Problem z usunięciem XP antivirus 2008


(Marta Bozek) #1

Witam serdecznie

proszę o pomoc

nie mogę usunąć XP antivirus 2008. Cały czas pojawia się komunikat "You have a security problem". Jak na to naciskam pojawia się strona antivirusa 2008, robi mi skan kompa, wynajduje zarażone pliki i każe zainstalować antivirusa bo inaczej nie usunę tych plików. Mimo że nie zgadzam się na instalację ten problem pojawia się non stop.

Proszę o pomoc

marcia_27


(Sebastianchrzan) #2

podaj loga tym http://dobreprogramy.pl/index.php?dz=2& ... This+2.0.2

i tym http://www.programosy.pl/program,combofix.html

i wklej je na wklej.org i podaj link do nich!


(system) #3

Podaj logi z tych programów o których wspomniał kolega wyżej.

Dodatkowo możesz zrobić to ręcznie postepują według tych zasad. Mam nadzieję, że są zrozumiałe i problem opisywane na tej stronce jest taki jak twój.

Tłuamczenie wykonane przez google jest dosyć toporne, może cośbardziej po polsku:

po pierwsze:

Unlocker'em uwalniasz te dwa pliki - shlwapi.dll, wininet.dll

Unlocker 1.8.7

potem je kasujesz ręcznie.

po drugie:

znajdujesz i kasujesz te pliki: xpa.exe, xpa2008.exe, XPAntivirus.exe, XPAntivirusUpdate.exe, shlwapi.dll, wininet.dll, XP antivirus, XPAntivirus.lnk, Uninstall, XPAntivirus.lnk, XPAntivirus on the Web.lnk, XPAntivirus.url, XP Antivirus 2008.lnk, Uninstall XP Antivirus 2008.lnk

po trzecie:

Start - Uruchom - komenda "regedit"

kasujesz klucz HKEY_USERS\Software\XP antivirus


(Marta Bozek) #4

Unlockerem nie da się uwolnić podanych plików, ani nie mam możliwości ich usunięcia. Nie mam także na dysku wymienionych plików xpa.exe itd.. oraz nie mam tego klucza do skasowania.

loga z hijack:

Logfile of HijackThis v1.99.1

Scan saved at 14:37:29, on 2008-08-17

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\PROGRA~1\Avast4\ashDisp.exe

C:\Program Files\Netia\Net\netianet.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\DOCUME~1\IDEFIX\USTAWI~1\Temp\setup1018.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\DOCUME~1\IDEFIX\USTAWI~1\Temp\1A9.tmp

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\TC UP\totalcmd.exe

C:\DOCUME~1\IDEFIX\USTAWI~1\Temp_tc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM..\Run: [TC UP] "C:\Program Files\TC UP\TC UP.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto

O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [somefox] C:\DOCUME~1\IDEFIX\USTAWI~1\Temp\setup1018.exe

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip..{EFC81E52-52DE-4961-A4D3-96E3E60AAA1F}: NameServer = 83.238.255.76 213.241.79.37

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

loga Combo:

ComboFix 08-08-16.01 - IDEFIX 2008-08-17 14:43:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.480 [GMT 2:00]

Running from: D:\INSTALKI PROGRAMÓW\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\IDEFIX\Dane aplikacji\Microsoft\SystemCertificates\My

C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My

C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My

.

((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))

.

2008-08-17 10:18 . 2008-08-17 10:18

2008-08-17 10:18 . 2008-08-17 10:18

2008-08-17 10:18 . 2008-08-17 10:18

2008-08-17 10:17 . 2008-08-17 10:17

2008-08-17 10:01 . 2008-08-17 10:01

2008-08-16 22:03 . 2008-08-17 11:10

2008-08-16 22:03 . 2008-08-17 11:10

2008-08-16 21:31 . 2008-08-16 21:31

2008-08-16 21:31 . 2008-08-16 21:31

2008-08-15 17:33 . 2008-08-15 23:47

2008-08-13 21:12 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-13 21:12 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-12 10:56 . 2008-08-12 10:58

