XP sp2 "mass mailer software", "virtumonde&am

likols · 21 Sierpień 2007 21:55

Mialem Avasta i scaner nic nie pokazywal. Po zainstalowaniu kasperskyego scaner pokazuje ww. wirusy i jeszcze kilka innych. Przy probie usowania komp zaczyna fisiowac. Musialem zupelnie odinstalowac antywira zeby to napisac

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:41:58, on 2007-08-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Belkin\F5D7051\WLService.exe C:\Program Files\Belkin\F5D7051\WLanCfgG.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Gadu-Gadu\gg.exe C:\PROGRA~1\INCRED~1\bin\ImApp.exe E:\RÓŻNOŚĆI\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll” O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe – End of file - 3672 bytes

Złączono Posta : 22.08.2007 (Sro) 0:17

ComboFix 07-08-17.2 - “LIKOLS” 2007-08-21 23:01:32.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.219 [GMT 1:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\LIKOLS\Pulpit.\internet explorer.lnk C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\0019E46F C:\Program Files\myglobalsearch\bar\Cache\0019E696 C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\WINDOWS\hosts C:\WINDOWS\system32\autorun.ini C:\WINDOWS\system32\xpdx.sys ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\xpdx ((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 ))))))))))))))))))))))))))))))) 2007-08-21 22:59 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-21 21:30 2007-08-21 20:06 2007-08-21 20:06 2007-08-21 20:06 2007-08-21 00:01 2007-08-20 16:55 2007-08-17 13:05 2007-08-17 11:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-08-17 09:54 2007-08-17 09:30 2007-08-17 09:30 2007-08-17 09:22 2007-08-17 09:21 2007-08-17 09:21 2007-08-17 09:03 2007-08-16 14:42 2007-08-16 10:46 2007-08-16 09:41 2007-08-16 09:02 2007-08-14 20:35 188,416 --a------ C:\WINDOWS\system32\eax.dll 2007-08-14 20:31 2007-08-14 19:56 2007-08-14 19:36 2007-08-14 19:26 2007-08-14 18:50 2007-08-14 18:43 2007-08-14 08:26 2007-08-13 15:47 2007-08-13 15:42 1,357,032 --a------ C:\WINDOWS\system32\xmnt2002.exe 2007-08-13 15:30 2007-08-12 16:33 13,840 --a------ C:\WINDOWS\system32\wnaspi32.dll 2007-08-12 14:47 2007-08-12 09:44 2007-08-12 08:27 2007-08-12 08:18 2007-08-12 08:18 2007-08-10 12:46 2007-08-10 11:42 2007-08-10 11:13 2007-08-10 10:55 2007-08-10 10:55 2007-08-08 09:32 2007-08-08 09:32 2007-08-08 09:29 2007-08-08 09:28 2007-08-08 09:27 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-20 22:57 --------- d-------- C:\DOCUME~1\LIKOLS\DANEAP~1\Skype 2007-08-20 16:55 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-19 09:09 --------- d-------- C:\Program Files\SubEdit-Player 2007-08-18 09:44 --------- d-------- C:\DOCUME~1\LIKOLS\DANEAP~1\CyberLink 2007-08-17 19:35 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-08-14 19:36 724992 --a------ C:\WINDOWS\iun6002.exe 2007-08-14 08:25 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-14 08:21 --------- d-------- C:\Program Files\DAP 2007-08-12 14:47 --------- d-------- C:\Program Files\QuickTime 2007-08-12 14:27 --------- dr-h----- C:\DOCUME~1\LIKOLS\DANEAP~1\yahoo! 2007-08-12 14:26 --------- d-------- C:\Program Files\Common Files\AVSMedia 2007-08-12 14:26 --------- d-------- C:\Program Files\AVSMedia 2007-08-12 08:46 --------- d-------- C:\Program Files\WatchTVPro Ex 2007-08-12 08:44 --------- d-------- C:\Program Files\ICQLite 2007-08-12 08:44 --------- d-------- C:\DOCUME~1\LIKOLS\DANEAP~1\ICQLite 2007-07-10 18:42 --------- d-------- C:\Program Files\BearShare 2007-07-10 18:22 --------- d-------- C:\Program Files\BearShare Applications 2007-07-07 11:03 --------- d-------- C:\DOCUME~1\LIKOLS\DANEAP~1\ICQ Toolbar 2007-07-07 09:47 --------- d-------- C:\Program Files\Winamp 2007-06-22 17:56 --------- d-------- C:\DOCUME~1\LIKOLS\DANEAP~1\Ahead 2007-05-25 21:08 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll 2007-05-25 16:59 81920 --a------ C:\DOCUME~1\LIKOLS\DANEAP~1\ezpinst.exe 2007-05-25 16:59 47360 --a------ C:\DOCUME~1\LIKOLS\DANEAP~1\pcouffin.sys 2004-08-04 00:44:20 1,292,800 --sh–r C:\WINDOWS\system32\aol.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2006-10-22 13:22] “Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 18:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-04-19 16:43] “IncrediMail”=“C:\Program Files\IncrediMail\bin\IncMail.exe” [2007-05-06 16:20] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Instant Messanger] aol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost] C:\Program Files\Internet Explorer\Setup\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “aawservice”=2 (0x2) R1 ewido security suite driver;ewido security suite driver;??\C:\Program Files\ewido\security suite\guard.sys R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys S3 Amsmpu4p;Amsmpu4p;??\C:\DOCUME~1\LIKOLS\USTAWI~1\Temp\Amsmpu4p.sys S3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{27af4711-f43c-11db-a54d-00179a7bfc8e}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe Open(&0)\command- Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ce18c730-0a47-11dc-a597-00179a7bfc8e}] AutoRun\command- J:\LaunchU3.exe -a Contents of the ‘Scheduled Tasks’ folder 2007-08-16 18:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-21 23:09:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-21 23:12:01 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-08-21 23:11

