Live Safety Center i Online Security Guide


(Sullukz2) #1

witam, pomocy!

na pulpicie tworzą mi sie ikony: Live Safety Center i Online Security Guide

ciągle pojawia mi sie taki komunikat lub inne ale tego samego typu:

Security Alert:

Spywere found

Trojan-Spy.win32@mx

Networm-i.Virus@fp

Malware threats

Warning

Pojawiają się strony internetowe w IE

oto log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:18:37, on 2007-11-15

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

E:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\V0230Mon.exe

C:\WINDOWS\Fonts\svchost.exe

C:\WINDOWS\Fonts\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

E:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\rMa18yy\rMa18yy2328.exe

C:\WINDOWS\17PHolmes1188.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ffyzsgct.dll

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM..\Run: [AVFX Engine] E:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe

O4 - HKLM..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O4 - HKLM..\Run: [58dd559a] rundll32.exe "C:\WINDOWS\system32\lhecbatg.dll",b

O4 - HKLM..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO

O4 - HKLM..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [LClock] C:\Program Files\LClock\lclock.exe

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [Creative Live! Cam Manager] E:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ ... /CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip..{B65CAFD8-22D9-46FA-9E51-E078AD664A76}: NameServer = 194.204.159.1,194.204.152.34

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Google\Google Desktop Search\Plugins\gdSkype\skype4com.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

--

End of file - 7341 bytes


(Gutek) #2

Na początek

Pobierz program SDFix

-


(Sullukz2) #3

SDFix: Version 1.114

Run by Luk on 2007-11-15 at 21:08

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

Trojan Files Found:

C:\X.DAT - Deleted

C:\Z.DAT - Deleted

C:\Documents and Settings\Luk\x.dat - Deleted

C:\Documents and Settings\Luk\z.dat - Deleted

C:\Documents and Settings\Luk\f.exe - Deleted

C:\n.bat - Deleted

C:\winlogon.exe - Deleted

C:\WINDOWS\Fonts\Crack.exe - Deleted

C:\WINDOWS\Fonts\svchost.exe - Deleted

C:\WINDOWS\mrofinu1188.exe - Deleted

Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-15 21:18:09

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:e46a328a

"s2"=dword:dd964871

"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:76,d6,25,55,40,1e,0e,79,1d,2b,a2,28,c2,b6,62,f3,27,84,f7,b1,7e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000001

"khjeh"=hex:5a,21,6f,09,85,98,85,79,72,a6,bf,c1,c0,22,9b,42,9f,db,b4,00,d2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,04,53,47,55,f5,a1,f1,0d,f4,87,04,b5,b8,e9,ed,b1,8a,..

"khjeh"=hex:d5,86,2a,07,a8,45,36,d9,58,2e,9f,ee,37,ce,af,d3,03,64,b9,e1,4b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:f3,88,2b,28,bd,1c,7f,2d,8a,c5,30,84,e0,0f,22,15,bd,f8,90,87,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:7a,7e,e3,49,bb,1c,87,76,a6,48,5b,74,cb,9d,61,fa,a2,4e,38,36,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:64,a3,fc,d1,14,9e,09,a3,1d,a0,4b,54,9a,08,85,90,33,2b,d4,7f,5c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:b2,aa,d3,af,84,1b,14,8c,ce,43,7f,3b,5f,1f,7b,3c,a8,a9,36,e2,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:76,d6,25,55,40,1e,0e,79,1d,2b,a2,28,c2,b6,62,f3,27,84,f7,b1,7e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000001

"khjeh"=hex:5a,21,6f,09,85,98,85,79,72,a6,bf,c1,c0,22,9b,42,9f,db,b4,00,d2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,04,53,47,55,f5,a1,f1,0d,f4,87,04,b5,b8,e9,ed,b1,8a,..

"khjeh"=hex:d5,86,2a,07,a8,45,36,d9,58,2e,9f,ee,37,ce,af,d3,03,64,b9,e1,4b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:f3,88,2b,28,bd,1c,7f,2d,8a,c5,30,84,e0,0f,22,15,bd,f8,90,87,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:7a,7e,e3,49,bb,1c,87,76,a6,48,5b,74,cb,9d,61,fa,a2,4e,38,36,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:64,a3,fc,d1,14,9e,09,a3,1d,a0,4b,54,9a,08,85,90,33,2b,d4,7f,5c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:b2,aa,d3,af,84,1b,14,8c,ce,43,7f,3b,5f,1f,7b,3c,a8,a9,36,e2,0a,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 4 Aug 2004 60,928 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"

Tue 16 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"

Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"

Wed 4 Aug 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"

Thu 15 Nov 2007 20,810 ..SH. --- "C:\WINDOWS\system32\ffyzsgct.dllbox"

Sun 29 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Mon 22 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"

Fri 19 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"

Fri 19 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"

Tue 20 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"

Tue 23 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"

Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"

Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"

Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"

Mon 2 Dec 2002 431,616 ...HR --- "C:\WINDOWS\system32\Tools\Restart.exe"

Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"

Thu 15 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Luk\Ustawienia lokalne\Temp\ico3.tmp"

Thu 15 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Luk\Ustawienia lokalne\Temp\ico4.tmp"

Thu 15 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Luk\Ustawienia lokalne\Temp\ico5.tmp"

Thu 15 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Luk\Ustawienia lokalne\Temp\ico6.tmp"

Thu 15 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Luk\Ustawienia lokalne\Temp\ico7.tmp"

Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1738c621b33e51e95e7a1d6339d42049\BIT5.tmp"

Fri 10 Mar 2006 176,640 A..H. --- "C:\Documents and Settings\Luk\Pulpit\PM\WWPP\5276 Biskupice\5276 PRZEPOMPOWNIA —CIEKŕW\~WRL1362.tmp"

Mon 4 Jun 2007 188,416 A..H. --- "C:\Documents and Settings\Luk\Pulpit\PM\WWPP\5276 Biskupice\5276 RAFLATAC\~WRL2862.tmp"

Fri 10 Mar 2006 176,640 A..H. --- "C:\Documents and Settings\Luk\Pulpit\PM\WWPP\5276 Biskupice\5276 zasilanie szafy telekomunikacyjnej\~WRL1362.tmp"

Mon 5 Feb 2007 262,144 A..H. --- "C:\Documents and Settings\Luk\Pulpit\PM\WWPP\5276 Biskupice\wp 5276 Dialog, Centertel\~WRL1748.tmp"

Thu 2 Mar 2006 190,464 A..H. --- "C:\Documents and Settings\Luk\Pulpit\PM\WWPP\5276 Biskupice\5276 LG INNOTEK\zasilanie zakadu - etap I\~WRL3000.tmp"

Wed 14 Dec 2005 179,712 A..H. --- "C:\Documents and Settings\Luk\Pulpit\PM\WWPP\5276 Biskupice\5276 LG INNOTEK\zasilanie zakadu - etap I\~WRL3230.tmp"

Fri 30 Dec 2005 199,168 A..H. --- "C:\Documents and Settings\Luk\Pulpit\PM\WWPP\5276 Biskupice\5276 LUCKY SMT\plac budowy\~WRL1614.tmp"

Thu 2 Mar 2006 190,464 A..H. --- "C:\Documents and Settings\Luk\Pulpit\PM\WWPP\5276 Biskupice\5276 LUCKY SMT\zasilanie zakadu - etap I\~WRL3000.tmp"

Wed 14 Dec 2005 179,712 A..H. --- "C:\Documents and Settings\Luk\Pulpit\PM\WWPP\5276 Biskupice\5276 LUCKY SMT\zasilanie zakadu - etap I\~WRL3230.tmp"

Finished!


(Gutek) #4

Daj log z ComboFix

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

Użyj ATF-Cleaner i oczyść TEMP - http://www.atribune.org/ccount/click.php?id=1


(Sullukz2) #5

Użyłem ATF - bez zmian oto log:


(Gutek) #6

Wklej do Notatnika:

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Po tym nowy log z Combo, ale jeszcze przed nowym logiem:

Wklej do Notatnika:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Authentication Packages"=-

"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\

  00

Z menu Notatnika Plik Zapisz jako Ustaw rozszerzenie na "Wszystkie pliki" Zapisz jako FIX.REG uruchom ten plik (dwuklik).


(Sullukz2) #7

Zrobiłem tak i te ikonki zniknęły, potem "przejechałem" jeszcze programem Spyware Doctor 5.1 i znalazł i usunął 2 trojany. Dzięki za pomoc! :o


(Gutek) #8

Wklej do Notatnika:

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Po tym nowy log z Combo