Mam wirusa prosze kogoś kto sie na tym zna o pomoc daję loga

Dla specjalistów Bezpieczeństwo
#1

Daję loga ponieważ podejrzewam że mam wirusa. Antywirus pokazuje że zablokował groźną operację coś takiego, ale niczym nie mogę tego usunąćjeślioś się zna na tych logach proszę o pomoc tu mam link do loga: http://wklejto.pl/7537

Bądź bezpośrednio niech ktoś to przeczyta:

ComboFix 08-08-07.01 - Pawo 2020-07-28 23:29:32.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.216 [GMT 2:00]

Running from: C:\Documents and Settings\Pawo\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

  • REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\autorun.ini

.

((((((((((((((((((((((((( Files Created from 2020-06-28 to 2020-07-28 )))))))))))))))))))))))))))))))

.

2020-07-28 23:21 . 2020-07-28 23:21

2020-07-28 23:21 . 2020-07-28 23:22

2020-07-28 23:21 . 2020-07-28 23:21 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2020-07-28 23:11 . 2020-07-28 23:11

2020-07-28 23:01 . 2020-07-28 23:01

2020-07-28 23:01 . 2020-07-28 23:02

2020-07-28 14:00 . 2020-07-28 14:00

2020-07-28 14:00 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

2020-07-28 09:07 . 2020-07-28 23:23 233,324 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2020-07-28 09:07 . 2020-07-28 17:57 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2020-07-28 09:02 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys

2020-07-28 09:02 . 2020-07-28 09:02 261 --a------ C:\WINDOWS\system32\PavCPL.dat

2020-07-28 09:00 . 2020-07-28 09:00

2020-07-28 08:58 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2020-07-28 08:58 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2020-07-27 19:45 . 2020-07-27 19:46 357,156 --a------ C:\WINDOWS\system32\27031_winhtb.exe

2020-07-27 19:45 . 2020-07-27 19:45 54 --a------ C:\WINDOWS\system32\x

2020-07-27 18:43 . 2020-07-27 19:12

2020-07-22 19:38 . 2020-07-28 18:42

2020-07-22 19:36 . 2020-07-22 19:36

2020-07-22 19:35 . 2020-07-22 19:35

2020-07-22 19:22 . 2020-07-22 19:22

2020-07-22 19:21 . 2020-07-22 19:21

2020-07-22 19:16 . 2020-07-22 19:16

2020-07-22 19:12 . 2020-07-28 18:06 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC

2020-07-22 19:03 . 2020-07-22 19:03

2020-07-22 19:03 . 2020-07-22 19:03

2020-07-22 18:55 . 2020-07-22 18:55

2020-07-22 18:55 . 2020-07-22 18:55

2020-07-22 18:47 . 2020-07-28 08:58

2020-07-22 14:37 . 2020-07-22 14:37

2020-07-22 14:28 . 2020-07-28 22:36

2020-07-22 14:27 . 2020-07-22 14:27

2020-07-22 14:27 . 2020-07-22 14:27 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2020-07-22 14:27 . 2020-07-22 14:27 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2020-07-22 11:02 . 2020-07-22 09:19 261 --a------ C:\WINDOWS\system32$winnt$.inf

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2020-07-28 21:23 233,324 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT

2020-07-28 15:57 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG

2020-07-28 11:55 --------- d-----w C:\Program Files\SubEdit-Player

2020-07-28 07:00 --------- d–h--w C:\Program Files\InstallShield Installation Information

2020-07-22 13:00 75,776 ----a-w C:\WINDOWS\system32\hqghumea.dll

2020-07-22 08:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2020-07-22 08:10 140,800 --sh–r C:\WINDOWS\Fonts\wmsncs.exe

2020-07-22 07:39 --------- d-----w C:\Program Files\foobar2000

2020-07-22 07:31 --------- d-----w C:\Program Files\ImgBurn

2020-07-22 07:31 --------- d-----w C:\Program Files\CCleaner

2020-07-22 07:29 --------- d-----w C:\Program Files\Common Files\Adobe

2020-07-22 07:29 --------- d-----w C:\Documents and Settings\Pawo\Dane aplikacji\InterTrust

