Mam problem wkradł mi sie Trojan “SpamTool.Win32.Agent.u” i nie moge go usunąć mój program antywirusowy Kaspersky Internet Security 6.0 wersja 30-dniowa niechce go usunąć
Odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik hgaidhk.dll i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish
Daj log z Combofix
zrobiłem tak jak kazałeś ale jak otwieram Combofix nic sie nie dzieje pokazuje sie niebieskie okienko i znika
Poczytaj:
http://www.searchengines.pl/phpbb203/in … opic=86306
Ewentualnie zamiast loga z ComboFix’a pokaż log z narzędzia Deckard’s System Scanner (DSS), dawniej występujący pod nazwą ComboScan.
niestety to też nie działa nie moge zrobić loga z tego
W takim razie sprawdź czy możesz wykonać log numer 1 w narzędziu L2Mfix, a jeśli tak to go zrób i wklej tu. Opis:
prosze…
Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki
C:\WINDOWS\System32\acbfa7_s.dll
C:\WINDOWS\System32\hgaidhk.dll
i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.
prosze o to logi po wykonaniu tej operacji
Już jest Ok
Ponownie nie wiem co sie dzieje mój antywirus pokazuje że mam Malware: “SpamTool.Win32.Agent.u” Plik: C:\WINDOWS\SYSTEM32\DRIVERS\NDIS.SYS co mam z tym zrobić
Wrzuć logi z HiJack This i Silent Runners.
Przeskanuj PC AVG Antispyware po update, następnie wklej raport na Forum.m razie.
logi zrobione o to one:
1.HiJack This
Logfile of HijackThis v1.99.1
Scan saved at 12:54:22, on 2007-05-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wscntfy.exe
C:\windows\System32\svchost.exe
D:\gg8\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\mm\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe (file missing)
2.Silent Runners
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup" [MS]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch5 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["FlashGet"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"
-> {HKLM...CLSID} = "WebCheck"
\InProcServer32\(Default) = "%system%\webcheck.dll" [file not found]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\windows\system32\Audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
-> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"
-> {HKLM...CLSID} = "Statystyki ochrony WWW"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
-> {HKLM...CLSID} = "WebCheck"
\InProcServer32\(Default) = "%system%\webcheck.dll" [file not found]
HKLM\System\CurrentControlSet\Control\Session Manager\
<> "BootExecute" = "autocheck autochk *"|"aswBoot.exe /M:13067298" [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]
MyPhoneExplorer\(Default) = "{C63D6E57-FE9E-43D7-B7ED-900DEB695D3E}"
-> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"
\InProcServer32\(Default) = "C:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\mm\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["FlashGet.com"]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
(unwritable string)
Missing lines (compared with English-language version):
[Version]: 2 lines
[RestoreHomePage]: 1 line
[RestoreHomePage.reg]: 1 line
[RestoreBrowserSettings.reg]: 12 lines
[DeleteTemplates.reg]: 5 lines
[DeleteAutosearch.reg]: 1 line
[Strings]: 1 line
[RestoreBrowserSettings]: 2 lines
[Strings]: 3 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Kaspersky Internet Security 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r" ["Kaspersky Lab"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\windows\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Monitor języka PJL\Driver = "PJLMON.DLL" [MS]
----------
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 131 seconds, including 18 seconds for message boxes)
3.AVG Anti-Spyware - Scan Report
Created at:13:46:08 2007-05-22
+ Scan result:
C:\System Volume Information\_restore{525BA900-2957-47F5-950F-E0C80DFF4374}\RP589\A0724776.dll -> Backdoor.Ghost.34 : No action taken.
C:\System Volume Information\_restore{525BA900-2957-47F5-950F-E0C80DFF4374}\RP588\A0721205.exe -> Downloader.Small.cyn : No action taken.
C:\System Volume Information\_restore{525BA900-2957-47F5-950F-E0C80DFF4374}\RP589\A0724472.exe/Setup.exe -> Dropper.Agent.asf : No action taken.
C:\cp2650.nls -> Not-A-Virus.SpamTool.Win32.Agent.u : No action taken.
C:\Documents and Settings\mm\Cookies\mm@3.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\mm\Cookies\mm@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\mm\Cookies\mm@ad.adocean[2].txt -> TrackingCookie.Adocean : No action taken.
C:\Documents and Settings\mm\Cookies\mm@gde.adocean[1].txt -> TrackingCookie.Adocean : No action taken.
C:\Documents and Settings\mm\Cookies\mm@gg.adocean[2].txt -> TrackingCookie.Adocean : No action taken.
C:\Documents and Settings\mm\Cookies\mm@my.adocean[1].txt -> TrackingCookie.Adocean : No action taken.
C:\Program Files\jv16 PowerTools\Backups\001B53\mm@idg.adocean[1].txt -> TrackingCookie.Adocean : No action taken.
C:\Program Files\jv16 PowerTools\Backups\002147\mm@www.etracker[1].txt -> TrackingCookie.Etracker : No action taken.
C:\Documents and Settings\mm\Cookies\mm@hit.gemius[1].txt -> TrackingCookie.Gemius : No action taken.
C:\Documents and Settings\mm\Cookies\mm@search.live[1].txt -> TrackingCookie.Live : No action taken.
C:\Documents and Settings\mm\Cookies\mm@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\mm\Cookies\mm@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Program Files\jv16 PowerTools\Backups\001C21\mm@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{525BA900-2957-47F5-950F-E0C80DFF4374}\RP591\A0726050.dll -> Trojan.Vqten : No action taken.
C:\Documents and Settings\mm\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ATC12PMJ\flash_detector[1].js -> Worm.Graz : No action taken.
C:\Documents and Settings\mm\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EQ25P98Q\flash_detector[1].js -> Worm.Graz : No action taken.
C:\Documents and Settings\mm\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EQ25P98Q\flash_detector[2].js -> Worm.Graz : No action taken.
C:\Documents and Settings\mm\Ustawienia lokalne\Temporary Internet Files\Content.IE5\G9S9MN0H\flash_detector[1].js -> Worm.Graz : No action taken.
marcin777 wyłącz i włącz przywracanie systemu, a z resztą AVG powinien sobie poradzić.
Otwórz notatnik i wklej w nim to:
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.
Zdecyduj się na jeden program antywirusowy, resztę należy usunąć
nie da sie odpalić notatnika bo całe menu start znikneło są puste foldery
i tak cały czas mi wykrywa “SpamTool.Win32.Agent.u”
zostanie usunięty podczas uruchamiania komputera: szkodliwe oprogramowanie SpamTool.Win32.Agent.u Plik: C:\WINDOWS\SYSTEM32\DRIVERS\NDIS.SYS DOM\DOM100$ localhost
usunięto: szkodliwe oprogramowanie SpamTool.Win32.Agent.u Plik: C:\cp1388.nls//PE_Patch.UPX//UPX DOM\DOM100$ localhost
"mm" - 2007-05-22 18:48:26 Dodatek Service Pack 2
Już jest Ok możesz
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa
Niestety to nic nie pomaga z kazdym uruchomieniem kompa robi sie to samo