TR/crypt.xpack.gen jak sie tego pozbyc??

mam tai problem pomozcie plizzzz

formatowalem partycje systemowa, ale i to nie pomoglo, bo jak sie okazalo trojan jest takze na drugiej patycji oraz dysku zewnetznym. w raporcie z AVIRA AntiVir jest cos takiego :



Avira AntiVir Personal
Report file date: 28 września 2008 19:34

Scanning for 1646460 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Dodatek Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: JACEK-63C412C8F

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 2008-08-12 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 2008-09-26 17:08:19
ANTIVIR3.VDF : 7.0.6.220 16384 Bytes 2008-09-28 17:08:19
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 2008-09-28 17:08:34
AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-10 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 2008-09-28 17:08:33
AEPACK.DLL : 8.1.2.3 364918 Bytes 2008-09-28 17:08:31
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 2008-09-28 17:08:29
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 2008-09-28 17:08:28
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-10 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 2008-09-28 17:08:22
AEEMU.DLL : 8.1.0.7 430452 Bytes 2008-07-31 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 2008-09-28 17:08:21
AEBB.DLL : 8.1.0.1 53617 Bytes 2008-07-10 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-09-28 17:08:20
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 28 września 2008 19:34

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\Gry\magwoj\Graphics.exe
[0] Archive type: CAB SFX (self extracting)
--> Graphics\Animations\002-Action02.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP102\A0034128.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc437.qua'!
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP102\A0034650.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '487e9f08.qua'!
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP103\A0034654.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc438.qua'!
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP103\A0034791.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc439.qua'!
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP103\A0034811.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '487e9f0a.qua'!
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP103\A0034832.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc43a.qua'!
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP104\A0034885.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '487e9f0b.qua'!
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP105\A0034920.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc43c.qua'!
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP105\A0034941.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '487e9f0d.qua'!
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP105\A0034954.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc43b.qua'!
D:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP105\A0035967.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '487e9f0c.qua'!
D:\System Volume Information\_restore{CBA33605-81F2-479B-96A9-C10EC5602FDB}\RP16\A0000448.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc43e.qua'!
Begin scan in 'F:\' <Twardziel jesteeee>
F:\jopnqbe2.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '494fc47f.qua'!
F:\Gry\Capoeira Fighter\=shockwave.com.capoeira.fighter.2.cracked.exe-rev.zip
[0] Archive type: ZIP
--> cracked.rar
[1] Archive type: RAR
--> Capoeira Fighter 2.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bot.33783 back-door program
[NOTE] The file was moved to '4947c617.qua'!
