Trojan Downloader.win32.Agent.bq

DeeDee18 · 10 Październik 2008 17:59

Wczoraj zaatakował mój komputertaki wirus Trojan Downloader.win32.Agent.bq Wyskakuje okienko z ZAPORY windows z nazwa tego wirusa a gdy klikne na to okienko otwiera sie strona z antywirami do kupienia oczywiscie Nie wiem co mam robic Na forum czytam o ComboFix-ie ale nie wiem czy uruchomic go w trybie awaryjnym czy zwyłym

Pomocy

djarta · 10 Październik 2008 18:00

Uruchom ComboFixa w normalnym.

=======================

K.

DeeDee18 · 10 Październik 2008 18:05

a później co dalej

djarta · 10 Październik 2008 18:07

Dajesz loga na forum, C:\ComboFix.txt.

====================

K.

DeeDee18 · 10 Październik 2008 18:20

nie potrafie pobrac Combofixa klikam Bezpieczeństwo i logi HijackThis dalej HijackThis, Silent Runners, Combofix i inne - Instrukcja i tam pod koniec jest Combofix klikam i nic

djarta · 10 Październik 2008 18:26

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

======================

K.

DeeDee18 · 10 Październik 2008 18:33

niestety ten adres sie nie otwiera

obojętne czy na niego kliknę czy skopiuję i wkleję na pasek otwiera sie pusta strona

Pfizer54 · 10 Październik 2008 18:55

Zainstaluj i skanuj http://dobreprogramy.pl/index.php?dz=2& … s+20.65.02

Leon1 · 10 Październik 2008 18:55

spróbuj http://subs.geekstogo.com/ComboFix.exe

DeeDee18 · 10 Październik 2008 19:07

niestety ten też nie działa a ten antywirus pomoze na mojego trojana ? muszę odinstalowac swojego antywira? obecnie mam AVG i jak do tej pory działał bez zarzutu

Chociaż nie mogę zrozumiec dlaczego nie moge zainstalowac tego Combofixa kiedys juz rozwiazywałam nim problem i było było wporzadku

DeeDee18 · 10 Październik 2008 19:09

oczywiście ten drugi to ten

Leon1 · 10 Październik 2008 19:13

Pobierz program SDFix

DeeDee18 · 10 Październik 2008 19:25

DeeDee18 · 10 Październik 2008 19:26

a może najpierw przeskanować tym programem do którego otrzymałam link???