2020-07-22 07:27 --------- d-----w C:\Program Files\VIA Technologies, INC

2020-07-22 07:26 --------- d-----w C:\Program Files\ASUSTeK

2020-07-22 07:24 --------- d-----w C:\Program Files\Common Files\InstallShield

2020-07-22 07:16 --------- d-----w C:\Program Files\microsoft frontpage

2020-07-22 07:14 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29 13312]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14 1077277]

“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” [2008-03-20 18:39 216520]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2005-03-30 04:48 5898240]

“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2005-03-30 04:48 86016]

“Soltek”=“C:\WINDOWS\System32\autorun.exe” [2001-10-29 16:00 61440]

“Wmsncs Service”=“C:\WINDOWS\Fonts\wmsncs.exe” [2020-07-22 10:10 140800]

“NvidMediaCenter”=“C:\Program Files\Common Files\System\wmsncs.exe” [2020-07-22 10:10 140800]

“Spool Driver Service”=“C:\WINDOWS\System32\spool\drivers\wmsncs.exe” [2020-07-22 10:10 140800]

“Wins Service”=“C:\WINDOWS\System32\wins\wmsncs.exe” [2020-07-22 10:10 140800]

“APVXDWIN”=“C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE” [2007-07-23 18:30 406832]

“SCANINICIO”=“C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe” [2007-07-11 15:17 27952]

“nwiz”=“nwiz.exe” [2005-03-30 04:48 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2001-10-26 19:29 13312]

“Wmsncs Service”=“C:\WINDOWS\Fonts\wmsncs.exe” [2020-07-22 10:10 140800]

“NvidMediaCenter”=“C:\Program Files\Common Files\System\wmsncs.exe” [2020-07-22 10:10 140800]

“Spool Driver Service”=“C:\WINDOWS\System32\spool\drivers\wmsncs.exe” [2020-07-22 10:10 140800]

“Wins Service”=“C:\WINDOWS\System32\wins\wmsncs.exe” [2020-07-22 10:10 140800]

C:\Documents and Settings\Pawo\Menu Start\Programy\Autostart\

hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2020-07-22 14:27:39 624416]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

wmsncs.exe [2020-07-22 10:10:11 140800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“Shell”=“explorer.exe “C:\WINDOWS\Fonts\wmsncs.exe””

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.ac3filter”= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“AntiVirusOverride”=dword:00000001

“FirewallOverride”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

“DisableNotifications”= 1 (0x1)

R0 pxark;pxark;C:\WINDOWS\System32\drivers\pxark.sys [2020-07-28 23:21]

R1 APPFLT;App Filter Plugin;C:\WINDOWS\System32\Drivers\APPFLT.SYS [2007-05-11 09:33]

R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\System32\Drivers\DSAFLT.SYS [2007-05-11 09:33]

R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\System32\Drivers\fnetmon.SYS [2007-05-11 09:33]

R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\System32\Drivers\IDSFLT.SYS [2007-07-11 11:39]

R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\System32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]

R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\System32\Drivers\SMSFLT.SYS [2007-05-11 09:33]

R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\System32\Drivers\WNMFLT.SYS [2007-05-11 09:33]

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\System32\Drivers\cpoint.sys [2007-06-08 08:44]

R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2020-07-28 23:21]

R2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;C:\WINDOWS\Fonts\wmsncs.exe [2020-07-22 10:10]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\System32\DRIVERS\PavProc.sys [2007-07-12 14:49]

R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys []

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\System32\DRIVERS\netimflt.sys [2007-04-24 15:43]

R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\System32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\System32\PavTPK.sys []

S2 Microsoft Windows TCP Protocol;Microsoft Windows TCP Protocol;C:\WINDOWS\System32\dllcache\wintcps.exe []

*Newly Created Service* - CATCHME

*Newly Created Service* - CSISCANNER

*Newly Created Service* - PSEXESVC

*Newly Created Service* - PXARK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{103L3C30-C3B3-4130-9363-E59E1375PERM}]

C:\WINDOWS\Fonts\wmsncs.exe

.