2008-08-01 10:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-08-01 10:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-08-01 10:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-08-01 10:10 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-08-01 10:08 . 2008-08-01 10:08

2008-08-01 10:08 . 2008-08-01 10:08

2008-08-01 10:05 . 2008-08-01 10:08

2008-08-01 10:05 . 2008-08-14 03:03

2008-08-01 10:04 . 2008-08-01 10:04

2008-07-24 18:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-23 09:33 . 2008-07-23 09:33 4,096 --a------ C:\WINDOWS\d3dx.dat

2008-07-23 09:32 . 2008-07-23 09:32

2008-07-23 09:31 . 2008-07-23 09:31

2008-07-23 09:31 . 2008-07-23 09:31

2008-07-23 09:30 . 2008-07-23 09:30

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-16 19:50 --------- d-----w C:\Documents and Settings\IDEFIX\Dane aplikacji\Azureus

2008-08-16 19:40 --------- d-----w C:\Program Files\eMule

2008-08-08 15:12 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-08-01 06:56 --------- d-----w C:\Program Files\Avast4

2008-07-26 15:01 --------- d-----w C:\Program Files\Football Generation

2008-07-24 16:57 --------- d-----w C:\Program Files\Java

2008-07-11 15:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software

2008-07-11 15:10 25,600 ----a-w C:\Documents and Settings\IDEFIX\usbsermptxp.sys

2008-07-11 15:10 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys

2008-07-11 15:10 22,768 ----a-w C:\Documents and Settings\IDEFIX\usbsermpt.sys

2008-07-11 15:10 --------- d-----w C:\Program Files\Motorola Phone Tools

2008-07-11 14:40 --------- d-----w C:\Program Files\Avanquest update

2008-07-11 14:40 --------- d-----w C:\Documents and Settings\IDEFIX\Dane aplikacji\InstallShield

2008-07-11 14:35 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-02 07:36 --------- d-----w C:\Program Files\Azureus

2008-06-27 15:28 --------- d-----w C:\Documents and Settings\IDEFIX\Dane aplikacji\MSN6

2008-06-27 15:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\MSN6

2008-06-27 15:19 --------- d-----w C:\Program Files\Netia

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:13 668,672 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-22 16:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA

2008-06-22 15:50 --------- d-----w C:\Documents and Settings\IDEFIX\Dane aplikacji\Ahead

2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 19:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles

2008-06-09 16:30 737,280 ----a-w C:\WINDOWS\iun6002.exe

2008-05-28 10:18 558,142 ----a-w C:\WINDOWS\java\Packages\WL3JN3NF.ZIP

2008-05-28 10:18 155,995 ----a-w C:\WINDOWS\java\Packages\P737VN1N.ZIP

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 22:51 1695232]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]

"TC UP"="C:\Program Files\TC UP\TC UP.exe" [2008-01-27 19:35 35328]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:33 57344]

"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

"NETIANET"="C:\Program Files\Netia\Net\netianet.exe" [2007-09-28 11:56 493568]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]

"nwiz"="nwiz.exe" [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [2006-08-11 15:43 86016 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 22:51 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-28 12:43:11 962661]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]

2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\PROGRA~1\CCCPAC~1\Filters\FFDShow\ff_vfw.dll

"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Winamp Remote\bin\Orb.exe"=

"C:\Program Files\Winamp Remote\bin\OrbTray.exe"=

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"=

"C:\Program Files\Azureus\Azureus.exe"=

"C:\Program Files\eMule\emule.exe"=

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\IDEFIX\Dane aplikacji\Mozilla\Firefox\Profiles\2uunh2h1.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-17 14:44:59

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-17 14:45:44

ComboFix-quarantined-files.txt 2008-08-17 12:45:40

Pre-Run: 11,986,583,552 bajtów wolnych

Post-Run: 16,864,444,416 bajtów wolnych

150 --- E O F --- 2008-08-14 01:03:48


(Leon$) #5

Wpisy

usuń HijackThisem >> Fix checked

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile: