Virtumonde - niedoskasowania?

Palarax · 28 Marzec 2008 18:35

Witam …

Tak wiem szukałem na Google i na forum jak usunąć Virtumonde ba nawet jest parę tematów w dół podobny topic, ale “posiadam” jakąś trudną odmiane tego virusa . Na początku próbowałem HijackThis , ComboFix - nic nie daje … Następnie probowałem tego : http://www.bezpieczenstwosystemow.pl/in … opic=180.0 , ten jakby mogło sie zdawac “dream team” zdołał usunąć jedynie 2 wpisy … Skąd wiem ze mam wiecej ? Kiedy skanuje Spybot’em wyskakują mi 3 pliki Virtumonde.exe i 6 Virtumonde.dll (wczesniej zawsze mialem 8 .dll) niby klikam żeby je usunąć ,ale jak znowu zeskanuje komputer wyskakuje to samo ;/ Pomyślałem dobra format i … po formacie dalej to samo -.- . Nie chce już mi sie męczyć z tym virusem … Moze ktos ma jakies propozycje ???

Z góry będę bardzo wdzięczny …

Leon1 · 28 Marzec 2008 18:43

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Pobierz Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642 przeskanuj daj log

potem log HijackThis 2.02

Palarax · 28 Marzec 2008 19:06

ComboFix

ComboFix 08-03-27.1 - piotrek 2008-03-28 19:57:56.1 - NTFSx86


Running from: C:\Documents and Settings\piotrek\Pulpit\ComboFix.exe

 * Resident AV is active



[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [/b][/color]

.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\WINDOWS\BM4f4b3637.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\aqtinbng.ini

C:\WINDOWS\system32\fgjlm.ini

C:\WINDOWS\system32\fgjlm.ini2

C:\WINDOWS\system32\gnbnitqa.dll

C:\WINDOWS\System32\mljgf.dll

C:\WINDOWS\system32\olvvkxei.dll

C:\WINDOWS\system32\yybeg.ini

C:\WINDOWS\system32\yybeg.ini2


.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))

.


2008-03-28 18:59 . 2008-03-28 19:59	






[b]HijackThis[/b]

[code]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:05:21, on 2008-03-28 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\Program Files\kRk Software\GG Tools\GGT.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {241A3249-B6CB-4B94-BF0A-AB1E418410B7} - C:\WINDOWS\System32\gebyy.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {9AAB8E06-30C0-4812-8765-286E00DC46ED} - C:\WINDOWS\System32\vtsts.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [Orb] “C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background O4 - HKCU…\Run: [GG Tools] “C:\Program Files\kRk Software\GG Tools\GGT.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O20 - Winlogon Notify: nnnmjgf - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe – End of file - 4284 bytes

Leon1 · 28 Marzec 2008 19:52

otwórz notatnik i wklej

File:: C:\WINDOWS\system32\hqghumea.dll C:\WINDOWS\system32\yfhwwjww.ini C:\WINDOWS\system32\start0s.exe C:\WINDOWS\system32\pfvhbhqq.ini C:\WINDOWS\system32\tmp.exe C:\WINDOWS\system32\nnnmjgf.dll.vir Registry:: [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{241A3249-B6CB-4B94-BF0A-AB1E418410B7}] [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{29194DB8-CC9F-46A5-9D4A-A87674924675}] [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{87CADEB4-0FD4-4288-9EC3-AD7C14EDFC54}] [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{9AAB8E06-30C0-4812-8765-286E00DC46ED}] [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{A273B2F1-2A43-42E8-BCC8-FADF63D59054}] [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{D6F69BFC-F29A-40FF-B82F-01BA5EFE977E}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmjgf]

