Kaspersky-melduje zagrozenie,jak usuwam to nastepuja zmiany

Czesc, prosze o pomoc program antywirusowy Kaspersky melduje o 7 niebezpiecznych obiektach typu kon …jak to usunelam Kasperskym,to nagle zginal mi pasek narzedzi,komputer wylaczyl sie ,pozmienialy sie kolory i inne rozne cuda.Z kopii zapasowej w programie anty-wirusowym cofnelam zmiany ale ,program teraz znow melduje o zagrozeniu typu kon.

Prosze o pomoc , poniewaz jestem niemloda kobieta to b.prosze o dokladne wskazowki np.wejdz Start- uruchom -wpisz -itd - itd.Za wyrozumialosc z gory dziekuje. Zalaczam log z HijakThis:

Logfile of HijackThis v1.99.1

Scan saved at 17:36:45, on 2006-11-01

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: MSN Suche Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll

O4 - HKLM…\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Kaspersky Anti-Virus GUI Part] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe

O4 - Startup: Windows-Desktopsuche.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Suche - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll/search.htm

O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/229?6aad9f424d1b41d2a6657634c37c22d

O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/230?6aad9f424d1b41d2a6657634c37c22d

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de

O15 - Trusted Zone: http://mks.com.pl

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms … b31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/res … nPUpld.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc … oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe … loader.cab

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/act … Atchmt.ocx

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)

O20 - AppInit_DLLs: PAVWAIT.DLL

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Usuń Hijackiem te wpisy:

Podaj ścieżkę zainfekowanego pliku :slight_smile:

Zrób skan EWIDO po update :slight_smile:

Przeskanuj komputer programami Ad-aware SE Personal 1.06 oraz Spybot Search & Destroy 1.4

Obydwoma tj.Ad-aware SE i Spybot Search & Destory skanowalam i nic nie wykazuje.Natomiast Kaspersky pisze:

1.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W…

2.C:\WINDOWS\SYSTEM32\SVCHOST.EXE

  1. svchost.exe\svchost.exe

4.C:\WINDOWS\system32\svchost.exe

5.C:\WINDOWS system32\dllcache\svchost.exe

  1. C:\system Volume Information_resorte[D273C3B5-268D-45D1-9533-E182398BFFAE]\RP20\A0043707.exe