Dodaj do ulubionych

Prośba o sprawdzenie loga

IP: *.lodz.mm.pl 16.10.05, 13:40
Logfile of HijackThis v1.99.1
Scan saved at 13:39:24, on 2005-10-16
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dwwin.exe
C:\Documents and Settings\ASA\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
C:\WINDOWS\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
C:\WINDOWS\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
C:\WINDOWS\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
C:\WINDOWS\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {C1A67390-EC9B-489F-9788-4E45A46C1817} -
C:\WINDOWS\adsldpbc.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Creative Launcher] C:\Program
Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [gcasServ] "D:\Programy z netu\gcasServ.exe"
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [ms_anti_spywarebxp] C:\WINDOWS\mwfirebpx.exe
O4 - HKLM\..\RunOnce: [ms_anti_spywarebxp] C:\WINDOWS\mwfirebpx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows installer] drwatson32.exe -run C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [ms_anti_spywarebxp] C:\WINDOWS\mwfirebpx.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.coolwebsearch.com
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
O20 - Winlogon Notify: avpu32 - C:\WINDOWS\SYSTEM32\avpu32.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q1680826.dll
O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll
O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} -
C:\WINDOWS\System32\oenjkjhj.dll (file missing)
O21 - SSODL: SysTray.Exsh - {1768ECFC-4F5C-4f5b-B134-D67294FC78E9} -
C:\WINDOWS\System32\qjohfnmm.dll (file missing)
O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} -
C:\WINDOWS\System32\qdllbgpe.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} -
C:\WINDOWS\System32\Cpfajeii.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe

Obserwuj wątek
    • Gość: Kolobos Re: Prośba o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 16.10.05, 14:13
      W menadzerze zadan zakoncz te procesy:
      C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
      C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
      C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe

      Sciagnij i uruchom sobie to:
      www.kellys-korner-xp.com/regs_edits/exefix.reg
      W hijackthis usun:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      C:\WINDOWS\secure32.html <- usun to co jest podane tutaj:
      wirusy.antivirenkit.pl/pl/opis/Trojan.Win32.StartPage.bm.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      C:\WINDOWS\secure32.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      C:\WINDOWS\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      C:\WINDOWS\secure32.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      C:\WINDOWS\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      C:\WINDOWS\secure32.html
      O2 - BHO: C:\WINDOWS\adsldpbc.dll - {C1A67390-EC9B-489F-9788-4E45A46C1817} -
      C:\WINDOWS\adsldpbc.dll (file missing)
      O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe <- opis
      usuwania tutaj:
      securityresponse.symantec.com/avcenter/venc/data/trojan.repsamo.html
      O4 - HKLM\..\Run: [combop.exe] combop.exe <- usun plik
      O4 - HKLM\..\Run: [combo.exe] combo.exe <- usun plik
      O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe <- usun plik
      O4 - HKLM\..\Run: [ms_anti_spywarebxp] C:\WINDOWS\mwfirebpx.exe <- usun plik
      O4 - HKLM\..\RunOnce: [ms_anti_spywarebxp] C:\WINDOWS\mwfirebpx.exe
      O4 - HKCU\..\Run: [Windows installer] drwatson32.exe -run C:\winstall.exe <-
      usun wininstall.exe
      O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe <- usun plik
      O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
      O4 - HKCU\..\Run: [ms_anti_spywarebxp] C:\WINDOWS\mwfirebpx.exe
      O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe <- usun plik

      Tapete tez Ci zepsulo?
      www.searchengines.pl/phpbb203/index.php?showtopic=31936

      O15 - Trusted Zone: *.coolwebsearch.com
      O20 - Winlogon Notify: avpu32 - C:\WINDOWS\SYSTEM32\avpu32.dll <- usun to co
      masz podane tutaj:
      wirusy.antivirenkit.pl/pl/opis/Backdoor.Win32.Haxdoor.ej.html pliki i
      wpisy w rejestrze, pliki kasujesz przy pomocy killbox (znajdziesz na google) z
      opcja delete on reboot.
      O20 - Winlogon Notify: style32 - C:\WINDOWS\q1680826.dll <- usun plik
      O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll <- usuwasz to co
      masz podane tutaj:
      www.sophos.com/virusinfo/analyses/trojhaxdoorag.html
      O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} -
      C:\WINDOWS\System32\oenjkjhj.dll (file missing)
      O21 - SSODL: SysTray.Exsh - {1768ECFC-4F5C-4f5b-B134-D67294FC78E9} -
      C:\WINDOWS\System32\qjohfnmm.dll (file missing)
      O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} -
      C:\WINDOWS\System32\qdllbgpe.dll (file missing)
      O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} -
      C:\WINDOWS\System32\Cpfajeii.dll (file missing)

      W razie pytan uzyj szukaj wpisujac nazwe pliku czy cos bo mi sie nie chce pisac
      tego samego sto razy, codziennie pare identycznych logow, jak zwykle mdms.exe
      oraz avpu32.dll i reszta.