F:\Gry\Capoeira Fighter\cracked.rar
[0] Archive type: RAR
--> Capoeira Fighter 2.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bot.33783 back-door program
[NOTE] The file was moved to '4940c619.qua'!
F:\RECYCLER\S-1-5-21-1028082712-3752474381-643496382-1006\Dg1.exe
[DETECTION] Contains recognition pattern of the WORM/Agent.129368 worm
[NOTE] The file was moved to '4910c950.qua'!
F:\RECYCLER\S-1-5-21-1028082712-3752474381-643496382-1006\Dg2.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.IR.3 worm
[NOTE] The file was moved to '4911c951.qua'!
F:\RECYCLER\S-1-5-21-3755838163-4144160231-277544596-1006\Di1.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.IR.3 worm
[NOTE] The file was moved to '4910c957.qua'!
F:\RECYCLER\S-1-5-21-3755838163-4144160231-277544596-1006\Di2.exe
[DETECTION] Contains recognition pattern of the WORM/Agent.129368 worm
[NOTE] The file was moved to '4911c958.qua'!
F:\RECYCLER\S-1-5-21-3755838163-4144160231-277544596-1006\Di4.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.IR.3 worm
[NOTE] The file was moved to '4913c958.qua'!
F:\RECYCLER\S-1-5-21-3755838163-4144160231-277544596-1006\Di5.exe
[DETECTION] Contains recognition pattern of the WORM/Agent.129368 worm
[NOTE] The file was moved to '4914c958.qua'!
F:\System Volume Information\_restore{4FFBD7F9-1A35-4864-A549-AD3AB4133A92}\RP433\A0199618.exe
[DETECTION] Contains recognition pattern of the W32/Perlovga.A.1 Windows virus
[NOTE] The file was moved to '4910c92b.qua'!
F:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP102\A0034130.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc92c.qua'!
F:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP104\A0034887.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc92d.qua'!
F:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP105\A0034922.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '487e921e.qua'!
F:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP105\A0034943.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc92e.qua'!
F:\System Volume Information\_restore{76155CF2-CAF3-43A4-A227-2CD4ACD043EE}\RP105\A0034956.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '487e921f.qua'!
F:\System Volume Information\_restore{CBA33605-81F2-479B-96A9-C10EC5602FDB}\RP14\A0000281.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc941.qua'!
F:\System Volume Information\_restore{CBA33605-81F2-479B-96A9-C10EC5602FDB}\RP17\A0000486.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '490fc942.qua'!
F:\System Volume Information\_restore{CBA33605-81F2-479B-96A9-C10EC5602FDB}\RP17\A0000489.exe
[DETECTION] Contains recognition pattern of the WORM/Agent.129368 worm
[NOTE] The file was moved to '487e9273.qua'!
F:\System Volume Information\_restore{CBA33605-81F2-479B-96A9-C10EC5602FDB}\RP17\A0000490.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.IR.3 worm
[NOTE] The file was moved to '490fc944.qua'!
F:\System Volume Information\_restore{CBA33605-81F2-479B-96A9-C10EC5602FDB}\RP17\A0000491.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.IR.3 worm
[NOTE] The file was moved to '490fc943.qua'!
F:\System Volume Information\_restore{CBA33605-81F2-479B-96A9-C10EC5602FDB}\RP17\A0000492.exe
[DETECTION] Contains recognition pattern of the WORM/Agent.129368 worm
[NOTE] The file was moved to '487e9274.qua'!
F:\System Volume Information\_restore{CBA33605-81F2-479B-96A9-C10EC5602FDB}\RP17\A0000493.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.IR.3 worm
[NOTE] The file was moved to '490fc945.qua'!
F:\System Volume Information\_restore{CBA33605-81F2-479B-96A9-C10EC5602FDB}\RP17\A0000494.exe
[DETECTION] Contains recognition pattern of the WORM/Agent.129368 worm
[NOTE] The file was moved to '487e9275.qua'!


End of the scan: 28 września 2008 20:25
Used time: 50:52 Minute(s)

The scan has been done completely.

5581 Scanning directories
214946 Files were scanned
35 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
35 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
214909 Files not concerned
1104 Archives were scanned
3 Warnings
35 Notes

na dodatek jak klikam na dysku to pokazuje mi sie cos w rodzaju: otwórz za pomoca...

prosze o pomoc i z gory dzieki

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Podaj log z Combofix

ComboFix 08-09-28.01 - Jacek 2008-09-29 17:32:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.565 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Jacek\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-28 do 2008-09-29 )))))))))))))))))))))))))))))))
.

2008-09-29 15:25 . 2008-09-29 15:25 <DIR> d-------- C:\Program Files\uTorrent
2008-09-29 15:25 . 2008-09-29 15:31 <DIR> d-------- C:\Documents and Settings\Jacek\Dane aplikacji\uTorrent
2008-09-29 15:19 . 2008-09-29 15:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-29 15:17 . 2008-09-29 15:17 <DIR> d-------- C:\WINDOWS\Cache
2008-09-29 13:25 . 2008-09-29 15:28 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-29 12:36 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-29 12:36 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-29 11:59 . 2008-09-29 11:59 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-09-29 11:59 . 2008-09-29 11:59 <DIR> d-------- C:\Program Files\Ahead
2008-09-29 11:59 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-09-29 11:59 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-29 11:59 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-29 11:59 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-09-29 11:59 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-09-29 11:59 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-29 11:59 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-09-29 11:59 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-29 11:54 . 2008-09-29 11:54 <DIR> d-------- C:\Program Files\Common Files\HP
2008-09-29 11:54 . 2008-09-29 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-09-29 11:50 . 2008-09-29 11:50 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-09-29 11:47 . 2008-09-29 11:47 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2008-09-29 11:47 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-09-29 11:47 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-09-29 11:47 . 2008-09-29 11:47 232,075 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_4515.exe
2008-09-29 11:47 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-09-29 11:47 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-09-29 11:47 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-09-29 11:47 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-09-29 11:47 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-09-29 11:46 . 2008-09-29 11:57 <DIR> d-------- C:\Program Files\Burn4Free
2008-09-29 11:36 . 2008-09-29 12:38 113,661 --a------ C:\WINDOWS\hpoins07.dat
2008-09-29 11:36 . 2005-05-24 10:22 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-09-29 11:35 . 2008-09-29 11:35 <DIR> d-------- C:\Documents and Settings\Jacek\Dane aplikacji\HP
2008-09-29 11:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-29 11:21 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-29 11:18 . 2008-09-29 11:20 <DIR> d-------- C:\Temp\HP_WebRelease
2008-09-29 11:18 . 2008-09-29 11:18 <DIR> d-------- C:\Temp
2008-09-29 10:57 . 2008-09-29 10:57 <DIR> d-------- C:\Documents and Settings\Jacek\Dane aplikacji\ACD Systems
2008-09-29 10:56 . 2008-09-29 10:56 <DIR> d-------- C:\Program Files\ACD Systems
2008-09-29 10:56 . 2008-09-29 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2008-09-29 09:30 . 2008-09-29 10:56 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-09-29 09:30 . 2008-09-29 09:30 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-09-29 09:28 . 2008-09-29 09:28 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-29 08:53 . 2008-09-29 08:53 <DIR> d-------- C:\WINDOWS\Sun
2008-09-29 00:23 . 2008-09-29 17:34 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-09-29 00:23 . 2008-09-28 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-09-29 00:23 . 2008-09-28 17:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-09-29 00:23 . 2008-09-28 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-09-29 00:23 . 2008-09-28 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-09-29 00:23 . 2008-09-28 19:03 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-09-29 00:23 . 2008-09-28 19:03 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-09-29 00:23 . 2008-09-29 00:24 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-28 20:29 . 2008-09-28 20:29 <DIR> d-------- C:\Documents and Settings\Jacek\Dane aplikacji\Talkback
2008-09-28 20:27 . 2008-09-28 20:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-28 19:58 . 2004-08-04 00:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-28 19:58 . 2004-08-04 00:44 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-09-28 19:57 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-28 19:57 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-28 19:57 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-09-28 19:57 . 2004-08-04 00:38 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-09-28 19:28 . 2008-09-29 15:50 <DIR> d-------- C:\Documents and Settings\Jacek\Dane aplikacji\Skype
2008-09-28 19:28 . 2008-09-28 19:28 <DIR> d-------- C:\Documents and Settings\Jacek\Dane aplikacji\ATI
2008-09-28 19:28 . 2008-09-28 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI
2008-09-28 19:22 . 2008-09-28 19:22 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-28 19:19 . 2008-09-28 19:22 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-28 19:18 . 2005-11-10 13:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-09-28 19:17 . 2008-09-28 19:17 <DIR> d-------- C:\Program Files\Real Alternative
2008-09-28 19:17 . 2008-09-28 19:17 <DIR> d-------- C:\Program Files\Media Player Classic
2008-09-28 19:17 . 2004-01-25 17:49 303,104 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-09-28 19:11 . 2001-10-26 18:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-28 19:11 . 2001-08-18 00:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-09-28 19:10 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-09-28 19:09 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-09-28 19:08 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-09-28 19:08 . 2004-08-04 01:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2008-09-28 19:08 . 2001-08-17 23:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-09-28 19:08 . 2001-08-17 23:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-09-28 19:07 . 2004-08-04 02:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-09-28 19:07 . 2004-08-04 01:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-09-28 19:06 . 2008-09-28 18:01 63,240 --a------ C:\WINDOWS\system32\drivers\Si3112r.PNF
2008-09-28 19:06 . 2008-09-28 19:06 20,152 --a------ C:\WINDOWS\system32\drivers\INFCACHE.1
2008-09-28 19:06 . 2008-09-28 18:01 12,432 --a------ C:\WINDOWS\system32\drivers\adpu320.PNF
2008-09-28 19:06 . 2008-09-28 18:01 12,204 --a------ C:\WINDOWS\system32\drivers\nvraid.PNF
2008-09-28 19:06 . 2008-09-28 18:01 10,828 --a------ C:\WINDOWS\system32\drivers\iaAHCI.PNF
2008-09-28 19:06 . 2008-09-28 18:01 9,388 --a------ C:\WINDOWS\system32\drivers\iaStor.PNF
2008-09-28 19:06 . 2008-09-28 18:01 7,280 --a------ C:\WINDOWS\system32\drivers\viamraid.PNF
2008-09-28 19:06 . 2008-09-28 18:01 6,984 --a------ C:\WINDOWS\system32\drivers\SiSRaid.PNF
2008-09-28 19:04 . 2008-09-28 19:04 <DIR> d-------- C:\Program Files\Avira
2008-09-28 19:04 . 2008-09-28 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-09-28 19:03 . 2008-09-29 12:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-28 19:03 . 2008-09-28 19:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-09-28 19:03 . 2008-09-28 19:03 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-09-28 19:03 . 2008-09-28 17:18 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2008-09-28 19:03 . 2008-09-28 17:33 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2008-09-28 19:03 . 2008-09-28 19:03 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-09-28 19:03 . 2008-09-28 19:03 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2008-09-28 19:03 . 2008-09-28 19:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-09-28 19:03 . 2008-09-28 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2008-09-28 19:03 . 2008-09-28 19:03 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2008-09-28 19:03 . 2008-09-29 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-09-28 19:03 . 2008-09-29 11:52 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2008-09-28 19:03 . 2008-09-28 17:20 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-09-28 19:03 . 2008-09-29 15:19 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2008-09-28 19:02 . 2008-09-28 17:33 <DIR> d--h----- C:\Documents and Settings\Default User
2008-09-28 19:02 . 2008-09-28 17:24 <DIR> d-------- C:\Documents and Settings\All Users
2008-09-28 19:02 . 2008-09-29 00:23 <DIR> d-------- C:\Documents and Settings
2008-09-28 19:01 . 2008-09-28 17:36 237 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 09:54 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-29 09:47 --------- d-----w C:\Program Files\Hp
2008-09-28 17:48 --------- d-----w C:\Program Files\SubEdit-Player
2008-09-28 17:18 --------- d-----w C:\Program Files\Java
2008-09-28 17:16 --------- d-----w C:\Program Files\ATI Technologies
2008-09-28 17:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-28 17:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-28 16:24 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\AVGTOOLBAR
2008-09-28 16:14 --------- d-----w C:\Program Files\Skype
2008-09-28 16:14 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-28 16:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-09-28 16:13 --------- d-----w C:\Program Files\Winamp
2008-09-28 16:09 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\Gadu-Gadu
2008-09-28 16:08 --------- d-----w C:\Program Files\Gadu-Gadu
2008-09-28 16:07 --------- d-----w C:\Program Files\CDex_150
2008-09-28 16:01 87,328 ----a-w C:\WINDOWS\system32\bcmwlcoi.dll
2008-09-28 16:01 1,287,552 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-09-28 16:01 --------- d-----w C:\Program Files\NetWaiting
2008-09-28 16:01 --------- d-----w C:\Program Files\CONEXANT
2008-09-28 16:01 --------- d-----w C:\Program Files\Broadcom
2008-09-28 15:57 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-28 15:57 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-09-28 15:57 --------- d-----w C:\Program Files\HPQ
2008-09-28 15:55 --------- d-----w C:\Program Files\DIFX
2008-09-28 15:55 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\InstallShield
2008-09-28 15:33 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-28 15:31 --------- d-----w C:\Program Files\Common Files\Java
2008-09-28 15:23 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-09-29 11:47 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-09-29 806912]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc43a4cd-8df3-11dd-aba8-0014a57bf806}]
\Shell\AutoRun\command - jopnqbe2.com
\Shell\explore\Command - jopnqbe2.com
\Shell\open\Command - jopnqbe2.com
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 17:34:26
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-09-29 17:35:22
ComboFix-quarantined-files.txt 2008-09-29 15:35:19

Przed: 19˙834˙064˙896 bajt˘w wolnych
Po: 19,839,447,040 bajt˘w wolnych

223

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

9 wrzesień 2008 23:38:53
System operacyjny: Microsoft Windows XP Home Edition, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.1
Ostatnia aktualizacja Kaspersky Anti-Virus29/09/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus1274587
Ustawienia skanowania
Skanowanie przy użyciu następujących baz danych rozszerzone
Skanuj archiwa tak
Skanuj pocztowe bazy danych tak
Obszar skanowania Mój komputer
C:\
D:\
E:\
F:\
Statystyki skanowania
Liczba skanowanych obiektów 84519
Liczba wykrytych wirusów 1
Liczba zainfekowanych obiektów 2
Liczba podejrzanych obiektów 0
Czas trwania skanowania 01:56:09

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie
C:\Documents and Settings\Jacek\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\Jacek\Dane aplikacji\Microsoft\Szablony\Normal.dot Object is locked pominięty
C:\Documents and Settings\Jacek\Dane aplikacji\Microsoft\Word\Zapisywanie informacji potrzebnych do odzyskania Nowy Dokument programu Microsoft Word .asd Object is locked pominięty
C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\cert8.db Object is locked pominięty
C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\formhistory.dat Object is locked pominięty
C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\history.dat Object is locked pominięty
C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\key3.db Object is locked pominięty
C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\parent.lock Object is locked pominięty
C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\search.sqlite Object is locked pominięty
C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\urlclassifier2.sqlite Object is locked pominięty
C:\Documents and Settings\Jacek\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\Jacek\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\Jacek\Pulpit\Nowy Dokument programu Microsoft Word .doc Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\Cache\_CACHE_001_ Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\Cache\_CACHE_002_ Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\Cache\_CACHE_003_ Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\w0qt5qza.default\Cache\_CACHE_MAP_ Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Historia\History.IE5\MSHist012008092920080930\index.dat Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Temp\Acr52.tmp Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Temp\Acr5E.tmp Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Temp\Acr60.tmp Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Temp\~DF3D70.tmp Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Temp\~DF8CE3.tmp Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Temp\~DF9074.tmp Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Temp\~WRD0000.doc Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Temp\~WRS0001.tmp Object is locked pominięty
C:\Documents and Settings\Jacek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\Perflib_Perfdata_a8.dat Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_11.trc Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\System Volume Information\_restore{CBA33605-81F2-479B-96A9-C10EC5602FDB}\RP24\change.log Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\Sti_Trace.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\wiadebug.log Object is locked pominięty
C:\WINDOWS\wiaservc.log Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
F:\System Volume Information\_restore{84F01F62-5351-4DD3-9C4C-DDEAF61F064F}\RP53\A0063453.exe/file44 Zainfekowanych: not-a-virus:Monitor.Win32.KeyLogger.dq pominięty
F:\System Volume Information\_restore{84F01F62-5351-4DD3-9C4C-DDEAF61F064F}\RP53\A0063453.exe Inno: zainfekowany - 1 pominięty
Proces skanowania został zakończony.

Pobierz The Avenger

wklej do niego ten tekst:

Kod:

Folders to delete:
F:\System Volume Information\_restore{84F01F62-5351-4DD3-9C4C-DDEAF61F064F}\RP53


kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open folder "F:\System Volume Information\_restore{84F01F62-5351-4DD3-9C4C-DDEAF61F064F}\RP53"
Deletion of folder "F:\System Volume Information\_restore{84F01F62-5351-4DD3-9C4C-DDEAF61F064F}\RP53" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.


tylko ze tu jest taki myk, ze jak za pierwszym razem wkleilem to do avengera to nie mialem podlaczonego dysku F ale rebot juz poszedl, wiec wkleilem to jeszcze raz (tym razem z podlaczonym dyskiem F) i wyskoczylo to co jest powyzej.

Więc powinno być ok

wiec wychodzi na to, że jesteś magikiem bo i tak nie wiem co zrobilem ale jak działa to znaczy, ze działa naprawde dzieki wielkie i pozdrawiam

Poważnie, jesteś magikiem. Miałem dokładnie ten sam problem i - dzięki Avastowi - nie wiedząc o nim zainfekowałem komputer mojej siostry. Zarówno jej, jak i mój sprzęt jest teraz zdrowy, czysty i szybko chodzi - wszystko dzięki Tobie
huber2t is the man!