zmienić komunikator [b]GG[/b] na inny. Te wpisy widoczne w logach z USBfix są od niego Found ! C:\Users\DARIA\AppData\Roaming\B775.tmp
Stale bedą generowane. Poza tym jest dziurawy i nie zapewnia należytej ochrony korespondencji.

Odinstaluj [b]Java(TM) 6 Update 17 i pobierz najnowszą Java 7

[/b]i to by było na tyle. Pozdrawiam :)
[b]

[/b]

  • Dobra wypowiedź 1
Puru
komentarz
komentarz

Oprócz GG zrobione! Dzięki Ci bardzo jesszcze raz! :D

Gość
komentarz
komentarz

[quote]Oprócz GG zrobione! [/quote]

Zastanów sie. Masz starą wersje polecam AQQ,, Mirande, WTW. Bez problemu można przenieść kontakty.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.