Pliki z trojanami


(Kaza114) #1

Wyslalem loga do sprawdzenia na wklejto.pl,i mam problem bo nie wiem jak usunac zarazone pliki

"-//W3C//DTD XHTML 1.0 Strict//EN\" \"[http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd](http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd%5C)">http://www.w3.org/1999/xhtml\" dir=\"ltr\" lang=\"pl\" xml:lang=\"pl\">

prosze o pomoc jakim programem je usunac.


(Enter6000) #2

Tu programy: viewtopic.php?f=16&t=36654

m.in. HijackThis.

A podaj linka do loga, jeśli piszesz, że wysłałeś...


(Kaza114) #3

link

http://wklejto.pl/index.php?d=szukaj

W dniu 29.06.2008 , o godzinie 23:50 został dopisany post przez kaza114

pod nikim kaza114

W dniu 30.06.2008 , o godzinie 0:01 został dopisany post przez kaza114

link

http://wklejto.pl/4370


(huber2t) #4

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\Users\William\AppData\Local\Temp\qoMgghGa.dll

C:\Users\William\AppData\Local\Temp\opnkjGVn.dll

C:\Users\William\AppData\Local\Temp\eymfgaln.dll

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link


(Kaza114) #5

wszystko zrobione tak jak mowiles

link:

http://wklejto.pl/4425


(huber2t) #6

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

Folder::

C:\Windows\AppPatch


Regiatry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AT-Watch"=-

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link


(Kaza114) #7

Ok,zrobione

http://wklejto.pl/4491


(huber2t) #8

powtórz moją wcześnijesza wskazówkę


(Kaza114) #9

Ok,powtorzone

http://wklejto.pl/4498

W dniu 30.06.2008 , o godzinie 21:33 został dopisany post przez kaza114

a zobacz ten log

http://wklejto.pl/4510


(Leon$) #10

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

:slight_smile:


(Kaza114) #11

raport

AntiVir PersonalEdition Classic

Report file date: 2008-06-30 22:02

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows Vista

Windows version: (plain) [6.0.6000]

Username: SYSTEM

Computer name: WILLIAM-PC

Version information:

BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 2007-09-13 14:26:55

ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 2007-09-13 14:27:04

ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 2007-09-13 14:27:13

AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 2007-09-17 17:43:56

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: 2008-06-30 22:02

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned

Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'VSSVC.exe' - '1' Module(s) have been scanned

Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned

Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'XAudio.exe' - '1' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'stacsv.exe' - '1' Module(s) have been scanned

Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned

Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned

Scan process 'dpupdchk.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'quickset.exe' - '1' Module(s) have been scanned

Scan process 'DLG.exe' - '1' Module(s) have been scanned

Scan process 'BTTray.exe' - '1' Module(s) have been scanned

Scan process 'emule.exe' - '1' Module(s) have been scanned

Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned

Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'ashDisp.exe' - '1' Module(s) have been scanned

Scan process 'ipoint.exe' - '1' Module(s) have been scanned

Scan process 'PCMService.exe' - '1' Module(s) have been scanned

Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned

Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned

Scan process 'issch.exe' - '1' Module(s) have been scanned

Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned

Scan process 'sttray.exe' - '1' Module(s) have been scanned

Scan process 'wmdc.exe' - '1' Module(s) have been scanned

Scan process 'igfxpers.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'dwm.exe' - '1' Module(s) have been scanned

Scan process 'ashServ.exe' - '1' Module(s) have been scanned

Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned

Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned

Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SLsvc.exe' - '1' Module(s) have been scanned

Scan process 'audiodg.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

69 processes with 69 modules were scanned

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '18' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\'

End of the scan: 2008-06-30 22:28

Used time: 25:58 min

The scan has been done completely.

14053 Scanning directories

143536 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

143536 Files not concerned

888 Archives were scanned

2 Warnings

22 Notes


(huber2t) #12

Przeskanuj tym:

Dr.WEB CureIt!


(Kaza114) #13

niestety ale nie moge przeskanowac kampa tym programem bo gdy go uruchomilem to po chwili skanowania windows explorer zatrzymal sie i restart,tak jak bylo wczesniej,nawet nie moge przywrocic systemu,co sie dzieje pomocy.


(Leon$) #14

Pobierz System Repair Engineer

http://www.cybertrash.pl/images/tata/Sy ... ineer.html

przeskanuj daj log

:slight_smile:


(Kaza114) #15

tej strony nie ma


(Leon$) #16

poprawiłem


(Kaza114) #17

nic nie moge zrobic bo co pare sekund windows explorer sie restartuje

W dniu 03.07.2008 , o godzinie 1:09 został dopisany post przez kaza114

nic nie moge zrobic bo co pare sekund windows explorer sie restartuje


(Gutek) #18

W trybie awaryjnym spróbuj


(Kaza114) #19

chyba nic z tego nie bedzie bo ten program do naprawy systemu otwiera mi sie w adobe raider i sa tam same informacje,chyba ze cos przeoczylem,albo nie wim jak go uruchomic,normalnie to bym kompa naprawil z plyty ale cos jest nie tak z napendem bo nie moge otwozyc zadnej plyty.

W dniu 04.07.2008 , o godzinie 23:22 został dopisany post przez kaza114

widze ze dla mojego problemu nie ma rozwiazania no trudno bede musial kompa zaniesc do serwisu

ps.dziekuje wszystkim za pomoc.