Leon1 · 10 Październik 2008 19:27

więc przeskanuj Srengiem i daj log

DeeDee18 · 10 Październik 2008 19:36

podaję LOG ze Srenga

2008-10-10,21:32:30 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been selected: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Running Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <“C:\Program Files\Gadu-Gadu\gg.exe” /tray> [(Verified)Gadu-Gadu sp. z o.o.] <“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”> [Ahead Software AG] <“C:\Program Files\Ares\Ares.exe” -h> [Ares Development Group] [Nero AG / Nero Inc.] [] <\YUR6.exe> [File is missing] <\YURF.exe> [File is missing] <\YUR82.exe> [File is missing] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <“C:\Program Files\BearShare\BearShare.exe” /pause> [Free Peers, Inc.] [(Verified)AVG Technologies] <\YUR6.exe> [File is missing] <\YURF.exe> [File is missing] <\YUR82.exe> [File is missing] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{9A4F3DC7-E1ED-493B-ACC5-C5C00A53FAAF}> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [File is missing] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayYSMfd] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] [Sysinternals] ================================== Startup Folders [Remote Controller] C:\PROGRA~1\Prolink\PLAYTV~1\TVRMVCR.EXE [TelSignal Co., Ltd.]> [TVSCHL] C:\PROGRA~1\Prolink\PLAYTV~1\TVSCHL.EXE [TelSignal Co., Ltd.]> ================================== Services [Ares Chatroom server / AresChatServer][Stopped/Manual Start] [ASP.NET State Service / aspnet_state][Stopped/Manual Start] [AVG8 E-mail Scanner / avg8emc][Running/Auto Start] [AVG8 WatchDog / avg8wd][Running/Auto Start] [Google Updater Service / gusvc][Stopped/Manual Start] <“C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe”> [Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <“C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe”> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start] ================================== Drivers [aeaudio / aeaudio][Running/Manual Start] [ANVIOCTL / ANVIOCTL][Running/System Start] [asuskbnt / asuskbnt][Running/System Start] [AVG AVI Loader Driver x86 / AvgLdx86][Running/System Start] <\SystemRoot\System32\Drivers\avgldx86.sys> [AVG On-access Scanner Minifilter Driver x86 / AvgMfx86][Running/System Start] <\SystemRoot\System32\Drivers\avgmfx86.sys> [AVG8 Network Redirector / AvgTdiX][Running/Auto Start] <\SystemRoot\System32\Drivers\avgtdix.sys> [BtCap, WDM Video Capture / BT878][Running/Auto Start] [BtTuner, WDM TV Tuner / BTTUNER][Running/Auto Start] [BtXBar, WDM Crossbar / BTXBAR][Running/Auto Start] [catchme / catchme][Stopped/Manual Start] <??\C:\DOCUME~1\Rodzinka\USTAWI~1\Temp\catchme.sys> [DstAudio / DstAudio][Stopped/Manual Start] [DstVideo / DstVideo][Stopped/Manual Start] [EIO / EIO][Running/Auto Start] <??\C:\WINDOWS\system32\drivers\EIO.sys> [SEMC USB Flash Driver Filter / ggflt][Stopped/Manual Start] [SEMC USB Flash Driver / ggsemc][Stopped/Manual Start] [RCA USB Digital Cable Modem Driver / netrcacm][Running/Manual Start] [nv / nv][Running/Manual Start] [nVidia WDM Video Capture (universal) / nvcap][Running/Auto Start] [nVidia WDM TVTuner / nvTUNEP][Running/Auto Start] [nVidia WDM TVAudio Crossbar / nvtvSND][Running/Auto Start] [nVidia WDM A/V Crossbar / NVXBAR][Running/Auto Start] [Profos / Profos][Stopped/Manual Start] <??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys> [Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [smwdm / smwdm][Running/Manual Start] [Trufos / Trufos][Stopped/Manual Start] <??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys> ================================== Browser Add-ons [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [] {7bc374ed-7342-4f46-b227-7908dc4e53e7} [] {8C889CDB-C085-44DC-88F5-20F2D4C241A1} [] {9A4F3DC7-E1ED-493B-ACC5-C5C00A53FAAF} [AVG Security Toolbar] {A057A204-BACC-4D26-9990-79A187E2698E} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [&Badanie] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [] {37B85A29-692B-4205-9CAD-2626E4993404} <, > [AVG Security Toolbar] {A057A204-BACC-4D26-9990-79A187E2698E} [AccountTracking Profile Manager Class] {4E62C4DE-627D-4604-B157-4B7D6B09F02E} [] {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} <, > [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.5.0_04] {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [Java Plug-in 1.5.0_06] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [Java Plug-in 1.5.0_09] {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [Java Plug-in 1.5.0_10] {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [Java Plug-in 1.5.0_11] {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [] {02088C25-65C7-400B-B8EC-661051BA068B} <, > [] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, > [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <, > [AccountTracking Profile Manager Class] {4E62C4DE-627D-4604-B157-4B7D6B09F02E} [] {59B8E260-B7E6-49F1-8D4A-87C81815A105} <, > [] {66A5BAB9-F74A-43B6-B1EB-F0A692F71FCD} <, > [] {6F7D70CC-D99D-4C36-A049-647EEFA4A70B} <, > [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [] {7BC374ED-7342-4F46-B227-7908DC4E53E7} [] {8111C28D-BA23-4454-A837-9722972083B9} <, > [] {8C889CDB-C085-44DC-88F5-20F2D4C241A1} [] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, > [] {9A4F3DC7-E1ED-493B-ACC5-C5C00A53FAAF} [AVG Security Toolbar] {A057A204-BACC-4D26-9990-79A187E2698E} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Microsoft Silverlight] {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [E&ksport do programu Microsoft Excel] ================================== Running Processes [PID][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID][??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID][??\C:\WINDOWS\SYSTEM32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [SoundMAX, 1.2.3] [C] [N/A,] [PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [C] [N/A,] [PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [C] [N/A,] [C] [N/A,] [C] [N/A,] [C] [Adobe Systems, Inc., 7.0.0.0] [PID][C] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [C] [Microsoft Corporation, 11.3.1897.0] [C] [Microsoft Corporation, 11.3.1897.0] [PID][C] [AVG Technologies CZ, s.r.o., 8.0.0.145] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.151] [C] [AVG Technologies CZ, s.r.o., 8.0.0.170] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.173] [PID][C] [NVIDIA Corporation, 6.14.10.6693] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [NVIDIA Corporation, 6.14.10.6693] [PID][C] [Analog Devices, Inc., 3, 2, 6, 0] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [PID][C] [N/A,] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [AVG Technologies CZ, s.r.o., 8.0.0.172] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.170] [C] [AVG Technologies CZ, s.r.o., 8.0.0.173] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.152] [PID][C] [N/A,] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [Sysinternals, 3.2] [C] [SoundMAX, 1.2.3] [PID][C] [Nero AG / Nero Inc., 4.5.0.0] [C] [LEAD Technologies, Inc., 14.0.0.013] [C] [LEAD Technologies, Inc., 14.0.0.013] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [C] [Ahead Software AG, 1, 0, 0, 1] [C] [LEAD Technologies, Inc., 14.0.0.013] [C] [Nero AG / Nero Inc., 4.5.0.0] [C] [LEAD Technologies, Inc., 14.0.0.013] [PID][C] [N/A,] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [TelSignal Co., Ltd., 4.10] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [C] [,] [C] [TelSignal Co., Ltd., 5.07] [C] [Zoran Ltd., 2, 0, 3, 2] [C] [Philips Semiconductors, 2, 1, 4, 0] [PID][C] [TelSignal Co., Ltd., 5.08] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.153] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [PID][C] [AVG Technologies CZ, s.r.o., 8.0.0.159] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.164] [C] [AVG Technologies CZ, s.r.o., 8.0.0.170] [C] [AVG Technologies CZ, s.r.o., 8.0.0.173] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.153] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.152] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [SoundMAX, 1.2.3] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [C] [SoundMAX, 1.2.3] [PID][C] [Smallfrogs Studio, 2.6.12.1018] [C] [AVG Technologies CZ, s.r.o., 8.0.0.134] [C] [N/A,] [PID][C] [Smallfrogs Studio, 2.6.12.1018] [C] [SoundMAX, 1.2.3] [C] [Smallfrogs Studio, 2, 1, 0, 15] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe “%1”] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. [“C:\WINDOWS\hh.exe” %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe “%1” %*] .JS OK. [%SystemRoot%\System32\WScript.exe “%1” %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 www.drivecleaner.com ## added by CiD 127.0.0.1 www.errorprotector.com ## added by CiD 127.0.0.1 www.errorsafe.com ## added by CiD 127.0.0.1 www.systemdoctor.com ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD 127.0.0.1 www.win-virus-pro.com ## added by CiD 127.0.0.1 www.winantispam.com ## added by CiD 127.0.0.1 www.winantispy.com ## added by CiD 127.0.0.1 www.winantispyware.com ## added by CiD 127.0.0.1 www.winantivirus.com ## added by CiD 127.0.0.1 www.winantiviruspro.com ## added by CiD 127.0.0.1 www.windrivecleaner.com ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 www.winfixer2006.com ## added by CiD 127.0.0.1 www.winsoftware.com ## added by CiD ================================== Process Privileges Scan Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1684, C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\DMZIRAFU\HOBWLWDY.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1748, C:\WINDOWS\SYSTEM32\LPHCL90J0E39J.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1796, C:\PROGRA~1\NERO\NEROPH~1\DATA\XTRAS\MSSYSMGR.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1824, C:\WINDOWS\SYSTEM32\JGBKVMBG.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1900, C:\PROGRAM FILES\PROLINK\PLAYTV PRO\TVRMVCR.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\PROLINK\PLAYTV PRO\TVSCHL.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2444, C:\DOCUMENTS AND SETTINGS\RODZINKA\PULPIT\SRENGLDR.EXE] ================================== API HOOK N/A ================================== Hidden Process N/A ==================================

Leon1 · 10 Październik 2008 20:01

Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum

kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Otwórz notatnik i wklej

Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] “cfgen”=- “\YUR6.exe”=- “\YURF.exe”=- “\YUR82.exe”=- “ProcActSet”=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] “\YUR6.exe”=- “\YURF.exe”=- “\YUR82.exe”=- “lphcl90j0e39j”=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] “Wpo4phvhaN”=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] “AppInit_DLLs”=- “AppInit_DLLs”="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{9A4F3DC7-E1ED-493B-ACC5-C5C00A53FAAF}”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “cmdstr”=- “UtilAplSh”=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayYSMfd]

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

uruchom System Repair Engineer zakładka Boot Items Services Drivers odszukaj i usuń

uruchom System Repair Engineer zakładka System Repair Browser Add-ons odszukaj i usuń

Potem nowy log Srenga

DeeDee18 · 10 Październik 2008 20:14

Niestety nie działa The Avenger nie moge go pobrać

DeeDee18 · 10 Październik 2008 20:27

A jakby tego było mało to teraz na pulpicie pojawiło sie duże okno z napisemWARING SPYWAREDETECTED ON YOUR COMPUTER WARING! Win32\Adware.Virtumonde Detected on your computer

WARING! Win32\PrivacyRemover.M64 Detected on your computer

Niestety coś czuje że już po mnie i bez formatowania sie nie obejdzie

DeeDee18 · 10 Październik 2008 20:40

ok na dzisiaj koniec nie zadręczam się tym ide soać jutro będę sie z tym meczyć dalej