— E O F —

Gutek · 21 Sierpień 2007 22:30

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Pobierz program SDFix

likols · 22 Sierpień 2007 19:30

SDFix: Version 1.99

Run by LIKOLS on 2007-08-22 at 20:10

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting…

Normal Mode:

Checking Files:

No Trojan Files Found

Removing Temp Files…

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

Remaining Services:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

“C:\Program Files\IncrediMail\bin\IncMail.exe”=“C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail”

“C:\Program Files\IncrediMail\bin\ImApp.exe”=“C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:

Registry Backups: - C:\SDFix\backups\backupreg.zip

Full Registry Backup: - C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

Files with Hidden Attributes:

C:\WINDOWS\system32\aol.exe

C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

C:\Program Files\InterActual\InterActual Player\iti2.tmp

C:\Program Files\InterActual\InterActual Player\iti2A.tmp

C:\WINDOWS\system32\config\SAM.tmp.LOG

C:\WINDOWS\system32\config\SECURITY.tmp.LOG

Finished

Dziekuje za poswiecony czas co dalej z tym fantem?

Jaki proggram antywirusowy "kaspersky"czy “norton” ?

Wzesniej strasznie sie wieszal po ich zainstalowaniu

Gutek · 22 Sierpień 2007 20:16

Ok daj nowy log z Combo

likols · 22 Sierpień 2007 22:14

C

omboFix 07-08-17.2 - “LIKOLS” 2007-08-22 22:54:56.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.385 [GMT 1:00] ((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 ))))))))))))))))))))))))))))))) 2007-08-22 20:08 2007-08-21 22:59 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-21 21:30 2007-08-21 20:06 2007-08-21 20:06 2007-08-21 20:06 2007-08-21 00:01 2007-08-20 16:55 2007-08-17 13:05 2007-08-17 11:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-08-17 09:54 2007-08-17 09:30 2007-08-17 09:30 2007-08-17 09:22 2007-08-17 09:21 2007-08-17 09:21 2007-08-17 09:03 2007-08-16 14:42 2007-08-16 10:46 2007-08-16 09:41 2007-08-16 09:02 2007-08-14 20:35 188,416 --a------ C:\WINDOWS\system32\eax.dll 2007-08-14 20:31 2007-08-14 19:56 2007-08-14 19:36 2007-08-14 19:26 2007-08-14 18:50 2007-08-14 18:43 2007-08-14 08:26 2007-08-13 15:47 2007-08-13 15:42 1,357,032 --a------ C:\WINDOWS\system32\xmnt2002.exe 2007-08-13 15:30 2007-08-12 16:33 13,840 --a------ C:\WINDOWS\system32\wnaspi32.dll 2007-08-12 14:47 2007-08-12 09:44 2007-08-12 08:27 2007-08-12 08:18 2007-08-12 08:18 2007-08-10 12:46 2007-08-10 11:42 2007-08-10 11:13 2007-08-10 10:55 2007-08-10 10:55 2007-08-08 09:32 2007-08-08 09:32 2007-08-08 09:29 2007-08-08 09:28 2007-08-08 09:27 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-20 22:57 --------- d-------- C:\DOCUME~1\LIKOLS\DANEAP~1\Skype 2007-08-20 16:55 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-19 09:09 --------- d-------- C:\Program Files\SubEdit-Player 2007-08-18 09:44 --------- d-------- C:\DOCUME~1\LIKOLS\DANEAP~1\CyberLink 2007-08-17 19:35 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-08-14 19:36 724992 --a------ C:\WINDOWS\iun6002.exe 2007-08-14 08:25 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-14 08:21 --------- d-------- C:\Program Files\DAP 2007-08-12 14:47 --------- d-------- C:\Program Files\QuickTime 2007-08-12 14:27 --------- dr-h----- C:\DOCUME~1\LIKOLS\DANEAP~1\yahoo! 