Problem proszę o sprawdzenie logów wirus!

Otóż mam problem od jakiegoś czasu restartuje mi się komp.Gdy robiłem log combofixem wszystko według instrukcji po chwili wyskoczyl niebieski ekran przepisalem co tam pisalo:

Informacje techniczne:

Stop:0x00000050 (0xFF382000,0x00000001,0xF8F5ACC1,0x00000000

catchme.sys Adres F8F5ACC1 base at F8F57000, Datestamp 48214d31

Prosze o pomoc!

P.S Po restarcie nie bylo CFScript

Jakiego CFScipta?Raport znajduję się w C:\ComboFix.txt.

Aaa bo ja sie pomylilem z innym tematem

ComboFix 08-08-03.05 - xxx 2008-08-04 15:57:07.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.346 [GMT 2:00]

Running from: C:\Documents and Settings\xxx\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

dalej nic niema bo potem wlacza sie niebieski ekran i pisalo to co u gory napisalem :frowning:

.

Co to ma być? :lol:

mowie komp wyswietla niebieski ekran bsod i tam pisze to catchme.sys … tym razem atapi.sys ;/ niewiem co sie dzieje :frowning: prosze help

Daj log z DSS,temat przyklejony w dziale “Bezpieczeństwo i logi HijackThos”.

oto log

Deckard’s System Scanner v20071014.68

Run by xxx on 2008-08-04 16:21:09

Computer is in Normal Mode.


– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –

35: 2008-08-04 14:21:18 UTC - RP120 - Deckard’s System Scanner Restore Point

34: 2008-08-04 13:56:43 UTC - RP119 - ComboFix created restore point

33: 2008-08-04 13:30:56 UTC - RP118 - ComboFix created restore point

32: 2008-08-04 13:12:24 UTC - RP117 - Installed Debugging Tools for Windows (x86)

31: 2008-08-03 19:46:42 UTC - RP116 - Usunięty Kaspersky Anti-Virus 2009.

– First Restore Point –

1: 2008-06-24 15:14:03 UTC - RP86 - Removed 2moons

Backed up registry hives.

Performed disk cleanup.

– HijackThis (run as xxx.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:24, on 2008-08-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\VMSnap23.exe

C:\WINDOWS\Domino.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\program files\steam\steam.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\xxx\Pulpit\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\xxx.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/cccwelcome/drivers.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 222.111.150.111 gwgt1.joymax.com

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [bigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe

O4 - HKLM…\Run: [bigDogPath323Domino] C:\WINDOWS\Domino.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe

O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM…\Run: [PCTAVApp] “C:\Program Files\PC Tools AntiVirus\PCTAV.exe” /MONITORSCAN

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [steam] “c:\program files\steam\steam.exe” -silent

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {E39FEDC3-8B80-428F-A2DE-6A09D67704EF} - http://www.clixies.com/plugin/Clixies.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

End of file - 6488 bytes

– File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys

R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys

R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys

R3 ddsxeiservice (ddsxeiservice2) - c:\program files\sxe injected\ddsxei.sys

R3 RadProbe (Radeon Probe Driver) - c:\windows\system32\drivers\radprobe.sys

R3 vmfilter323 (323 filter service, Normal) - c:\windows\system32\drivers\vmfilter323.sys

R3 ZSMC326 (Vimicro USB2.0 PC Camera(VC0323)) - c:\windows\system32\drivers\usbvm323.sys

S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys

S3 XDva032 - c:\windows\system32\xdva032.sys (file missing)

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe

S2 AutoExNT - c:\windows\system32\autoexnt.exe

S2 RadClock - c:\windows\system32\radclock.exe

– Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

– Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 16:24:02 0 d-------- C:\Program Files\Trend Micro

2008-08-04 15:30:16 68096 --a------ C:\WINDOWS\zip.exe

2008-08-04 15:30:16 49152 --a------ C:\WINDOWS\VFind.exe

2008-08-04 15:30:16 212480 --a------ C:\WINDOWS\swxcacls.exe

2008-08-04 15:30:16 136704 --a------ C:\WINDOWS\swsc.exe

2008-08-04 15:30:16 161792 --a------ C:\WINDOWS\swreg.exe

2008-08-04 15:30:16 98816 --a------ C:\WINDOWS\sed.exe

2008-08-04 15:30:16 80412 --a------ C:\WINDOWS\grep.exe

2008-08-04 15:30:16 89504 --a------ C:\WINDOWS\fdsv.exe

2008-08-04 15:12:33 0 d-------- C:\Program Files\Debugging Tools for Windows (x86)

2008-08-03 22:05:02 0 d-------- C:\Program Files\Common Files\PC Tools

2008-08-03 22:04:43 0 d-------- C:\Program Files\PC Tools AntiVirus

2008-08-03 19:36:54 0 d-------- C:\Program Files\Panda Security

2008-08-03 18:59:01 0 d-------- C:\WINDOWS\Downloaded Installations

2008-08-03 18:39:15 0 d-------- C:\Program Files\Tibia

2008-08-02 14:44:43 0 d-------- C:\Program Files\Games-Masters.com

2008-07-31 20:19:57 0 d-------- C:\Program Files\Lavasoft

2008-07-29 20:23:10 0 d-------- C:\Program Files\EuroKiddies

2008-07-29 18:39:25 0 d-------- C:\Program Files\MoneyCashBAR

2008-07-29 15:42:01 15872 -----n— C:\WINDOWS\system32\winskfr.dll

2008-07-29 15:42:01 0 d-------- C:\Program Files\Eurobarre

2008-07-29 15:42:00 119568 -----n— C:\WINDOWS\system32\vb6fr.dll

2008-07-27 12:23:32 516096 -----n— C:\WINDOWS\system32\ati2sgag.exe

2008-07-26 15:02:36 0 d-------- C:\Program Files\Lavalys

2008-07-24 21:17:02 0 d-------- C:\omegaa

2008-07-23 10:21:33 0 d-------- C:\Program Files\Silkroad

2008-07-19 16:13:59 0 d–h----- C:\WINDOWS\msdownld.tmp

2008-07-19 16:13:51 0 d-------- C:\WINDOWS\Logs

2008-07-19 12:28:25 0 d-------- C:\Program Files\directx

2008-07-12 13:17:18 0 d-------- C:\Program Files\HLTooLz

2008-07-12 13:17:09 73216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-07-12 12:58:02 0 d-------- C:\Program Files\Nowe Gadu-Gadu

2008-07-10 16:50:17 0 d-------- C:\Program Files\Steam

2008-07-04 20:08:34 0 d-------- C:\Fraps

2008-07-04 19:19:21 0 d-------- C:\WINDOWS\RegisteredPackages

2008-07-04 19:18:13 0 d-------- C:\Program Files\Game Cam

– Find3M Report ---------------------------------------------------------------

2008-08-04 16:15:45 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Hamachi

2008-08-04 15:59:42 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Skype

2008-08-04 12:14:43 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\skypePM

2008-08-04 12:13:32 0 d-------- C:\Program Files\sXe Injected

2008-08-03 22:06:18 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\PC Tools

2008-08-03 22:05:02 0 d-------- C:\Program Files\Common Files

2008-08-03 18:40:17 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Tibia

2008-08-03 18:39:44 0 d-------- C:\Program Files\Asprate

2008-07-31 20:15:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-07-31 14:48:46 0 d-------- C:\Program Files\eMule

2008-07-27 12:21:41 0 d-------- C:\Program Files\MultiRes

2008-07-27 12:21:00 0 d-------- C:\Program Files\Radeon Omega Drivers

2008-07-27 12:20:37 737280 --a------ C:\WINDOWS\iun6002.exe

2008-07-24 21:01:00 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\ATI

2008-07-21 14:52:40 0 d-------- C:\Program Files\Metin2_PL

2008-07-19 16:15:42 0 d-------- C:\Program Files\Valve

2008-07-19 12:25:26 448348 --a------ C:\WINDOWS\system32\perfh015.dat

2008-07-19 12:25:26 74450 --a------ C:\WINDOWS\system32\perfc015.dat

2008-07-19 12:12:50 0 d-------- C:\Program Files\Java

2008-07-12 12:59:43 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Nowe Gadu-Gadu

2008-07-05 21:42:00 0 d-------- C:\Program Files\SwiftKit

2008-07-04 21:01:36 0 d–h----- C:\Program Files\InstallShield Installation Information

2008-07-03 16:39:27 0 d-------- C:\Program Files\Game Cam V2

2008-07-01 18:51:03 0 d-------- C:\Program Files\Common Files\InstallShield

2008-07-01 12:36:44 0 d-------- C:\Program Files\cs cz

2008-06-29 16:51:13 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\WoDBO

2008-06-28 20:31:46 0 d-------- C:\Program Files\TC PowerPack

2008-06-28 15:38:28 0 d-------- C:\Program Files\No-IP

2008-06-25 12:17:06 0 d-------- C:\Program Files\Wolfenstein - Enemy Territory

2008-06-24 17:15:02 0 d-------- C:\Program Files\ivo

2008-06-24 14:35:04 0 d-------- C:\Program Files\MAIET

2008-06-18 21:56:31 0 d-------- C:\Program Files\Sun

2008-06-18 21:53:50 0 d-------- C:\Program Files\Common Files\Java

2008-06-18 21:11:55 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Mozilla

2008-06-14 18:01:22 0 d-------- C:\Program Files\Robster Productions

2008-05-28 20:35:00 4096 --a------ C:\WINDOWS\system32\crash

– Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SoundMan”=“SOUNDMAN.EXE” [2002-09-27 08:44 C:\WINDOWS\SOUNDMAN.EXE]

“NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50]

“BigDogPath323VMSnap”=“C:\WINDOWS\VMSnap23.exe” [2007-01-09 13:57]

“BigDogPath323Domino”=“C:\WINDOWS\Domino.exe” [2007-01-09 13:56]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27]

“sXe Injected”=“C:\Program Files\sXe Injected\sXe Injected.exe” [2008-08-04 08:12]

“AtiPTA”=“atiptaxx.exe” [2004-12-01 02:10 C:\WINDOWS\system32\atiptaxx.exe]

“@”="" []

“PCTAVApp”=“C:\Program Files\PC Tools AntiVirus\PCTAV.exe” [2008-07-23 14:37]

“KernelFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -k” []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24]

“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” [2008-02-01 13:30]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 18:22]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44]

“Steam”=“c:\program files\steam\steam.exe” [2008-07-10 16:50]

C:\Documents and Settings\xxx\Menu Start\Programy\Autostart\

hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-02-06 17:13:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

“DisableRegistryTools”=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoLowDiskSpaceChecks”=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

“{35B2861B-2B26-4691-9FF0-09083722C736}”= C:\WINDOWS\system32\RadExe.dll [2005-02-02 04:58 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@=“Volume shadow copy”

*Newly Created Service* - DDSXEISERVICE

– Hosts -----------------------------------------------------------------------

222.111.150.111 gwgt1.joymax.com

– End of Deckard’s System Scanner: finished at 2008-08-04 16:25:41 ------------

a jeszcze jest jakis extra.txt to tez dac?

Niewiem czy źle zorbiłem ten log teraz wszedłem w hijacka i zrobiłem loga

http://wklejto.pl/7283

Pobierz The Avenger

Wklej do niego ten tekst:

Files to delete:

C:\WINDOWS\zip.exe

C:\WINDOWS\VFind.exe

C:\WINDOWS\swxcacls.exe 

C:\WINDOWS\swsc.exe

C:\WINDOWS\swreg.exe 

C:\WINDOWS\sed.exe

C:\WINDOWS\grep.exe

C:\WINDOWS\fdsv.exe

Kopiujesz - klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK. Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt 2) Wklej do Notatnika taki tekst:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{35B2861B-2B26-4691-9FF0-09083722C736}"=-


[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]


[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]


[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]


[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: “Wszystkie pliki” >>> Zapisz jako FIX.REG** >>>**

plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).

Zrestartuj komputer.

Potem nowy log z DSS.

Raporcik:

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File “C:\WINDOWS\zip.exe” deleted successfully.

File “C:\WINDOWS\VFind.exe” deleted successfully.

File “C:\WINDOWS\swxcacls.exe” deleted successfully.

File “C:\WINDOWS\swsc.exe” deleted successfully.

File “C:\WINDOWS\swreg.exe” deleted successfully.

File “C:\WINDOWS\sed.exe” deleted successfully.

File “C:\WINDOWS\grep.exe” deleted successfully.

File “C:\WINDOWS\fdsv.exe” deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Avanger usunął wszystko

daj nowy log DSS

:slight_smile:

http://wklejto.pl/7284 Proszę :slight_smile:

P.S

Moge już usunąć FIX.REG ? :slight_smile:

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

:slight_smile:

damisuchy ,

Zapoznaj się z tematem Ważny komunikat dotyczący tytułowania tematów - popraw tytuł na konkretny, mówiący o problemie. W celu dokonania zaleconej korekty - proszę użyć przycisku ac7a4cd89050aa6e.gif

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i zastosuj się do Tematu

Leon,wykrył mi 2 wirusy i 3 zainfekowane obiekty ;/ help!

pokaż raport usuniemy

:slight_smile:

tyko nie mam zadnego raportu ;/ pisało ze zakończone i nic dalej

http://wklejto.pl/7310 jeszcze dam log z hijacka sprawdź

Log czysty

nie pokazał raportu dla pewności przeskanuj Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& … It!+4.44.5

jak coś znajdzie sam wyleczy lub usunie

:slight_smile: