Czy jest tu jakiś wirus?


(Krzysztof Pawl) #1

Od pewnego czasu nawala mi komputer. Początkowo sporadycznie się resetował. Teraz nie mogę go już normalnie uruchomić.Zaraz po uruchomieniu się resetuje. Działa tylko w trybie awaryjnym. Co robić?

Proszę o pomoc

log z hijackthis:


(Gutek) #2

Syfu dużo, spróbujmy automatami na początek.

Użyj VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone.

Skan AVG Anti-Spyware 7.5 po update :wink:

Daj log z Combofix


(Krzysztof Pawl) #3

Użyłem tych wszystkich programów: VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone! Czekam na dalsze wskazówki

log z combofixa:


(Gutek) #4

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Po tym daj log z Silenta

usuń jeszcze te pliki


(Krzysztof Pawl) #5

wyczyściłem rejestry RegCleanerem. C:\WINDOWS\system32\xpdx.sys - tego pliku nie da się usunąć.

Log z Silent Runners


(Heniu133) #6

Log z silenta ucięty. Poczekaj na komunikat All Done i wklej całego :slight_smile:


(Krzysztof Pawl) #7

Jeszcze raz log z silent runners. Tym razem mam nadziej że cały

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]

"Ueto" = ""C:\DOCUME~1\Lucyna\MOJEDO~1\STEM~1\winlogon.exe" -vt ndrv" [file not found]

"Pvcucfv" = "C:\WINDOWS\A*pPatch**ool32.exe" (unwritable string) [file not found]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Windows update loader" = "C:\Windows\xpupdate.exe" [file not found]

"Service Pack 1" = "C:\WINDOWS\system32\vexg6ame4.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"LWBMOUSE" = "C:\Program Files\Tech\Wheel Mouse\5.2\MOUSE32A.EXE" [empty string]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\OpenOffice.org1.1.4\program\shlxthdl.dll" ["Sun Microsystems, Inc."]

"{0A082D00-EC93-11D0-B1E6-80580BC10627}" = "Corel Media Folder Root Menu Handler"

-> {HKLM...CLSID} = "Corel Media Folder Root Menu Handler"

\InProcServer32(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]

"{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}" = "Folder To Corel Media Folder Menu Handler"

-> {HKLM...CLSID} = "Folder To Corel Media Folder Menu Handler"

\InProcServer32(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]

"{854AF161-1AE1-11D1-AB9B-00C0F00683EB}" = "Corel Media Folder"

-> {HKLM...CLSID} = "Corel Media Folder"

\InProcServer32(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]

"{E856F161-1AE5-11d1-AB9B-00C0F00683EB}" = "Corel Media Folder"

-> {HKLM...CLSID} = "Corel Media Folder"

\InProcServer32(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]

"{CDB89701-262F-11D1-AB9C-00C0F00683EB}" = "Corel Media Find Folder"

-> {HKLM...CLSID} = "Corel Media Find Folder"

\InProcServer32(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]

"{F8152501-455F-11D1-B1E6-444553540000}" = "Corel Media Folder Copy Hook Handler"

-> {HKLM...CLSID} = "Corel Media Folder Copy Hook Handler"

\InProcServer32(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]

"{8E524B0D-04F0-11D1-B74A-00A0C90646A4}" = "IconFactTemp.NSIconHandlerFactory"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Corel\Graphics8\programs\CNSFlt80.dll" ["Corel Corporation"]

"{A2AC368A-F883-11D0-B745-00A0C90646A4}" = "NSFiltManDll.FiltManCom"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Corel\Graphics8\programs\CNSFlt80.dll" ["Corel Corporation"]

"{B63FCD5A-2396-11D1-B762-00A0C90646A4}" = "*g" (unwritable string)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Corel\Graphics8\programs\CMFFnd80.dll" ["Corel Corporation"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"

-> {HKLM...CLSID} = "Urządzenie przenośne"

\InProcServer32(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]

"{6889CDD0-3116-11D0-97E2-080036CAF901}" = "GMLayout Symbols Custom Icon Handler"

-> {HKLM...CLSID} = "GMLayout Symbols Custom Icon Handler"

\InProcServer32(Default) = "c:\program files\geomedia professional\Program\symbext.dll" ["Intergraph Process, Power & Offshore"]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"

-> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"

\InProcServer32(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

\InProcServer32(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

<> botreg\DLLName = "C:\Documents and Settings\All Users\Dokumenty\Settings\bot.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

\InProcServer32(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

FolderToCorelMediaFolder(Default) = "{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}"

-> {HKLM...CLSID} = "Folder To Corel Media Folder Menu Handler"

\InProcServer32(Default) = "C:\Corel\Graphics8\programs\CMFFld80.dll" [empty string]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

\InProcServer32(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Default executables:


HKLM\Software\Classes.scr\ = (key not found)

Group Policies {policy setting}:


Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) hex:0x00000000

{Disable Active Desktop}

"ClassicShell" = (REG_DWORD) hex:0x00000000

{Enable Classic Shell / Turn on Classic Shell}

"ForceActiveDesktopOn" = (REG_DWORD) hex:0x00000001

{Enable Active Desktop}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Startup items in "Lucyna" & "All Users" startup folders:


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]

Enabled Scheduled Tasks:


"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]

"FRU Task #Hewlett-Packard#hp psc 1200 series#1100294681" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1100294681"" [empty string]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 19

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 18

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}(Default) = (no title provided)

-> {HKLM...CLSID} = "Real.com"

\InProcServer32(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}(Default) = "SearchBar Quick View"

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

"ButtonText" = "Create Mobile Favorite"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

"MenuText" = "Utwórz łącze Ulubione dla urządzenia przenośnego..."

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

"ButtonText" = "Real.com"

{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\

"ButtonText" = "eBay - Homepage"

"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"

-> {HKLM...CLSID} = "Toolbar Extension for Executable"

\InProcServer32(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

"Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]

iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

Sentinel Protection Server, SentinelProtectionServer, ""C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"" ["SafeNet, Inc"]

STI Simulator, STI Simulator, "C:\WINDOWS\System32\PAStiSvc.exe" [null data]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]

Monitor języka PJL\Driver = "PJLMON.DLL" [MS]


<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 350 seconds.

---------- (total run time: 496 seconds)


(Joan Sunshine) #8

Obejmij proszę logi w tagi QUOTE lub CODE i popraw temat na konkretny > użyj przycisku icon_edit.gif

Ściągasz narzędzie KillBox, zaznaczasz Delete on Reboot, potem klikasz All Files i wklejasz do pola Full Path of File to Delete ścieżkę:

C:\Documents and Settings\All Users\Dokumenty\Settings\bot.dll

Klikasz X i reset sysa.

Otwórz notatnik i wklej w nim to:

Plik - zapisz jako - zmień rozszerzenie na wszystkie pliki - zapisz pod nazwą FIX.REG

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa :slight_smile:


(Krzysztof Pawl) #9

Wykonałem wszystko zgodnie z zaleceniami. Czy jeszcze coś trzeba zrobić?


(adam9870) #10

Tak, dla pewności wklej nowy log z ComboFix.


(Krzysztof Pawl) #11

log z combofixa

Złączono Posta : 01.06.2007 (Pią) 13:25

Mam też problem z drugim komputerem. Od pewnego czasu wiesza sie zaraz po uruchomieniu i nie reaguje na nic. Wcześniej dało się na nim w miarę pracował, chociaż co pare godzin się wieszał. Teraz wiesza się co 2-3 minuty. Uruchomiłem na nim: VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone. Potem zrobiłem loga. Prosze o ich sprawdzenie.

Złączono Posta : 01.06.2007 (Pią) 13:31

log hijacthis

Złączono Posta : 01.06.2007 (Pią) 13:33

log combofix


(Gutek) #12

Pierwszy komp użyj ATF-Cleaner - http://www.atribune.org/ccount/click.php?id=1

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Drugi też albo RegCleaner albo jv16 PowerTools przeleć komp.


(Krzysztof Pawl) #13

log z conbofix


(Gutek) #14

Log Ok


(Krzysztof Pawl) #15

Dziękuję za pomoc! Komputer nr 1 działa jak trzeba:) A z drugim jeszcze powalcze. Może to jakiś konflikt sprzętowy.