2007-08-12 14:26 --------- d-------- C:\Program Files\Common Files\AVSMedia 2007-08-12 14:26 --------- d-------- C:\Program Files\AVSMedia 2007-08-12 08:46 --------- d-------- C:\Program Files\WatchTVPro Ex 2007-08-12 08:44 --------- d-------- C:\Program Files\ICQLite 2007-08-12 08:44 --------- d-------- C:\DOCUME~1\LIKOLS\DANEAP~1\ICQLite 2007-07-10 18:42 --------- d-------- C:\Program Files\BearShare 2007-07-10 18:22 --------- d-------- C:\Program Files\BearShare Applications 2007-07-07 11:03 --------- d-------- C:\DOCUME~1\LIKOLS\DANEAP~1\ICQ Toolbar 2007-07-07 09:47 --------- d-------- C:\Program Files\Winamp 2007-06-26 07:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-22 17:56 --------- d-------- C:\DOCUME~1\LIKOLS\DANEAP~1\Ahead 2007-06-19 14:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 14:23 1034752 --a------ C:\WINDOWS\explorer.exe 2007-05-25 21:08 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll 2007-05-25 16:59 81920 --a------ C:\DOCUME~1\LIKOLS\DANEAP~1\ezpinst.exe 2007-05-25 16:59 47360 --a------ C:\DOCUME~1\LIKOLS\DANEAP~1\pcouffin.sys 2004-08-04 00:44:20 1,292,800 --sh–r C:\WINDOWS\system32\aol.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2006-10-22 13:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-04-19 16:43] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Instant Messanger] aol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost] C:\Program Files\Internet Explorer\Setup\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “aawservice”=2 (0x2) R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys S1 ewido security suite driver;ewido security suite driver;??\C:\Program Files\ewido\security suite\guard.sys S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys S3 Amsmpu4p;Amsmpu4p;??\C:\DOCUME~1\LIKOLS\USTAWI~1\Temp\Amsmpu4p.sys S3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys S3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys S3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys Contents of the ‘Scheduled Tasks’ folder 2007-08-16 18:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-22 22:57:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-22 22:58:39 C:\ComboFix-quarantined-files.txt … 2007-08-22 22:58 — E O F —

log musialem zrobic na “awaryjnym” bo przy norm sie restartuje

nie wiem czy to cos zmienia

jessica · 22 Sierpień 2007 22:43

Nie jestem pewna, czy to zaznaczone na czerwono zostało już usunięte z dysku. Sprawdź to.

Najpierw usuń ewentualne atrybuty ochronne:

>>Start>>Panel Sterowania>>Opcje Folderów>>Widok>>usuń zaznaczenie (jeśli jest) przy “Ukryj chronione pliki systemowe”>

>zaznacz przy “Pokaż ukryte plik”>>Zastosuj>>OK.

Potem sprawdź, wg ścieżki, czy na pewno ten folder “Setup” i ten plik “svchost.exe” zniknęły.

Uwaga, “svchost.exe” ma zniknąć tylko z tej lokalizacji, bo w folderze “system32” powinien zostać!

Potem:

jessi

likols · 24 Sierpień 2007 19:37

nie pomogliscie - format