Dziwny wirus


(Camilo1) #1

Ten alert wyświetla mi sie gdy tylko chce wejść na jakiś dysk np C albo D. Jak to usunąć? Some dangerous viruses detected in your system. MNicrosoft Windows XP files corrupted.This may lead to the destruction of important files in C:/WINDOWS. Download protection software now!

podaje log z hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:10:06, on 2008-11-01

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ULI5289\ALi5289.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\DrWeb\spiderui.exe

C:\Program Files\DrWeb\spiderml.exe

C:\Program Files\DrWeb\DRWEBSCD.EXE

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\PROGRA~1\DrWeb\spidernt.exe

C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\JetAudio\JetAudio.exe

C:\Program Files\DrWeb\Drwebupw.exe

C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Game.OS - {3A303EF6-2598-4D2D-B4DA-DEFA7CD0DC51} - C:\WINDOWS\system32\ifsndu.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O4 - HKLM..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM..\Run: [spIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent

O4 - HKLM..\Run: [spIDerMail] "C:\Program Files\DrWeb\spiderml.exe"

O4 - HKLM..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Wireless Connection Manager.lnk = ?

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll

O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ArcaBit.Core.Configurator - Unknown owner - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe (file missing)

O23 - Service: ArcaBit Update Service (AVUpdate) - Unknown owner - C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe


(Leon$) #2

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s ... ntry395642 ale nie włączaj.

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:


(Camilo1) #3

ComboFix 08-11-01.01 - Administrator 2008-11-01 21:20:08.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.115 [GMT 0:00]

Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

Użyto następujących komend :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt.txt

* Utworzono nowy punkt przywracania

FILE ::

C:\WINDOWS\system32\ifsndu.dll

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Administrator\Ulubione\Cheap Pharmacy Online.url

C:\Documents and Settings\Administrator\Ulubione\Search Online.url

C:\Documents and Settings\Administrator\Ulubione\VIP Casino.url

C:\WINDOWS\k.txt

C:\WINDOWS\system32\c.ico

C:\WINDOWS\system32\ifsndu.dll

C:\WINDOWS\system32\m.ico

C:\WINDOWS\system32\p.ico

C:\WINDOWS\system32\s.ico

.

((((((((((((((((((((((((( Pliki utworzone od 2008-10-01 do 2008-11-01 )))))))))))))))))))))))))))))))

.

2008-11-01 17:49 . 2008-11-01 21:11

2008-11-01 17:49 . 2008-11-01 17:52

2008-11-01 17:49 . 2008-11-01 20:20 77,824 --a----t- C:\WINDOWS\system32\DRWEBSP.DLL

2008-11-01 16:49 . 2008-11-01 16:49

2008-10-28 21:30 . 2008-10-28 21:30

2008-10-24 16:47 . 2008-10-15 16:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-15 21:22 . 2008-08-14 13:26 2,190,464 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 21:22 . 2008-08-14 13:26 2,146,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 21:22 . 2008-08-14 13:26 2,067,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 21:22 . 2008-08-14 13:26 2,025,472 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-15 21:22 . 2008-09-15 15:27 1,846,656 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 21:22 . 2008-09-08 10:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-11 19:48 . 2008-10-11 19:49

2008-10-04 20:43 . 2008-10-04 20:43

2008-10-04 20:43 . 2008-10-04 20:43

2008-10-04 20:43 . 2006-09-07 11:34 347,776 --a------ C:\WINDOWS\system32\drivers\rt73.sys

2008-10-04 20:43 . 2008-10-04 20:43 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-10-04 20:43 . 2005-11-30 09:33 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin

2008-10-04 20:42 . 2008-10-04 20:42

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-01 21:23 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype

2008-11-01 21:18 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Free Download Manager

2008-11-01 21:11 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-11-01 17:47 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\skypePM

2008-11-01 17:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-11-01 17:35 --------- d-----w C:\Program Files\ArcaBit

2008-10-29 20:42 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\XnView

2008-10-29 10:53 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Wildfire

2008-10-13 19:08 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nero

2008-09-22 20:17 --------- d-----w C:\Program Files\HDD Health

2008-09-22 19:55 --------- d-----w C:\Program Files\Online TV Player 4

2008-09-22 19:54 --------- d--h--w C:\Documents and Settings\All Users\Dane aplikacji\ActiveSMART

2008-09-22 14:30 --------- d-----w C:\Program Files\Winamp

2008-09-15 17:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2008-09-15 16:24 --------- d-----w C:\Program Files\Eurobarre

2008-09-15 16:15 --------- d-----w C:\Program Files\VS Revo Group

2008-09-15 16:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-09-13 17:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit

2008-09-10 18:23 --------- d-----w C:\Program Files\Sparkle

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-06 20:09 --------- d-----w C:\Program Files\FreeUndelete

2008-09-06 14:03 --------- d-----w C:\Program Files\Java

2008-09-06 14:01 --------- d-----w C:\Program Files\Nokia

2008-09-06 14:01 --------- d-----w C:\Program Files\BrainWave Generator

2008-09-06 13:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations

2008-09-05 17:06 --------- d-----w C:\Program Files\microsoft frontpage

2008-02-13 21:38 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-04-04 21:15 88 --sh--r C:\WINDOWS\system32\FE048DEEE3.sys

2008-04-04 21:15 4,182 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 21877544]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ALi5289"="C:\Program Files\ULI5289\ALi5289.exe" [2005-03-10 405504]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"SoundMan"="SOUNDMAN.EXE" [2004-12-22 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2008-10-04 19357696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

--a------ 2004-08-22 16:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-08-08 08:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

--a------ 2007-04-27 18:22 312848 C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"F:\eMule\emule.exe"=

"C:\Program Files\NAPI-PROJEKT\napisy.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"J:\emule.exe"=

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

"F:\emule.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"C:\Program Files\SopCast\SopCast.exe"=

"C:\Program Files\SopCast\adv\SopAdver.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-10-02 30808]

R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 51840]

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 45056]

S2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ArcaBit\ARCAUP~1\update.exe []

S3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe []

S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []

S3 ps_drv;ps_drv;C:\Documents and Settings\Administrator\ps_drv.sys []

.

Zawartość folderu 'Zaplanowane zadania'

2008-10-06 C:\WINDOWS\Tasks\JkDefrag.job

  • C:\WINDOWS\tasks\JkDefragTask.cmd [2008-05-15 15:15]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-01 21:23:07

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Czas ukończenia: 2008-11-01 21:26:43 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-11-01 21:26:39

Przed: 1 003 999 232 bajtów wolnych

Po: 1,010,429,952 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

164 --- E O F --- 2008-10-24 17:01:05


(Leon$) #4

Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum

kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport stronę uruchomić przez IE

:slight_smile:


(Camilo1) #5

mam maly problem poniewaz w avenger pojawia mi sie błąd : invalid script. a valid script must begin with a command directive. aborting execution!


(Leon$) #6

pomyliłem się teraz scrypt już poprawiony spróbuj ponownie

:slight_smile:


(Gutek) #7

I po tym zrób resztę skan Kasperskim, ale logi wklej wg zasady - Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052


(Camilo1) #8

Avenger Pre-Processor log

//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)

Sat Nov 01 21:46:50 2008

21:46:50: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)

Sat Nov 01 21:47:19 2008

21:47:19: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)

Sat Nov 01 21:48:55 2008

21:48:55: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)

Sat Nov 01 21:49:55 2008

21:49:55: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)

Sat Nov 01 21:51:56 2008

21:51:56: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)

Sat Nov 01 21:52:48 2008

21:52:48: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

Platform: Windows XP (build 2600, Dodatek Service Pack 3)

Sat Nov 01 21:54:57 2008

21:54:57: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Driver "AVUpdate" deleted successfully.

Driver "ArcaBit.Core.Configurator" deleted successfully.

Driver "NSNDIS5" deleted successfully.

Driver "ps_drv" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


(Gutek) #9

Miałes coś zrobić - skan http://www.kaspersky.pl/virusscanner.html


(Camilo1) #10

nie moglem wczesniej to wrzucam teraz raport ze skanowania kasperskim http://wklejto.pl/13825


(Gutek) #11

Bad.Copy.Pro.V3.65.0403.Incl.Keygen sam sobie na przyszłość odpowiedz dlaczego masz wirusy, znasz regulamin piratom nie pomagamy!

Usuń w trybie awaryjnym pliki - temat zamykam!