        • ORPHANS REMOVED - - - -

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)

HKCU-Run-Windows Services Aganter - RegKey.exe

HKLM-Run-Windows Services Aganter - RegKey.exe

HKLM-RunServices-Windows Services Aganter - RegKey.exe

HKU-Default-Run-Windows Services Aganter - RegKey.exe

HKU-Default-RunOnce-Windows Services Aganter - RegKey.exe

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Pawo\Dane aplikacji\Mozilla\Firefox\Profiles\x5heekwn.default\

FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2020-07-28 23:30:44

Windows 5.1.2600 NTFS

detected NTDLL code modification:

ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes …

C:\WINDOWS\Fonts\wmsncs.exe [204] 0x81221BC8

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2020-07-28 23:33:42

ComboFix-quarantined-files.txt 2020-07-28 21:33:33

Pre-Run: 32,090,255,360 bajtów wolnych

Post-Run: 32,345,276,416 bajtów wolnych

171

Nie znam się na tym wjęc proszę o pomoc :frowning:

#2

Wklej do Notatnika :

File::

C:\WINDOWS\system32\27031_winhtb.exe

C:\WINDOWS\system32\x

C:\WINDOWS\system32\hqghumea.dll

C:\WINDOWS\Fonts\wmsncs.exe

C:\Program Files\Common Files\System\wmsncs.exe

C:\WINDOWS\System32\spool\drivers\wmsncs.exe

C:\WINDOWS\System32\wins\wmsncs.exe

C:\WINDOWS\System32\dllcache\wintcps.exe 


Folder::

C:\Program Files\free-downloads.net


Driver::

Microsoft Windows TCP Protocol


Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Wmsncs Service"=-

"NvidMediaCenter"=-

"Spool Driver Service"=-

"Wins Service"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Wmsncs Service"=-

"NvidMediaCenter"=-

"Spool Driver Service"=-

"Wins Service"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Shell"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]

>>Plik>>Zapisz jako… >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

–>CFScript3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:** Qoobox.**

Potem:

Start Uruchom wybierz (lub wpisz) cmd zastosuj tę komendę (+ “ENTER”):

#3

żadnego pliku WMSNCS.EXE nie ma a antywirus nadal coś wykrywa i nie może tego usunąć

#4

Czyżby przecież np to

jest w twoim logu.

Daj log z usuwania Combofix to się przekonamy.

#5

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

#6

Proszę wjęc nadal o pomoc i dokładne wytłumaczenie co mam zrobić ![-o<

http://wklej.org/id/847e55f3cb

A tutaj ten cały log:

ComboFix 08-08-07.05 - Pawo 2020-07-29 13:01:22.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.178 [GMT 2:00]

Running from: C:\Documents and Settings\Pawo\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

  • REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((( Files Created from 2020-06-28 to 2020-07-29 )))))))))))))))))))))))))))))))

.

2020-07-29 00:02 . 2020-07-29 00:02

2020-07-29 00:02 . 2020-07-29 00:15

2020-07-29 00:01 . 2020-07-29 00:01

2020-07-28 23:50 . 2020-07-28 23:50

2020-07-28 23:50 . 2020-07-28 23:50

2020-07-28 23:50 . 2020-07-28 23:50

2020-07-28 23:50 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2020-07-28 23:50 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2020-07-28 23:21 . 2020-07-28 23:21

2020-07-28 23:21 . 2020-07-29 08:44

2020-07-28 23:21 . 2020-07-28 23:21 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2020-07-28 23:11 . 2020-07-28 23:11

2020-07-28 23:01 . 2020-07-28 23:01

2020-07-28 23:01 . 2020-07-28 23:02

2020-07-28 14:00 . 2020-07-28 14:00

2020-07-28 14:00 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

2020-07-28 09:07 . 2020-07-29 12:58 244,184 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2020-07-28 09:07 . 2020-07-29 12:38 1,244 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2020-07-28 09:02 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys

2020-07-28 09:02 . 2020-07-28 09:02 261 --a------ C:\WINDOWS\system32\PavCPL.dat

2020-07-28 09:00 . 2020-07-28 09:00

2020-07-28 08:58 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2020-07-28 08:58 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2020-07-27 18:43 . 2020-07-27 19:12

2020-07-22 19:38 . 2020-07-28 18:42

2020-07-22 19:36 . 2020-07-22 19:36

2020-07-22 19:35 . 2020-07-22 19:35

2020-07-22 19:21 . 2020-07-22 19:21

2020-07-22 19:16 . 2020-07-22 19:16

2020-07-22 19:12 . 2020-07-28 18:06 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC

2020-07-22 19:03 . 2020-07-22 19:03

2020-07-22 19:03 . 2020-07-22 19:03

2020-07-22 18:55 . 2020-07-22 18:55

2020-07-22 18:55 . 2020-07-22 18:55

2020-07-22 18:47 . 2020-07-28 08:58

2020-07-22 14:37 . 2020-07-22 14:37

2020-07-22 14:28 . 2020-07-29 12:38

2020-07-22 14:27 . 2020-07-22 14:27

2020-07-22 14:27 . 2020-07-22 14:27 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2020-07-22 14:27 . 2020-07-22 14:27 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2020-07-22 11:02 . 2020-07-22 09:19 261 --a------ C:\WINDOWS\system32$winnt$.inf

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2020-07-29 10:58 244,184 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT

2020-07-29 10:38 1,244 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG

2020-07-28 11:55 --------- d-----w C:\Program Files\SubEdit-Player

2020-07-28 07:00 --------- d–h--w C:\Program Files\InstallShield Installation Information

2020-07-22 08:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2020-07-22 08:10 140,800 --sh–r C:\WINDOWS\Fonts\wmsncs.exe

2020-07-22 07:39 --------- d-----w C:\Program Files\foobar2000

2020-07-22 07:31 --------- d-----w C:\Program Files\ImgBurn

2020-07-22 07:31 --------- d-----w C:\Program Files\CCleaner

2020-07-22 07:29 --------- d-----w C:\Program Files\Common Files\Adobe

2020-07-22 07:29 --------- d-----w C:\Documents and Settings\Pawo\Dane aplikacji\InterTrust

2020-07-22 07:27 --------- d-----w C:\Program Files\VIA Technologies, INC

2020-07-22 07:26 --------- d-----w C:\Program Files\ASUSTeK

2020-07-22 07:24 --------- d-----w C:\Program Files\Common Files\InstallShield

2020-07-22 07:16 --------- d-----w C:\Program Files\microsoft frontpage

2020-07-22 07:14 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29 13312]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14 1077277]

“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” [2008-03-20 18:39 216520]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Wmsncs Service”=“C:\WINDOWS\Fonts\wmsncs.exe” [2020-07-22 10:10 140800]

“NvidMediaCenter”=“C:\Program Files\Common Files\System\wmsncs.exe” [2020-07-22 10:10 140800]

“Spool Driver Service”=“C:\WINDOWS\System32\spool\drivers\wmsncs.exe” [2020-07-22 10:10 140800]

“Wins Service”=“C:\WINDOWS\System32\wins\wmsncs.exe” [2020-07-22 10:10 140800]

“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2005-03-30 04:48 5898240]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2001-10-26 19:29 13312]

“Wmsncs Service”=“C:\WINDOWS\Fonts\wmsncs.exe” [2020-07-22 10:10 140800]

“NvidMediaCenter”=“C:\Program Files\Common Files\System\wmsncs.exe” [2020-07-22 10:10 140800]

“Spool Driver Service”=“C:\WINDOWS\System32\spool\drivers\wmsncs.exe” [2020-07-22 10:10 140800]

“Wins Service”=“C:\WINDOWS\System32\wins\wmsncs.exe” [2020-07-22 10:10 140800]

C:\Documents and Settings\Pawo\Menu Start\Programy\Autostart\

hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2020-07-22 14:27:39 624416]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

wmsncs.exe [2020-07-22 10:10:11 140800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“Shell”=“explorer.exe “C:\WINDOWS\Fonts\wmsncs.exe””

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.ac3filter”= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“AntiVirusOverride”=dword:00000001

“FirewallOverride”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

“DisableNotifications”= 1 (0x1)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“wmsncs.exe”= wmsncs.exe:SYSTEM

R0 pxark;pxark;C:\WINDOWS\System32\drivers\pxark.sys [2020-07-28 23:21]

R1 APPFLT;App Filter Plugin;C:\WINDOWS\System32\Drivers\APPFLT.SYS [2007-05-11 09:33]

R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\System32\Drivers\DSAFLT.SYS [2007-05-11 09:33]

R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\System32\Drivers\fnetmon.SYS [2007-05-11 09:33]

R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\System32\Drivers\IDSFLT.SYS [2007-07-11 11:39]

R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\System32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]

R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\System32\Drivers\SMSFLT.SYS [2007-05-11 09:33]

R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\System32\Drivers\WNMFLT.SYS [2007-05-11 09:33]

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\System32\Drivers\cpoint.sys [2007-06-08 08:44]

R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2020-07-28 23:21]

R2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;C:\WINDOWS\Fonts\wmsncs.exe [2020-07-22 10:10]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\System32\DRIVERS\PavProc.sys [2007-07-12 14:49]

R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys []

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\System32\DRIVERS\netimflt.sys [2007-04-24 15:43]

R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\System32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\System32\PavTPK.sys []

S2 Microsoft Windows TCP Protocol;Microsoft Windows TCP Protocol;C:\WINDOWS\System32\dllcache\wintcps.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{103L3C30-C3B3-4130-9363-E59E1375PERM}]

C:\WINDOWS\Fonts\wmsncs.exe

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Pawo\Dane aplikacji\Mozilla\Firefox\Profiles\x5heekwn.default\

FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2020-07-29 13:02:13

Windows 5.1.2600 NTFS

detected NTDLL code modification:

ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes …

C:\WINDOWS\Fonts\wmsncs.exe [2300] 0x813B85B8

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2020-07-29 13:05:44

ComboFix-quarantined-files.txt 2020-07-29 11:05:29

ComboFix2.txt 2020-07-28 21:33:48

Pre-Run: 32,239,583,232 bajtów wolnych

Post-Run: 32,232,718,336 bajtów wolnych

160

Z góry dzięki!

#7

Nic się nie usunęło.Masz chyba ograniczonego ComboFixa.

Pobierz The Avenger

Wklej do niego ten tekst:

Files to delete:

C:\WINDOWS\system32\27031_winhtb.exe

C:\WINDOWS\system32\x

C:\WINDOWS\system32\hqghumea.dll

C:\WINDOWS\Fonts\wmsncs.exe

C:\Program Files\Common Files\System\wmsncs.exe

C:\WINDOWS\System32\spool\drivers\wmsncs.exe

C:\WINDOWS\System32\wins\wmsncs.exe

C:\WINDOWS\System32\dllcache\wintcps.exe 


Folders to delete:

C:\Program Files\free-downloads.net


Drivers to delete:

Microsoft Windows TCP Protocol

Kopiujesz - klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK. Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt 2) Wklej do notatnika taki tekst:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Wmsncs Service"=-

"NvidMediaCenter"=-

"Spool Driver Service"=-

"Wins Service"=-


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Wmsncs Service"=-

"NvidMediaCenter"=-

"Spool Driver Service"=-

"Wins Service"=-


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Shell"=-


[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: “Wszystkie pliki” >>> Zapisz jako FIX.REG** >>>**

plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).

Zrestartuj komputer.

Potem nowy log z ComboFixa, normalny. :wink:

#8

Ok już antywirus nie wykrywa wirusa i chyba jest wszystko ok jak bym mógł się jakoś odwdzięczyć to napisz jak!

#9

Daj log z ComboFixa,i Avengera,to nie koniec!

#10

Poczekaj chwilkę

#11

Daję log z ComboFixa:

ComboFix 08-08-07.05 - Pawo 2020-07-29 14:20:39.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.167 [GMT 2:00]

Running from: C:\Documents and Settings\Pawo\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

  • REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((( Files Created from 2020-06-28 to 2020-07-29 )))))))))))))))))))))))))))))))

.

2020-07-29 00:02 . 2020-07-29 00:02

2020-07-29 00:02 . 2020-07-29 00:15

2020-07-29 00:01 . 2020-07-29 00:01

2020-07-28 23:50 . 2020-07-28 23:50

2020-07-28 23:50 . 2020-07-28 23:50

2020-07-28 23:50 . 2020-07-28 23:50

2020-07-28 23:50 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2020-07-28 23:50 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2020-07-28 23:21 . 2020-07-28 23:21

2020-07-28 23:21 . 2020-07-29 08:44

2020-07-28 23:21 . 2020-07-28 23:21 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2020-07-28 23:11 . 2020-07-28 23:11