      Na koniec skan tym:
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
      download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
      przeskanowaniu odinstaluj.
      Zamknij porty tym:
      www.firewallleaktester.com/tools/wwdc.exe
      Po wszystkim wklej nowy log.
      • Gość: Fazi Re: Prośba o sprawdzenie loga IP: *.lodz.mm.pl 16.10.05, 15:35
        Logfile of HijackThis v1.99.1
        Scan saved at 15:31:03, on 2005-10-16
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Documents and Settings\ASA\Pulpit\hijackthis\HijackThis.exe
        C:\WINDOWS\System32\dwwin.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
        c:\program files\google\googletoolbar1.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
        files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [Creative Launcher] C:\Program
        Files\Creative\Launcher\CTLauncher.EXE
        O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
        O4 - HKLM\..\Run: [gcasServ] "D:\Programy z netu\gcasServ.exe"
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O8 - Extra context menu item: &Google Search - res://c:\program
        files\google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &Translate English Word - res://c:\program
        files\google\GoogleToolbar1.dll/cmwordtrans.html
        O8 - Extra context menu item: Backward Links - res://c:\program
        files\google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
        files\google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program
        files\google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Translate Page into English - res://c:\program
        files\google\GoogleToolbar1.dll/cmtrans.html
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
        toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
        O20 - Winlogon Notify: avpu32 - C:\WINDOWS\SYSTEM32\avpu32.dll
        O20 - Winlogon Notify: style32 - C:\WINDOWS\q1680826.dll
        O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll
        O23 - Service: ewido security suite control - ewido networks - C:\Program
        Files\ewido\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program
        Files\ewido\security suite\ewidoguard.exe
        O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe

        Pytanie dodatkowe: nie mam zadnych ikon na pulpicie, komputer wciaz chce
        wysylac info o błędach do Microsoft...co teraz wielkie dzieki dla Ciebie
          • Gość: next Re: Prośba o sprawdzenie loga IP: *.lodz.mm.pl 16.10.05, 16:38
            Logfile of HijackThis v1.99.1
            Scan saved at 16:33:00, on 2005-10-16
            Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\csrss.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\dwwin.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Documents and Settings\ASA\Pulpit\hijackthis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
            c:\program files\google\googletoolbar1.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
            files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [Creative Launcher] C:\Program
            Files\Creative\Launcher\CTLauncher.EXE
            O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
            O4 - HKLM\..\Run: [gcasServ] "D:\Programy z netu\gcasServ.exe"
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O8 - Extra context menu item: &Google Search - res://c:\program
            files\google\GoogleToolbar1.dll/cmsearch.html
            O8 - Extra context menu item: &Translate English Word - res://c:\program
            files\google\GoogleToolbar1.dll/cmwordtrans.html
            O8 - Extra context menu item: Backward Links - res://c:\program
            files\google\GoogleToolbar1.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
            files\google\GoogleToolbar1.dll/cmcache.html
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O8 - Extra context menu item: Similar Pages - res://c:\program
            files\google\GoogleToolbar1.dll/cmsimilar.html
            O8 - Extra context menu item: Translate Page into English - res://c:\program
            files\google\GoogleToolbar1.dll/cmtrans.html
            O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
            C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\MSMSGS.EXE
            O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
            00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O15 - Trusted Zone: *.coolwebsearch.com
            O15 - Trusted Zone: *.searchmeup.com
            O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
            toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
            O20 - Winlogon Notify: avpu32 - C:\WINDOWS\SYSTEM32\avpu32.dll
            O20 - Winlogon Notify: style32 - C:\WINDOWS\q1680826.dll
            O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll
            O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
            C:\WINDOWS\System32\nvsvc32.exe


            Trzy elementy zaczynające sie na O20 nie chca sie usunąć po scanie (Fix Checked)
            w HJ, probowalem tez killboxem i tez nic ciagle są. Wywaliłem co wskazałeś nie
            wiem co począc teraz. Nadal po uruchomieniu kompa mam pusty ekran z tapeta bez
            ikon, kiedy wchodze w tryb awaryjny wciaz mam info o wyslaniu komunikatu o
            bledach do microsoftu. Co dalej z gory wielkie dzieki ...
            • Gość: Kolobos Re: Prośba o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 16.10.05, 16:48
              I po co wklejasz ten log? Jakbys wszystko zrobil wlasciwie to by ich nie bylo
              ale nie zrobiles wiec sa.
              Napisz Ci to tylko raz:

              -> tcpG4T.dll <-

              W killbox'sie zaznacz delete file on reboot i dodajesz po jednym te pliki:
              msudp4.sys
              tcpG4T.dll
              znaujdujace sie w katalogu systemowym.
              Po resecie usuwasz ta galaz rejestru:
              HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T
              oraz:
              HKLM\SYSTEM\CurrentControlSet\Services\msudp4\

              -> avpu32.dll <-

              Dodajesz do killboxa te pliki:
              avpu32.dll
              avpu64.sys
              qz.sys
              qz.dll
              qy.sys
              klgcptini.dat
              stt82.ini

              Po resecie usuwasz z rejestru:
              Niektóre pliki i wpisy w rejestrze mogą nie być widoczne w normalnym trybie
              Windows, gdyż trojan je ukrywa przed wyświetlaniem.

              2. By uruchamiać się z każdym startem Windows, w rejestrze tworzy klucz o
              nazwie "avpu32" w lokalizacji:

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
              "secureUID"
              "secureTIME"
              "DllName" = "avpu32.dll"
              "Startup" = "MmAllocMap"
              "Impersonate" = "1"
              "MaxWait" = "1"
              "Asynchronous" = "1"

              oraz:
              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avpu32
              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avpu64
              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avpu32
              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avpu64
              HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avpu32.sys
              HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avpu64
              oraz w:
              HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\SessionManager\Memory
              Management
              usuwasz:
              "EnforceWriteProtection" = "0"


              Co do tego: q1680826.dll to usuwasz plik killbox'em i wpis w hijackthis lub w
              rejestrze jak chcesz.

              Wylaczyles Active Desktop tak jak pisalem? Pewnie nie...
              Link do naprawy tapet po trojanach tez Ci podalem ale nie zobaczysz go jezeli
              nie usuniesz trojanow.
              To tyle z mojej strony, napisalem Ci juz wszystko.Watek uwazam za zakonczony.

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka