Skocz do zawartości


Zdjęcie

[antywirus]problem z kis 7


  • Zamknięty Temat jest zamknięty
2 odpowiedzi w tym temacie

#1 zedred

zedred

    Nowy

  • 1 postów

Napisano 01 02 2010 - 02:04

Witam
zainstalowałem kasperski security 7 i nieodinstalowałem go chyba dokładnie bo
jak włączam outlooka to wyskakuje komunikat - nie można zainstalować ani
załadować dodatku c/progrsam files/kasperski lab/..
a usunołem z kompa wszystko i wyczyściłem dokładnie cały rejestr ręcznie ze
wszystkiego co zawierało w nazwie kaspersky i programami

no i nie mogę zainstalować ponownie kis 7 bo wywala komunikat że jest
już zainstalowany i trzeba odinstalować i przerywa instalację

przejechałem combofixem i hijackthis i nic nie dało

proszę o radę

Pozdr Rafał

LOG Z CF
ComboFix 10-01-31.02 - zed 2010-01-31  22:52:52.3.2 - x86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1791.1211 [GMT 1:00]Uruchomiony z: c:\documents and settings\zed\Pulpit\zrzut\instalki\ComboFix.exeAV: ArcaVir *On-access scanning disabled* (Updated) {430EE792-8EF9-4D8A-B486-78BBF686F0E1}FW: ArcaFirewall 2007 *disabled* {B640009B-6FF6-4CA7-9CE8-7DA160B95A5B}.(((((((((((((((((((((((((   Pliki utworzone od 2009-12-28 do 2010-01-31  ))))))))))))))))))))))))))))))).2010-01-31 21:47 . 2010-01-31 21:44	396288	----a-w-	c:\windows\system32\CF2459.exe2010-01-31 11:06 . 2010-01-31 11:06	--------	d-----w-	c:\documents and settings\zed\Dane aplikacji\ArcaBit2010-01-29 23:44 . 2010-01-30 00:07	--------	d-----w-	c:\program files\Advanced Registry Doctor2010-01-29 22:01 . 2010-01-29 22:15	--------	d-----w-	c:\program files\RegSupreme Pro2010-01-29 21:56 . 2010-01-29 21:56	--------	d-----w-	c:\program files\ToniArts2010-01-29 21:20 . 2010-01-29 21:37	--------	d-----w-	c:\program files\WinASO2010-01-29 21:10 . 2010-01-29 21:13	--------	d-----w-	c:\program files\Your Uninstaller2010-01-29 20:24 . 2010-01-29 20:24	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2010-01-29 20:20 . 2010-01-29 20:20	--------	d-----w-	c:\documents and settings\zed\Dane aplikacji\MozillaControl2010-01-29 20:19 . 2010-01-29 20:19	--------	d-----w-	c:\windows\'Full Speed' Internet Booster + Performance Tests2010-01-29 20:19 . 2010-01-30 23:13	--------	d-----w-	c:\program files\'Full Speed' Internet Booster + Performance Tests2010-01-29 01:52 . 2010-01-31 15:44	--------	d-----w-	c:\program files\Unlocker2010-01-29 01:38 . 2010-01-29 01:38	396288	----a-w-	c:\windows\system32\CF12474.exe2010-01-29 01:11 . 2010-01-29 01:11	--------	d-----w-	c:\temp\Splashtop_temp_folder2010-01-29 01:11 . 2010-01-29 01:11	--------	d-----w-	C:\temp2010-01-29 00:58 . 2010-01-29 01:33	--------	d-----w-	c:\documents and settings\zed\Dane aplikacji\Lavasoft2010-01-29 00:25 . 2010-01-29 00:25	96784	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav6\7.0.1.321\diffs.dll2010-01-29 00:25 . 2010-01-29 00:25	760336	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav6\7.0.1.321\updater.dll2010-01-29 00:25 . 2010-01-29 00:25	354832	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav6\7.0.1.321\ckahum.dll2010-01-29 00:25 . 2010-01-29 00:25	24080	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav6\7.0.1.321\ushata.dll2010-01-29 00:25 . 2010-01-29 00:25	110096	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav6\7.0.1.321\X86\kl1.sys2010-01-29 00:24 . 2010-01-29 00:24	25104	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll2010-01-29 00:24 . 2010-01-29 00:24	112144	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys2010-01-29 00:24 . 2010-01-29 00:24	772624	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll2010-01-29 00:24 . 2010-01-29 00:24	354832	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll2010-01-29 00:24 . 2010-01-29 00:24	150032	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll2010-01-29 00:04 . 2010-01-29 00:27	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2010-01-15 16:01 . 2010-01-15 16:01	--------	d-----w-	c:\program files\PITy2010-01-13 08:38 . 2009-11-21 16:03	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll2010-01-02 00:30 . 2010-01-02 00:30	--------	d-----w-	c:\program files\IMS HEALTH2010-01-02 00:30 . 1998-01-23 10:22	304128	----a-w-	c:\windows\IsUninst.exe2010-01-02 00:29 . 2010-01-02 00:29	--------	d-----w-	c:\documents and settings\zed\WINDOWS.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-01-31 21:50 . 2009-10-04 17:21	--------	d-----w-	c:\documents and settings\zed\Dane aplikacji\uTorrent2010-01-31 16:51 . 2009-07-25 14:09	45056	----a-w-	c:\windows\system32\acovcnt.exe2010-01-30 23:20 . 2009-07-25 14:22	--------	d-----w-	c:\documents and settings\zed\Dane aplikacji\Skype2010-01-30 17:38 . 2009-07-25 14:23	--------	d-----w-	c:\documents and settings\zed\Dane aplikacji\skypePM2010-01-29 22:16 . 2009-11-28 18:38	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP2010-01-29 21:56 . 2009-07-25 12:30	--------	d--h--w-	c:\program files\InstallShield Installation Information2010-01-29 21:47 . 2009-07-25 13:52	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ArcaBit2010-01-29 21:03 . 2001-10-26 18:15	90270	----a-w-	c:\windows\system32\perfc015.dat2010-01-29 21:03 . 2001-10-26 18:15	502964	----a-w-	c:\windows\system32\perfh015.dat2010-01-29 19:04 . 2009-07-25 13:05	--------	d-----w-	c:\program files\Common Files\Adobe2010-01-29 01:07 . 2009-09-28 21:00	--------	d-----w-	c:\program files\URUSoft2010-01-29 01:05 . 2009-07-26 21:44	--------	d-----w-	c:\program files\AIMP22010-01-29 00:36 . 2009-07-25 13:27	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard2010-01-29 00:25 . 2007-10-31 12:41	112144	----a-w-	c:\windows\system32\drivers\kl1.sys2010-01-27 14:02 . 2009-10-04 21:17	--------	d-----w-	c:\documents and settings\zed\Dane aplikacji\BESTplayer2010-01-24 12:57 . 2009-09-29 11:15	--------	d-----w-	c:\program files\NAPI-PROJEKT2010-01-18 18:54 . 2009-11-13 13:01	--------	d-----w-	c:\program files\Mozilla Firefox 3.6 Beta 22010-01-11 07:47 . 2009-11-28 18:54	--------	d-----w-	c:\program files\ALLPlayer2010-01-01 21:21 . 2010-01-01 21:21	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PhotoStitch2009-12-23 11:09 . 2009-12-16 23:40	--------	d-----w-	c:\documents and settings\zed\Dane aplikacji\Creative2009-12-21 19:08 . 2004-08-04 00:44	916480	------w-	c:\windows\system32\wininet.dll2009-12-16 23:33 . 2009-12-16 23:31	--------	d--h--w-	c:\program files\Creative Installation Information2009-12-16 23:32 . 2009-12-16 23:32	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Creative2009-12-16 23:31 . 2009-12-16 23:31	--------	d-----w-	c:\program files\Common Files\Creative2009-12-03 23:28 . 2009-12-03 23:27	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Screaming Bee2009-12-03 23:27 . 2009-12-03 23:27	--------	d-----w-	c:\documents and settings\zed\Dane aplikacji\Screaming Bee2009-11-28 19:12 . 2009-11-28 19:12	130048	----a-w-	c:\windows\system32\xvidvfw.dll2009-11-28 19:12 . 2009-11-28 19:07	207360	----a-w-	c:\windows\system32\evrprop.dll2009-11-28 19:12 . 2009-11-28 19:12	258048	----a-w-	c:\windows\system32\libFLAC.dll2009-11-28 19:11 . 2009-11-28 19:11	79360	----a-w-	c:\windows\system32\mkzlib.dll2009-11-28 19:11 . 2009-11-28 19:07	23552	----a-w-	c:\windows\system32\mkunicode.dll2009-11-23 17:06 . 2009-11-23 17:06	152576	----a-w-	c:\documents and settings\zed\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll2009-11-23 17:04 . 2009-11-23 17:04	79488	----a-w-	c:\documents and settings\zed\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll2009-11-21 16:03 . 2004-08-04 00:43	471552	----a-w-	c:\windows\AppPatch\aclayers.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-24 159744]"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-02-06 174648]"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-25 3054136]"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]"ArcaCheck"="c:\program files\ArcaBit\ArcaVir\ArcaCheck.exe" [2007-07-27 836912]"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649]"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-01-15 851968]"ABRegmon"="c:\program files\ArcaBit\ArcaVir\ABregmon.exe" [2007-07-12 303104]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]"NB Probe"="c:\program files\ASUS\NB Probe\NBProbe.exe" [2008-06-20 813624]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]"AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2009-04-28 475136]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMConfigurePrograms"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener]2007-01-12 14:41	101376	----a-w-	c:\windows\system32\TS_LogonListener.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]2009-11-28 19:12	870400	----a-w-	c:\program files\ALLPlayer\ALLUpdate.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2009-07-25 5248]R1 ABTDI;ABTDI;c:\program files\ArcaBit\ArcaVir\ABTDI.sys [2007-05-08 44032]R2 ABFileMon;ArcaBit FileMonitor;c:\program files\ArcaBit\ArcaVir\FileMonSV.exe [2008-12-17 158216]R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;c:\program files\ArcaBit\Common\taskscheduler.exe [2007-01-12 270336]R2 AVUpdate;ArcaBit Update Service;c:\program files\ArcaBit\ArcaUpdate\update.exe [2007-02-26 167936]R3 ABFLT;ArcaBit File Monitor Driver;c:\progra~1\ArcaBit\ArcaVir\ABFLT.sys [2007-09-13 30208]R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;c:\program files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2007-01-11 200704]R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-07-25 22072]S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2009-07-25 160640]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-07-25 1684736]S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;c:\program files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2007-01-11 237568]S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\d:\i386\AsProcOb.sys --> d:\i386\AsProcOb.sys [?]S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-04-07 6656]S3 ps_drv;ps_drv;\??\c:\documents and settings\zed\ps_drv.sys --> c:\documents and settings\zed\ps_drv.sys [?]S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\zed\Dane aplikacji\Mozilla\Firefox\Profiles\kym2kf3k.default\FF - prefs.js: browser.startup.homepage - www.google.pl---- FIREFOX - SPOSÓB POSTĘPOWANIA ----c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.debug",            false);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.agedWeight",       2);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.bucketSize",       1);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);c:\program files\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("html5.enable", false);c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\Mozilla Firefox 3.6 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-01-31 22:58Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1072)c:\windows\system32\Ati2evxx.dllc:\windows\system32\klogon.dllc:\windows\system32\TS_LogonListener.dll.Czas ukończenia: 2010-01-31  22:59:41ComboFix-quarantined-files.txt  2010-01-31 21:59ComboFix2.txt  2010-01-29 01:49Przed: 139 591 634 944 bajtów wolnychPo: 139 555 905 536 bajtów wolnych- - End Of File - - 896026651ECB390E38A3682F9A0D9761

log hijack
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:26:53, on 2010-02-01Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exeC:\Program Files\ArcaBit\ArcaUpdate\update.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\ASUS\NB Probe\SPM\spmgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\ArcaBit\ArcaVir\FileMonSV.exeC:\Program Files\ArcaBit\ArcaVir\NetMonSV.exeC:\Program Files\ArcaBit\Common\TaskScheduler.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\explorer.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"O4 - HKLM\..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exeO4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exeO4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorunO4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUNO4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exeO4 - HKLM\..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exeO4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exeO4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exeO4 - HKLM\..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startupO4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -noguiO4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"O4 - HKLM\..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: TS_LogonListener - C:\WINDOWS\SYSTEM32\TS_LogonListener.dllO23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exeO23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exeO23 - Service: Usługa konfiguracji Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exeO23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exeO23 - Service: ArcaBit.TaskScheduler - ArcaBit sp. z o.o. - C:\Program Files\ArcaBit\Common\TaskScheduler.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exeO23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\Program Files\ArcaBit\ArcaUpdate\update.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010\Dfsdks.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe--End of file - 7742 bytes


Użytkownik Katarina edytował ten post 11 02 2010 - 13:52

  • 0

#2 geronimoo

geronimoo

    Uzależniony od forum

  • 1 457 postów

Napisano 01 02 2010 - 10:30

Spróbuj uninstalera kasperskiego: http://support.kaspersky.com/faq?chapter=207802598&done=y&qid=208279463&chapter=207802598&omniture=f204269533_q1%3Dn1%3B&qid=208279463#FeedBackForm na przyszłość pamiętaj, że AV odinstalowuje się raczej w trybie awaryjnym, szczególnie te które działają online, lub wcześniej "zabić" wszelkie procesy uruchomione przez niego.

Użytkownik geronimoo edytował ten post 01 02 2010 - 10:33

  • 0

#3 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 01 02 2010 - 15:55

przejechałem combofixem i hijackthis i nic nie dało


Przede wszystkim Hijack a tym bardziej CF nie służy do usuwania pozostałości po programach , ale widać chcesz się pożegnać z systemem. Powodzenia.

  • 0




Użytkownicy przeglądający ten temat: 1

0 użytkowników, 1 gości, 0 anonimowych