2020-07-28 23:01 . 2020-07-28 23:01

2020-07-28 23:01 . 2020-07-28 23:02

2020-07-28 14:00 . 2020-07-28 14:00

2020-07-28 14:00 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

2020-07-28 09:07 . 2020-07-29 14:19 242,012 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2020-07-28 09:07 . 2020-07-29 13:37 1,244 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2020-07-28 09:02 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys

2020-07-28 09:02 . 2020-07-28 09:02 261 --a------ C:\WINDOWS\system32\PavCPL.dat

2020-07-28 09:00 . 2020-07-28 09:00

2020-07-28 08:58 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2020-07-28 08:58 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2020-07-27 18:43 . 2020-07-27 19:12

2020-07-22 19:38 . 2020-07-28 18:42

2020-07-22 19:36 . 2020-07-22 19:36

2020-07-22 19:35 . 2020-07-22 19:35

2020-07-22 19:21 . 2020-07-22 19:21

2020-07-22 19:16 . 2020-07-22 19:16

2020-07-22 19:12 . 2020-07-28 18:06 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC

2020-07-22 19:03 . 2020-07-22 19:03

2020-07-22 19:03 . 2020-07-22 19:03

2020-07-22 18:55 . 2020-07-22 18:55

2020-07-22 18:55 . 2020-07-22 18:55

2020-07-22 18:47 . 2020-07-28 08:58

2020-07-22 14:37 . 2020-07-22 14:37

2020-07-22 14:28 . 2020-07-29 13:36

2020-07-22 14:27 . 2020-07-22 14:27

2020-07-22 14:27 . 2020-07-22 14:27 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2020-07-22 14:27 . 2020-07-22 14:27 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2020-07-22 11:02 . 2020-07-22 09:19 261 --a------ C:\WINDOWS\system32$winnt$.inf

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2020-07-29 12:19 242,012 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT

2020-07-29 11:37 1,244 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG

2020-07-28 11:55 --------- d-----w C:\Program Files\SubEdit-Player

2020-07-28 07:00 --------- d–h--w C:\Program Files\InstallShield Installation Information

2020-07-22 08:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2020-07-22 07:39 --------- d-----w C:\Program Files\foobar2000

2020-07-22 07:31 --------- d-----w C:\Program Files\ImgBurn

2020-07-22 07:31 --------- d-----w C:\Program Files\CCleaner

2020-07-22 07:29 --------- d-----w C:\Program Files\Common Files\Adobe

2020-07-22 07:29 --------- d-----w C:\Documents and Settings\Pawo\Dane aplikacji\InterTrust

2020-07-22 07:27 --------- d-----w C:\Program Files\VIA Technologies, INC

2020-07-22 07:26 --------- d-----w C:\Program Files\ASUSTeK

2020-07-22 07:24 --------- d-----w C:\Program Files\Common Files\InstallShield

2020-07-22 07:16 --------- d-----w C:\Program Files\microsoft frontpage

2020-07-22 07:14 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29 13312]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14 1077277]

“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” [2008-03-20 18:39 216520]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2005-03-30 04:48 5898240]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2001-10-26 19:29 13312]

C:\Documents and Settings\Pawo\Menu Start\Programy\Autostart\

hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2020-07-22 14:27:39 624416]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

wmsncs.exe [2020-07-22 10:10:11 140800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“Shell”=“explorer.exe “C:\WINDOWS\Fonts\wmsncs.exe””

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.ac3filter”= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“AntiVirusOverride”=dword:00000001

“FirewallOverride”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

“DisableNotifications”= 1 (0x1)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“wmsncs.exe”= wmsncs.exe:SYSTEM

R0 pxark;pxark;C:\WINDOWS\System32\drivers\pxark.sys [2020-07-28 23:21]

R1 APPFLT;App Filter Plugin;C:\WINDOWS\System32\Drivers\APPFLT.SYS [2007-05-11 09:33]

R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\System32\Drivers\DSAFLT.SYS [2007-05-11 09:33]

R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\System32\Drivers\fnetmon.SYS [2007-05-11 09:33]

R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\System32\Drivers\IDSFLT.SYS [2007-07-11 11:39]

R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\System32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]

R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\System32\Drivers\SMSFLT.SYS [2007-05-11 09:33]

R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\System32\Drivers\WNMFLT.SYS [2007-05-11 09:33]

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\System32\Drivers\cpoint.sys [2007-06-08 08:44]

R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2020-07-28 23:21]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\System32\DRIVERS\PavProc.sys [2007-07-12 14:49]

R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys []

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\System32\DRIVERS\netimflt.sys [2007-04-24 15:43]

R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\System32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\System32\PavTPK.sys []

S2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;C:\WINDOWS\Fonts\wmsncs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{103L3C30-C3B3-4130-9363-E59E1375PERM}]

C:\WINDOWS\Fonts\wmsncs.exe

.

        • ORPHANS REMOVED - - - -

HKLM-Run-Wmsncs Service - C:\WINDOWS\Fonts\wmsncs.exe

HKLM-Run-NvidMediaCenter - C:\Program Files\Common Files\System\wmsncs.exe

HKLM-Run-Spool Driver Service - C:\WINDOWS\System32\spool\drivers\wmsncs.exe

HKLM-Run-Wins Service - C:\WINDOWS\System32\wins\wmsncs.exe

HKU-Default-Run-Wmsncs Service - C:\WINDOWS\Fonts\wmsncs.exe

HKU-Default-Run-NvidMediaCenter - C:\Program Files\Common Files\System\wmsncs.exe

HKU-Default-Run-Spool Driver Service - C:\WINDOWS\System32\spool\drivers\wmsncs.exe

HKU-Default-Run-Wins Service - C:\WINDOWS\System32\wins\wmsncs.exe

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Pawo\Dane aplikacji\Mozilla\Firefox\Profiles\x5heekwn.default\

FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2020-07-29 14:21:31

Windows 5.1.2600 NTFS

detected NTDLL code modification:

ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2020-07-29 14:24:19

ComboFix-quarantined-files.txt 2020-07-29 12:24:06

Pre-Run: 32,233,095,168 bajtów wolnych

Post-Run: 32,226,881,536 bajtów wolnych

156

A zaraz dam avangera

#12

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file “C:\WINDOWS\system32\27031_winhtb.exe” not found!

Deletion of file “C:\WINDOWS\system32\27031_winhtb.exe” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Error: file “C:\WINDOWS\system32\x” not found!

Deletion of file “C:\WINDOWS\system32\x” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Error: file “C:\WINDOWS\system32\hqghumea.dll” not found!

Deletion of file “C:\WINDOWS\system32\hqghumea.dll” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Error: file “C:\WINDOWS\Fonts\wmsncs.exe” not found!

Deletion of file “C:\WINDOWS\Fonts\wmsncs.exe” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Error: file “C:\Program Files\Common Files\System\wmsncs.exe” not found!

Deletion of file “C:\Program Files\Common Files\System\wmsncs.exe” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Error: file “C:\WINDOWS\System32\spool\drivers\wmsncs.exe” not found!

Deletion of file “C:\WINDOWS\System32\spool\drivers\wmsncs.exe” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Error: file “C:\WINDOWS\System32\wins\wmsncs.exe” not found!

Deletion of file “C:\WINDOWS\System32\wins\wmsncs.exe” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Error: file “C:\WINDOWS\System32\dllcache\wintcps.exe” not found!

Deletion of file “C:\WINDOWS\System32\dllcache\wintcps.exe” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Error: folder “C:\Program Files\free-downloads.net” not found!

Deletion of folder “C:\Program Files\free-downloads.net” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Error: registry key “\Registry\Machine\System\CurrentControlSet\Services\Microsoft Windows TCP Protocol” not found!

Deletion of driver “Microsoft Windows TCP Protocol” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Coś jeszcze mam zrobić?

#13

dałem przed chwilą nad logiem z avangera

#14

>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd>>Wpisz w Cmd to:

I naciśnij enter.

Wklej do notatnika taki tekst:

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: “Wszystkie pliki” >>> Zapisz jako FIX.REG** >>>**

plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).

Zrestartuj komputer.

Usuń ręcznie folder C:** Qoobox**,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!.

#15

OK

#16

wjęc co mam teraz zrobić tak ma być? Czy coś źle zrobiłem?

#17

Zrób to samo tylko tak: