Koń trojański prosze o pomoc


(Tropek22) #1


Logfile of HijackThis v1.99.1

Scan saved at 20:58:18, on 2008-10-30

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Applications\wcs.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Documents and Settings\Tomek\32832.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\UAService7.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\neostrada tp\neostradatp.exe

C:\Program Files\neostrada tp\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Toaster.exe

C:\PROGRA~1\NEOSTR~1\Inactivity.exe

C:\PROGRA~1\NEOSTR~1\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\neostrada tp\Watch.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\WINDOWS\System32\~.exe

C:\Program Files\BitComet\BitComet.exe

E:\torenty\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [b8f54369] rundll32.exe "C:\WINDOWS\System32\ctqtypqx.dll",b

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU..\Run: [sService] C:\Documents and Settings\Tomek\32832.exe

O4 - Startup: userinit.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7939768859

O17 - HKLM\System\CCS\Services\Tcpip..{2ACE0F1E-00A4-49D6-BE68-08262888BDC0}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS2\Services\Tcpip..{2ACE0F1E-00A4-49D6-BE68-08262888BDC0}: NameServer = 194.204.159.1 217.98.63.164

O20 - AppInit_DLLs: mfzogj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe


(Spandau) #2

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj tylko linka


(Tropek22) #3

ComboFix 08-10-30.13 - Tomek 2008-10-31 18:30:13.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.559 [GMT 1:00]

Uruchomiony z: E:\torenty\ComboFix.exe

Użyto następujących komend :: E:\torenty\CFScript.txt

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

FILE ::

C:\Documents and Settings\Tomek\32832.exe

C:\Program Files\Applications\wcs.exe

C:\WINDOWS\System32\~.exe

C:\WINDOWS\System32\ctqtypqx.dll

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Tomek\svchost.exe

C:\Program Files\Applications

C:\Program Files\Applications\wcs.exe

C:\Program Files\Applications\wcu.exe

C:\WINDOWS\IE4 Error Log.txt

C:\WINDOWS\System32\~.exe

C:\WINDOWS\system32\alrsmoda.dll

C:\WINDOWS\system32\amatdece.dll

C:\WINDOWS\system32\bjfyyrxo.dll

C:\WINDOWS\system32\cmlbkifx.ini

C:\WINDOWS\System32\ctqtypqx.dll

C:\WINDOWS\system32\drivers\services.exe

C:\WINDOWS\system32\ecedtama.ini

C:\WINDOWS\system32\fccdCTNh.dll

C:\WINDOWS\system32\irhvfsul.dll

C:\WINDOWS\system32\jkkHbCVN.dll

C:\WINDOWS\system32\kr_done1

C:\WINDOWS\system32\nsbaet.dll

C:\WINDOWS\system32\ppWvvyxx.ini

C:\WINDOWS\system32\ppWvvyxx.ini2

C:\WINDOWS\system32\xqpytqtc.ini

C:\WINDOWS\system32\xxyvvWpp.dll

C:\WINDOWS\system32\xzwimw.dll

.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-31 )))))))))))))))))))))))))))))))

.

2008-10-30 20:52 . 2008-10-30 20:52 18,944 --a------ C:\MHr.exe

2008-10-30 20:52 . 2008-10-30 20:52 18,944 --a------ C:\Documents and Settings\All Users\mo3TK.exe

2008-09-28 18:53 . 2008-09-28 18:53

2008-09-08 15:41 . 2008-09-08 15:41 3,569,152 --a------ C:\WINDOWS\system32\libavcodec.dll

2008-09-08 15:41 . 2008-09-08 15:41 2,490,368 --a------ C:\WINDOWS\system32\ffdshow.ax

2008-09-08 15:39 . 2008-09-08 15:39 2,041,363 --a------ C:\WINDOWS\system32\x264vfw.dll

2008-09-08 15:38 . 2008-09-08 15:38

2008-09-03 17:05 . 2008-09-07 16:16

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-31 16:30 --------- d-----w C:\Program Files\neostrada tp

2008-10-12 13:21 --------- d-----w C:\Program Files\BitComet

2008-09-28 17:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-08 14:42 258,048 ----a-w C:\WINDOWS\system32\libFLAC.dll

2008-09-08 14:41 892,928 ----a-w C:\WINDOWS\system32\iconv.dll

2008-09-08 14:41 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-09-08 14:41 119,296 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll

2008-09-08 14:39 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll

2008-09-08 14:39 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll

2008-09-08 14:39 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-09-08 14:39 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll

2008-09-08 14:39 163,840 ----a-w C:\WINDOWS\system32\ts.dll

2008-09-08 14:39 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll

2008-09-08 14:39 159,744 ----a-w C:\WINDOWS\system32\mmfinfo.dll

2008-09-08 14:39 148,992 ----a-w C:\WINDOWS\system32\mkx.dll

2008-09-08 14:39 141,312 ----a-w C:\WINDOWS\system32\mp4.dll

2008-09-08 14:39 120,832 ----a-w C:\WINDOWS\system32\ogm.dll

2008-09-08 14:39 108,032 ----a-w C:\WINDOWS\system32\avi.dll

2008-09-07 14:35 --------- d-----w C:\Program Files\SopCast

2007-12-19 16:46 77,824 ----a-w C:\Program Files\LFS_restart.exe

2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

2007-10-09 16:23 56 --sh--r C:\WINDOWS\system32\CD0CE156F6.sys

2007-10-09 16:23 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-17 68856]

"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 6338360]

"Octoshape Streaming Services"="C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 156944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-12 8429568]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 13312]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2001-10-26 C:\WINDOWS\system32\narrator.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-12-23 17:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]

--------- 2007-12-18 13:20 401408 C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]

-r------- 2006-10-30 13:44 1953792 C:\WINDOWS\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2006-10-30 13:44 36864 C:\WINDOWS\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 21:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-12 22:44 8429568 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-12 22:44 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 14:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--------- 2006-07-13 06:12 729088 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-ra------ 2006-12-18 14:34 868352 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 03:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-11-17 14:00 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]

--------- 2004-10-14 15:55 32768 C:\PROGRA~1\NEOSTR~1\GestMAJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]

--------- 2004-08-23 13:49 20480 C:\PROGRA~1\NEOSTR~1\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-12 22:44 1626112 C:\WINDOWS\system32\nwiz.exe

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-07-19 78416]

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [2006-09-19 116992]

S0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\System32\Drivers\OCDE.sys []

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-09-15 64000]

.

  • USUNIĘTO PUSTE WPISY - - - -

BHO-{5BAE5DB8-3716-4F69-82C8-F604C68C4B03} - C:\WINDOWS\System32\xxyvvWpp.dll

BHO-{ED1340BB-D0A2-4DAE-A41A-397765A1225A} - C:\WINDOWS\System32\fccdCTNh.dll

BHO-{fa9b0ddd-8bd7-48f2-b5c5-a25a05a12708} - C:\WINDOWS\System32\xzwimw.dll

HKLM-Explorer_Run-QuickTimeTask - C:\Program Files\Applications\wcs.exe

ShellExecuteHooks-{ED1340BB-D0A2-4DAE-A41A-397765A1225A} - C:\WINDOWS\System32\fccdCTNh.dll

MSConfigStartUp-ares - C:\Program Files\Ares\Ares.exe

MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

MSConfigStartUp-Orb - C:\Program Files\Winamp Remote\bin\OrbTray.exe

MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-31 18:34:34

Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\WINDOWS\system32\FTRTSVC.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

.

**************************************************************************

.

Czas ukończenia: 2008-10-31 18:36:05 - komputer został uruchomiony ponownie [Tomek]

ComboFix-quarantined-files.txt 2008-10-31 17:36:03

Przed: 70 230 482 944 bajtów wolnych

Po: 70,549,467,136 bajtów wolnych

172


(Kambor4) #4

Sprawdź go na --> http://virusscan.jotti.org/

albo na http://www.virustotal.com/en/indexf.html.

Znasz to?

==============

K.


(Tropek22) #5

Scanner Malware name

A-Squared Trojan-Spy.Win32.Banbra.df!IK

AntiVir X

ArcaVir X

Avast X

AVG Antivirus X

BitDefender X

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

G DATA X

Ikarus Trojan-Spy.Win32.Banbra.df

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 X

wyszło coś takiego


(Kambor4) #6

Czysto.

Usuń ręcznie folder C:**** Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj tym: Dr.WEB CureIt! .

===============

K.


(Gutek) #7

Aby już być pewnym, że to nie syf, że już czysto:

Proszę pobrać i użyć Malwarebytes' Anti-Malware

Wciskamy Skanuj , wybieramy dyski do skanowania i Rozpoczynamy skanowanie , na końcu wciskamy Usuń zaznaczone jak będą i Ok  :wink:

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052