x-kom hosting

Problemy z wirusami

barteklord1
utworzono
utworzono

Pomocy ! Przez przypadek sciagnalem jakiegos cracka z internetu pisalo ze to jakis program do obrobki zdjec darmowy itd. i pisze mi teraz Virus Alert obok zegara systemowego a na pulpicie caly czas (nawet jak usune) pokazuja mi sie 3 ikony Error Cleaner, Privacy Protectior, Spyware & protection !! nie wiem co mam robic mam kaspersky 2009 usunal niby wszystko ale dalej nic!! probowalem zdeformatowac dyski ale tu najwiekszy problem ... dyski poprostu ''zniknely'' !! nie ma ich daje moj komputer jest wszystko ale nie ma dysku c ani d a jak wkladam plytke od windowsa daje zainstaluj windowsa to pisze mi ze cos tam nie moge ... nie wiem daje screena jak wyglada moj pulpit

barteklord1
komentarz
komentarz

thx mam taki komunikat :ComboFix 08-08-03.03 - P4_7.2008 2008-08-04 9:55:38.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.478 [GMT 2:00]

Running from: C:\Documents and Settings\P4_7.2008\Pulpit\ComboFix.exe

* Created a new restore point

[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\P4_7.2008\Pulpit\Error Cleaner.urlC:\Documents and Settings\P4_7.2008\Pulpit\Privacy Protector.urlC:\Documents and Settings\P4_7.2008\Pulpit\Spyware&Malware Protection.urlC:\Documents and Settings\P4_7.2008\Ulubione\Error Cleaner.urlC:\Documents and Settings\P4_7.2008\Ulubione\Privacy Protector.urlC:\Documents and Settings\P4_7.2008\Ulubione\Spyware&Malware Protection.urlC:\WINDOWS\edot.exeC:\WINDOWS\eqvwamkl.dllC:\WINDOWS\etfl.exeC:\WINDOWS\fdkowvbp.dllC:\WINDOWS\grswptdl.exeC:\WINDOWS\nfavxwdbdfm.dllC:\WINDOWS\nfavxwdbvft.dllC:\WINDOWS\privacy_dangerC:\WINDOWS\privacy_danger\images\capt.gifC:\WINDOWS\privacy_danger\images\danger.jpgC:\WINDOWS\privacy_danger\images\down.gifC:\WINDOWS\privacy_danger\images\spacer.gifC:\WINDOWS\privacy_danger\index.htmC:\WINDOWS\wnslvxtf.dll.(((((((((((((((((((((((((   Files Created from 2008-07-04 to 2008-08-04  ))))))))))))))))))))))))))))))).2008-08-04 08:36 . 2008-08-04 09:54	<DIR>	d--------	C:\Documents and Settings\P4_7.2008\.gimp-2.42008-08-04 08:35 . 2008-08-04 08:36	<DIR>	d--------	C:\Program Files\GIMP-2.02008-08-03 22:47 . 2008-08-03 22:47	<DIR>	d--------	C:\Program Files\Jasc Software Inc2008-08-02 13:16 . 2008-08-03 09:51	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\services2008-08-02 13:14 . 2008-08-02 13:14	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Secure Solutions2008-08-01 20:39 . 2008-08-01 20:39	<DIR>	d--------	C:\Documents and Settings\P4_7.2008\Dane aplikacji\AdobeUM2008-08-01 13:07 . 2008-08-01 13:07	<DIR>	d--------	C:\Program Files\Common Files\INCA Shared2008-08-01 13:07 . 2003-07-21 05:17	5,174	--a------	C:\WINDOWS\system32\nppt9x.vxd2008-08-01 13:07 . 2005-01-04 20:43	4,682	--a------	C:\WINDOWS\system32\npptNT2.sys2008-08-01 11:48 . 2008-08-01 20:05	<DIR>	d---s----	C:\Program Files\Xfire2008-08-01 11:48 . 2008-08-04 08:22	<DIR>	d--------	C:\Documents and Settings\P4_7.2008\Dane aplikacji\Xfire2008-07-23 17:52 . 2008-07-23 17:52	806	--a------	C:\WINDOWS\hpinfo.lnk2008-07-23 17:46 . 2008-07-23 17:52	<DIR>	d--------	C:\Program Files\hp deskjet 656c series2008-07-23 17:19 . 2008-07-23 17:19	376	--a------	C:\WINDOWS\mozregistry.dat2008-07-23 17:17 . 2008-07-23 17:41	<DIR>	d--------	C:\Program Files\Hewlett-Packard2008-07-23 15:35 . 2008-04-14 00:17	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys2008-07-23 15:35 . 2008-04-14 00:17	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys2008-07-23 15:34 . 2008-07-23 15:34	<DIR>	d--------	C:\Documents and Settings\P4_7.2008\2kxpinf2008-07-22 21:29 . 2008-07-22 21:29	<DIR>	d--------	C:\WINDOWS\system32\Lang2008-07-22 21:29 . 2008-07-22 21:29	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav2008-07-22 21:29 . 2008-07-22 21:29	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav2008-07-21 23:03 . 2008-04-14 22:50	54,784	--a------	C:\WINDOWS\system32\vfwwdm32.dll2008-07-21 23:03 . 2008-04-14 22:50	54,784	--a--c---	C:\WINDOWS\system32\dllcache\vfwwdm32.dll2008-07-21 22:56 . 2006-07-25 05:47	391,791	--a------	C:\WINDOWS\system32\drivers\ZS211.sys2008-07-21 22:56 . 2006-07-14 08:36	172,115	--a------	C:\WINDOWS\system32\ZS211Prp.Ax2008-07-21 22:56 . 2006-07-14 08:35	102,400	--a------	C:\WINDOWS\ZS211Cap.exe2008-07-21 22:56 . 2006-07-14 10:11	81,920	--a------	C:\WINDOWS\system32\ZS211STI.dll2008-07-21 22:56 . 2006-07-14 10:24	49,152	--a------	C:\WINDOWS\ZSSnp211.EXE2008-07-21 22:56 . 2006-07-04 08:16	49,152	--a------	C:\WINDOWS\Domino.EXE2008-07-21 15:16 . 2006-03-14 08:28	172,032	--a------	C:\WINDOWS\amcap.exe2008-07-21 14:43 . 2008-07-21 14:43	<DIR>	d--------	C:\Documents and Settings\P4_7.2008\Dane aplikacji\SecondLife2008-07-21 10:39 . 2008-07-21 10:45	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE2008-07-21 10:22 . 2008-07-21 10:22	1,062	--a------	C:\WINDOWS\system32\Pmac.bmp2008-07-21 10:21 . 2008-07-21 10:21	<DIR>	d--------	C:\Program Files\CC-CAM2008-07-21 10:21 . 1999-12-17 10:13	86,016	--a------	C:\WINDOWS\unvise32.exe2008-07-21 10:18 . 2008-07-23 18:00	<DIR>	d--------	C:\Program Files\Norton Security Scan2008-07-21 10:17 . 2008-07-21 10:18	<DIR>	d--------	C:\WINDOWS\system32\Adobe2008-07-19 13:53 . 2008-07-19 13:53	<DIR>	d--------	C:\Program Files\BearShare Applications2008-07-19 13:53 . 2008-07-19 13:54	<DIR>	d--------	C:\Documents and Settings\P4_7.2008\Dane aplikacji\BearShare2008-07-19 13:53 . 2007-11-22 16:00	483,328	--a------	C:\WINDOWS\system32\actskn45.ocx2008-07-19 13:20 . 2008-07-19 13:20	<DIR>	d--------	C:\Program Files\uTorrent2008-07-19 13:20 . 2008-08-03 13:02	<DIR>	d--------	C:\Documents and Settings\P4_7.2008\Dane aplikacji\uTorrent2008-07-18 10:22 . 2008-07-18 10:22	<DIR>	d--------	C:\Program Files\Common Files\Real2008-07-18 10:22 . 2008-07-18 10:22	668,938	--a------	C:\WINDOWS\unins000.exe2008-07-18 10:22 . 2008-07-18 10:22	936	--a------	C:\WINDOWS\unins000.dat2008-07-18 10:05 . 2008-07-18 10:06	<DIR>	d--------	C:\Program Files\Xvid2008-07-18 10:05 . 2007-06-28 18:52	765,952	--a------	C:\WINDOWS\system32\xvidcore.dll2008-07-18 10:05 . 2007-06-28 18:54	180,224	--a------	C:\WINDOWS\system32\xvidvfw.dll2008-07-18 10:05 . 2007-06-28 18:55	77,824	--a------	C:\WINDOWS\system32\xvid.ax2008-07-17 21:09 . 2008-04-14 22:51	221,184	--a------	C:\WINDOWS\system32\wmpns.dll2008-07-17 20:48 . 2008-08-04 08:20	<DIR>	d--------	C:\Documents and Settings\P4_7.2008\Dane aplikacji\skypePM2008-07-17 20:48 . 2008-07-17 20:48	56	--ah-----	C:\WINDOWS\system32\ezsidmv.dat2008-07-17 20:47 . 2008-08-03 10:33	<DIR>	d--------	C:\Documents and Settings\P4_7.2008\Dane aplikacji\Skype2008-07-17 20:44 . 2008-07-17 20:44	<DIR>	d--------	C:\Program Files\Skype2008-07-17 20:44 . 2008-07-17 20:44	<DIR>	d--------	C:\Program Files\Common Files\Skype2008-07-17 20:44 . 2008-07-17 20:44	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype2008-07-17 20:42 . 2006-11-21 20:24	1,488,688	--a------	C:\WINDOWS\LegitCheckControl.DLL2008-07-17 20:42 . 2006-06-19 15:20	312,112	--a------	C:\WINDOWS\WgaLogon.dll2008-07-17 20:42 . 2006-06-19 15:19	253,744	--a------	C:\WINDOWS\WgaTray.exe2008-07-17 20:42 . 2006-12-09 23:33	631	--a------	C:\WINDOWS\installer.bat2008-07-17 20:36 . 2006-11-21 20:24	1,488,688	--a------	C:\LegitCheckControl.DLL2008-07-17 20:36 . 2006-06-19 15:20	312,112	--a------	C:\WgaLogon.dll2008-07-17 20:36 . 2006-06-19 15:19	253,744	--a------	C:\WgaTray.exe2008-07-17 20:36 . 2006-12-09 23:33	631	--a------	C:\installer.bat2008-07-17 14:55 . 2008-07-17 14:55	3,932,214	--a------	C:\WINDOWS\BricoPack Wallpaper.bmp2008-07-17 14:55 . 2008-07-17 14:55	64,274	--a------	C:\WINDOWS\BricoPackUninst.cmd2008-07-17 14:49 . 2008-07-17 14:55	6,124	--a------	C:\WINDOWS\BricoPackFoldersDelete.cmd2008-07-17 14:48 . 2008-07-17 14:48	<DIR>	d--------	C:\WINDOWS\BricoPacks2008-07-17 12:26 . 2008-07-17 12:26	<DIR>	d--------	C:\WINDOWS\Sun2008-07-17 12:26 . 2008-07-17 12:26	<DIR>	d--------	C:\WINDOWS\.jagex_cache_322008-07-17 12:26 . 2008-07-17 12:26	0	--a------	C:\Documents and Settings\P4_7.2008\jagex_runescape_preferences.dat2008-07-17 12:25 . 2008-07-17 12:25	<DIR>	d--------	C:\Program Files\Sun2008-07-17 12:25 . 2008-07-17 12:25	<DIR>	d--------	C:\Program Files\Java2008-07-17 12:25 . 2008-06-10 02:32	73,728	--a------	C:\WINDOWS\system32\javacpl.cpl2008-07-17 12:23 . 2008-07-17 12:23	<DIR>	d--------	C:\Program Files\Common Files\Java2008-07-17 10:37 . 2008-07-17 10:37	<DIR>	d--------	C:\Program Files\Microsoft Games2008-07-16 15:22 . 2008-06-14 19:36	273,024	---------	C:\WINDOWS\system32\drivers\bthport.sys2008-07-16 15:22 . 2008-06-14 19:36	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-07-16 15:16 . 2008-07-31 11:00	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$2008-07-16 15:16 . 2005-02-25 05:36	22,752	--a------	C:\WINDOWS\system32\spupdsvc.exe2008-07-15 21:15 . 2008-07-17 16:34	48,101	--a------	C:\Program.RPT2008-07-15 17:08 . 2008-07-15 17:09	<DIR>	d--------	C:\Program Files\Sterowniki2008-07-15 17:03 . 2008-07-15 17:03	0	--a------	C:\WINDOWS\nsreg.dat2008-07-15 16:49 . 2008-07-15 16:49	<DIR>	d--------	C:\Program Files\SAGEM2008-07-15 16:49 . 2005-11-04 16:55	126,976	--a------	C:\WINDOWS\system32\coclassfast.dll2008-07-15 11:52 . 2008-07-15 11:52	8,599	--a------	C:\Program1.RPT2008-07-14 21:12 . 2008-07-14 21:12	4,096	--a------	C:\WINDOWS\d3dx.dat2008-07-14 21:09 . 2008-07-14 21:09	271,360	--a------	C:\WINDOWS\system32\drivers\atksgt.sys2008-07-14 21:09 . 2008-07-14 21:09	18,048	--a------	C:\WINDOWS\system32\drivers\lirsgt.sys2008-07-14 20:56 . 2008-07-14 20:56	<DIR>	d--------	C:\Program Files\JoWood2008-07-14 20:53 . 2008-08-01 16:38	116	--a------	C:\WINDOWS\NeroDigital.ini2008-07-14 20:44 . 2008-07-14 20:44	<DIR>	d--------	C:\Program Files\Piranha Bytes2008-07-14 20:12 . 2006-06-19 15:20	312,112	--a------	C:\WINDOWS\system32\wgalogon.dll.old2008-07-14 20:12 . 2006-06-19 15:19	253,744	--a------	C:\WINDOWS\system32\wgatray.exe.old2008-07-14 19:50 . 2008-07-14 19:51	<DIR>	d--------	C:\Program Files\totalcmd2008-07-14 19:50 . 2007-06-06 07:00	545	--a------	C:\WINDOWS\UC.PIF2008-07-14 19:50 . 2007-06-06 07:00	545	--a------	C:\WINDOWS\RAR.PIF2008-07-14 19:50 . 2007-06-06 07:00	545	--a------	C:\WINDOWS\PKZIP.PIF2008-07-14 19:50 . 2007-06-06 07:00	545	--a------	C:\WINDOWS\PKUNZIP.PIF2008-07-14 19:50 . 2007-06-06 07:00	545	--a------	C:\WINDOWS\NOCLOSE.PIF2008-07-14 19:50 . 2007-06-06 07:00	545	--a------	C:\WINDOWS\LHA.PIF2008-07-14 19:50 . 2007-06-06 07:00	545	--a------	C:\WINDOWS\ARJ.PIF2008-07-14 19:48 . 2008-07-14 19:48	<DIR>	d--------	C:\WINDOWS\OPTIONS2008-07-14 19:48 . 2004-07-16 14:19	70,400	--a------	C:\WINDOWS\system32\drivers\Rtlnicxp.sys2008-07-14 19:31 . 2008-07-31 11:00	96,559	--a------	C:\WINDOWS\system32\drivers\klin.dat2008-07-14 19:31 . 2008-07-31 11:00	87,855	--a------	C:\WINDOWS\system32\drivers\klick.dat2008-07-14 19:30 . 2008-07-14 19:30	<DIR>	d--------	C:\Program Files\Kaspersky Lab2008-07-14 19:30 . 2008-07-14 19:30	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2008-07-14 19:30 . 2008-08-04 08:20	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-07-14 19:30 . 2008-08-04 09:59	1,745,440	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat2008-07-14 19:30 . 2008-08-04 09:59	245,792	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat2008-07-14 19:30 . 2008-08-04 09:59	15,764	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx2008-07-14 19:30 . 2008-08-04 09:59	2,968	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx2008-07-14 19:28 . 2006-08-01 15:02	49,152	--a------	C:\WINDOWS\system32\ChCfg.exe2008-07-14 19:28 . 2008-04-14 00:15	6,272	--a------	C:\WINDOWS\system32\drivers\splitter.sys2008-07-14 19:28 . 2008-04-14 00:15	6,272	--a--c---	C:\WINDOWS\system32\dllcache\splitter.sys2008-07-14 19:27 . 2008-07-14 19:27	<DIR>	d--------	C:\Program Files\Realtek Sound Manager2008-07-14 19:27 . 2008-07-14 19:27	<DIR>	d--------	C:\Program Files\Realtek AC972008-07-14 19:27 . 2008-07-14 19:27	<DIR>	d--------	C:\Program Files\AvRack2008-07-14 19:26 . 2008-07-14 19:26	<DIR>	d--------	C:\Program Files\Intel2008-07-14 19:25 . 2008-07-21 15:15	<DIR>	d--h-----	C:\Program Files\InstallShield Installation Information2008-07-14 19:25 . 2008-07-14 19:27	<DIR>	d--------	C:\Program Files\Common Files\InstallShield2008-07-14 16:58 . 2008-07-14 16:59	<DIR>	d--------	C:\WINDOWS\system32\MsDtc.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-31 13:05	---------	d-----w	C:\Program Files\ffdshow2008-07-17 12:55	219,648	----a-w	C:\WINDOWS\system32\uxtheme.dll2008-07-14 15:14	---------	d-----w	C:\Program Files\Gadu-Gadu2008-07-14 15:14	---------	d-----w	C:\Documents and Settings\P4_7.2008\Dane aplikacji\Gadu-Gadu2008-07-14 15:13	---------	d-----w	C:\Program Files\Common Files\Adobe2008-07-14 15:13	---------	d-----w	C:\Documents and Settings\P4_7.2008\Dane aplikacji\Media Player Classic2008-07-14 15:11	---------	d-----w	C:\Program Files\Common Files\Ahead2008-07-14 15:11	---------	d-----w	C:\Program Files\Ahead2008-07-14 15:04	---------	d-----w	C:\Program Files\microsoft frontpage2008-07-14 15:02	---------	d-----w	C:\Program Files\Usługi online2008-06-22 18:33	7,680	----a-w	C:\WINDOWS\system32\ff_vfw.dll2008-06-20 17:48	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll2008-06-20 11:51	361,600	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 11:40	138,496	----a-w	C:\WINDOWS\system32\drivers\afd.sys2008-06-20 11:08	225,856	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys2008-05-09 10:56	90,112	----a-w	C:\WINDOWS\system32\wshext.dll2008-05-09 10:56	430,080	----a-w	C:\WINDOWS\system32\vbscript.dll2008-05-09 10:56	180,224	----a-w	C:\WINDOWS\system32\scrobj.dll2008-05-09 10:56	172,032	----a-w	C:\WINDOWS\system32\scrrun.dll2008-05-08 11:24	155,648	----a-w	C:\WINDOWS\system32\wscript.exe2008-05-07 09:07	135,168	----a-w	C:\WINDOWS\system32\cscript.exe2008-05-07 05:12	1,291,776	----a-w	C:\WINDOWS\system32\quartz.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 22:51 1695232]"s9201"="C:\Documents and Settings\All Users\Dane aplikacji\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" [2008-08-02 13:14 1231872][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-07-14 10:24 49152]"Domino"="C:\WINDOWS\Domino.exe" [2006-07-04 08:16 49152]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 19:52 196608]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]C:\Documents and Settings\P4_7.2008\Menu Start\Programy\Autostart\Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2006-12-16 05:15:24 2337360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="D:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]S3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]\Shell\AutoRun\command - E:\setup.exe.Contents of the 'Scheduled Tasks' folder2008-07-23 C:\WINDOWS\Tasks\Norton Security Scan.job- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08].- - - - ORPHANS REMOVED - - - -Toolbar-{063F86B1-1C09-4640-A4E7-4F8E074124AF} - C:\WINDOWS\fdkowvbp.dllNotify-WgaLogon - (no file).------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\P4_7.2008\Dane aplikacji\Mozilla\Firefox\Profiles\vfudyf7o.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://pl.youtube.com/FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-04 10:01:17Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\wpabaln.exe.**************************************************************************.Completion time: 2008-08-04 10:03:37 - machine was rebootedComboFix-quarantined-files.txt  2008-08-04 08:03:30Pre-Run: 17,570,603,008 bajtów wolnychPost-Run: 19,574,775,808 bajt˘w wolnych260	--- E O F ---	2008-07-31 15:54:49juz czysto ?? robie deform kompa

//logi wstawiamy w tagi code

//vocativus

Mateusz J.
komentarz
komentarz

C:\Documents and Settings\All Users\Dane aplikacji\Secure Solutions

Usuń folder ręcznie z dysku.

Start => Uruchom => wpisz: regedit => ok => przejdź do klucza:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Prawym przyciskiem myszy na wartość s9201 => usu =>ok

Czy problem z wirusem ustąpił?

Ku mojemu zaskoczeniu, wygląda na to, że CobmoFix usunął prawie całą infekcje samodzielnie.

Proszę jeszcze o loga z HijackThis.

thx mam taki komunikat

To nie jest komunikat, tylko log.

barteklord1
komentarz
komentarz

nie mam takiego folderu Dane aplikacji ;/ mam tylko tak w All Users mam Dokumenty udostepnione, Menu start, Pulpit, Ulubione !

Mam takiego loga z tego hijack

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:03, on 2008-08-04Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\ZSSnp211.exeC:\WINDOWS\Domino.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wpabaln.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exeO4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe--End of file - 4768 bytes

//logi wstawiamy w tagi code

//vocativus

Mateusz J.
komentarz
komentarz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

Fix po za tym ok.

Aby zobaczyć ten folder musisz w opcjach folderów włączyć pokaż ukryte pliki i foldery.

barteklord1
komentarz
komentarz

odnosnie tego secure solution mam to usunac ??

Mateusz J.
komentarz
komentarz

Tak cały ten folder.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.