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

Palarax · 28 Marzec 2008 20:04

ComboFix 08-03-27.1 - piotrek 2008-03-28 21:01:00.2 - NTFSx86 Running from: C:\Documents and Settings\piotrek\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\piotrek\Pulpit\CFScript.txt * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED FILE :: C:\WINDOWS\system32\hqghumea.dll C:\WINDOWS\system32\nnnmjgf.dll.vir C:\WINDOWS\system32\pfvhbhqq.ini C:\WINDOWS\system32\start0s.exe C:\WINDOWS\system32\tmp.exe C:\WINDOWS\system32\yfhwwjww.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\hqghumea.dll C:\WINDOWS\system32\nnnmjgf.dll.vir C:\WINDOWS\system32\pfvhbhqq.ini C:\WINDOWS\system32\start0s.exe C:\WINDOWS\system32\tmp.exe C:\WINDOWS\system32\yfhwwjww.ini . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))) . 2008-03-28 18:59 . 2008-03-28 20:02 2008-03-28 18:59 . 2008-03-20 22:18 2008-03-28 18:59 . 2008-03-20 22:25 2008-03-28 18:59 . 2008-03-20 22:18 2008-03-28 18:59 . 2008-03-20 22:18 2008-03-28 18:59 . 2008-03-20 22:18 2008-03-28 18:59 . 2008-03-20 22:18 2008-03-28 15:33 . 2008-03-28 15:33 92,736 --------- C:\WINDOWS\system32\cdhiaksh.dll_old 2008-03-28 14:54 . 2008-03-28 14:54 2008-03-28 14:54 . 2008-03-28 14:55 2008-03-28 14:54 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe 2008-03-27 14:58 . 2008-03-28 16:14 324 --a------ C:\WINDOWS\wininit.ini 2008-03-27 14:14 . 2008-03-27 14:38 2008-03-27 14:10 . 2008-03-27 14:11 2008-03-27 14:00 . 2006-04-12 11:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-03-27 14:00 . 2006-04-12 11:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-03-27 13:56 . 2006-01-03 18:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll 2008-03-27 13:56 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll 2008-03-27 13:54 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-27 13:54 . 2001-08-17 21:53 13,824 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys 2008-03-27 13:04 . 2008-03-27 13:04 2008-03-26 17:04 . 2008-03-26 17:04 2008-03-26 16:38 . 2008-03-26 16:38 2008-03-26 16:36 . 2008-03-26 16:37 2008-03-26 16:34 . 2008-03-26 16:34 2008-03-26 16:33 . 2008-03-26 16:33 2008-03-26 16:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-03-26 16:32 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2008-03-26 16:32 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2008-03-26 16:32 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2008-03-26 16:32 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-03-26 16:32 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2008-03-26 16:32 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2008-03-26 16:30 . 2008-03-26 16:37 2008-03-26 15:58 . 2008-03-26 15:57 207,251 --------- C:\WINDOWS\hpoins11.dat.temp 2008-03-26 15:58 . 2006-05-05 11:57 11,634 --------- C:\WINDOWS\hpomdl11.dat.temp 2008-03-26 15:56 . 2008-03-27 14:10 120,340 --a------ C:\WINDOWS\hpoins11.dat 2008-03-26 15:51 . 2001-08-17 22:03 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-03-26 15:51 . 2001-08-17 22:03 24,960 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-03-26 15:51 . 2001-08-17 22:00 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-03-26 15:51 . 2001-08-17 22:00 24,832 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys 2008-03-25 08:44 . 2008-03-27 14:32 2008-03-24 21:23 . 2008-03-24 21:23 2008-03-24 21:23 . 2008-03-24 21:23 2008-03-24 21:22 . 2008-03-24 21:22 316,640 --a------ C:\WINDOWS\WMSysPr9.prx 2008-03-24 21:15 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-03-24 21:15 . 2007-03-08 00:51 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-03-24 21:15 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-03-24 21:15 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-03-24 21:14 . 2008-03-24 21:23 2008-03-24 21:14 . 2008-03-24 21:23 2008-03-24 20:54 . 2008-03-24 20:54 2008-03-24 19:07 . 2008-03-24 19:07 2008-03-24 17:59 . 2008-03-24 17:59 2008-03-24 17:59 . 2008-03-24 17:59 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-03-24 17:59 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-03-24 17:56 . 2008-03-24 17:56 2008-03-24 17:53 . 2008-03-24 17:58 2008-03-24 11:48 . 2008-03-24 11:48 70 --ah----- C:\aaw7boot.cmd 2008-03-23 22:38 . 2008-03-23 22:38 2008-03-23 20:11 . 2008-03-23 20:11 2008-03-22 21:56 . 2008-03-28 18:00 2008-03-22 21:30 . 2008-03-22 21:30 2008-03-22 21:30 . 2008-03-22 21:30 2008-03-22 21:30 . 2008-03-22 21:30 2008-03-22 21:29 . 2008-03-24 17:45 2008-03-22 20:15 . 2008-03-22 20:15 2008-03-22 15:18 . 2001-08-17 22:03 21,760 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2008-03-21 19:56 . 2008-03-27 17:46 2008-03-21 19:55 . 2008-03-21 19:55 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-20 22:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy 2008-03-20 21:50 --------- d-----w C:\Documents and Settings\piotrek\Dane aplikacji\Gadu-Gadu 2008-03-20 21:49 --------- d-----w C:\Program Files\Spybot - Search Destroy 2008-03-20 21:45 --------- d-----w C:\Program Files\Gadu-Gadu 2008-03-20 21:45 --------- d-----w C:\Program Files\ESET 2008-03-20 21:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET 2008-03-20 21:38 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-03-20 21:37 --------- d-----w C:\Program Files\Realtek Sound Manager 2008-03-20 21:37 --------- d-----w C:\Program Files\AvRack 2008-03-20 21:36 --------- d-----w C:\Program Files\Intel 2008-03-20 21:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-20 21:29 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-20 21:27 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((( snapshot@2008-03-28_20.02.24.82 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-28 18:14:08 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-28 19:02:37 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-03-28 18:14:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2008-03-28 19:02:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2008-03-28 18:14:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2008-03-28 19:02:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2008-03-20 21:35:41 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-28 19:02:21 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-20 21:35:41 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat + 2008-03-28 19:02:21 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat - 2008-03-20 21:35:41 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-28 19:02:21 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-03-20 21:35:41 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat + 2008-03-28 19:02:21 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 18:29 13312] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14 1077277] “NvMediaCenter”=“C:\WINDOWS\System32\NVMCTRAY.DLL” [2003-04-02 08:40 49152] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54 2131392] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488] “Orb”=“C:\Program Files\Winamp Remote\bin\OrbTray.exe” [2008-01-07 21:02 495616] “GG Tools”=“C:\Program Files\kRk Software\GG Tools\GGT.exe” [2007-09-17 15:25 1491968] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2001-10-26 18:29 13312] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - ALG *Newly Created Service* - IPNAT . Contents of the ‘Scheduled Tasks’ folder “2008-03-24 17:00:23 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 21:02:12 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-28 21:02:38 ComboFix-quarantined-files.txt 2008-03-28 20:02:29 ComboFix2.txt 2008-03-28 19:02:47 Pre-Run: 28,771,512,320 bajtów wolnych Post-Run: 28,760,412,160 bajtów wolnych

Leon1 · 28 Marzec 2008 20:13

te pliki

przeskanuj na http://virusscan.jotti.org/

Pobierz program SDFix

Palarax · 28 Marzec 2008 20:47

Tego drugiego pliku nie moglem znaleźć …

W pierwszym 4 antyiry wykryły virusa .

SDFix: Version 1.163 Run by piotrek on 2008-03-28 at 21:33 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 21:43:23 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden services & system hive … scanning hidden registry entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe” Mon 28 Jan 2008 5,146,448 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” Mon 28 Jan 2008 2,097,488 A.SHR — “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” Finished!

Leon1 · 29 Marzec 2008 15:06

usuń Unlockerem lub w trybie awaryjnym

usuń ręcznie folder C: \Qoobox

usuń instalkę Combofix z dysku.

Włącz przywracanie systemu

Palarax · 29 Marzec 2008 17:30

Usunąłem SpyBotem jak narzazie jest wszystko ok …

Dzieki

Gutek · 30 Marzec 2008 11:48

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350