Wittam.
Podczas startu windy wyskakuje okienko, w ktorym jest mowa o exploraspi.exe. To raczej wirus, podaje loga hjt dla pewnosci.
http://wklej.org/id/d70fe1a8f1
[wirus] Problem z wirem exploraspi.exe
Rozpoczęty przez
oskar93
, 14 03 2008 15:56
-
Temat jest zamknięty
3 odpowiedzi w tym temacie
#2
wncvirus
-
-
- 851 postów
Leń !
Napisano 14 03 2008 - 23:50
odpal hjt.Wybierz opcje do a system scan only.Zrobi Ci się log i zazancz kwadraty obok poniższych wpisów i daj fix.
# O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
# O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
# O1 - Hosts: <html>
# O1 - Hosts: <head>
# O1 - Hosts: <script LANGUAGE="JavaScript">
# O1 - Hosts: <!--
# O1 - Hosts: if (window != top)
# O1 - Hosts: top.location.href = location.href;
# O1 - Hosts: // -->
# O1 - Hosts: </script>
# O1 - Hosts: <title>Site Unavailable</title>
# O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
# O1 - Hosts: <style type="text/css">
# O1 - Hosts: body{text-align:center;}
# O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
# O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
# O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px sol
O4 - HKCU\..\Run: [Tok-Cirrhatus] "D:\Documents and Settings\Oskar\Ustawienia lokalne\Dane aplikacji\smss.exe"id #999999; height:27px;}
# O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
# O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
# O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
# O1 - Hosts: .bodywrap{display:block;height:470px;}
# O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
# O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
# O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
# O1 - Hosts: .adcnt td {text-align:left;}
# O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}
# O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
# O1 - Hosts: .ybadge img {margin-top:6px;}
# O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
# O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
# O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
# O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
# O1 - Hosts: </style>
# O1 - Hosts: </head>
# O1 - Hosts: <body>
# O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
# O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
# O1 - Hosts: <div id="maincnt">
# O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>
# O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>
# O1 - Hosts: </div></div>
# O1 - Hosts: <div class="bodywrap">
# O1 - Hosts: <div class="bodycnt">
# O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>
# O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>
# O1 - Hosts: <p>Are you the site owner?
# O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!
# O1 - Hosts: <a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p>
# O1 - Hosts: <p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>
# O1 - Hosts: </div>
# O1 - Hosts: <div class="adcnt">
# O1 - Hosts: <a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
# O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
# O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
# O1 - Hosts: <div class="adtable">
# O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br>
# O1 - Hosts: $25 Setup Waived</a></div>
# O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>
# O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>
# O1 - Hosts: </div>
# O1 - Hosts: <div class="adtable">
# O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
# O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
# O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>
# O1 - Hosts: </div>
# O1 - Hosts: <div class="adtable">
# O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>
# O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>
# O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
# O1 - Hosts: </div>
# O1 - Hosts: <div class="adtable">
# O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>
# O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
# O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>
# O1 - Hosts: </div>
# O1 - Hosts: <div class="ybadge">
# O1 - Hosts: Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>
# O1 - Hosts: <a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
# O1 - Hosts: </div>
# O1 - Hosts: </div>
# O1 - Hosts: </div>
# O1 - Hosts: <div class=ftr>
# O1 - Hosts: <hr size=1 width=100%>
# O1 - Hosts: Copyright ©
# O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>
# O1 - Hosts: <a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>
# O1 - Hosts: - <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>
# O1 - Hosts: - <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>
# O1 - Hosts: - <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>
# O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>
# O1 - Hosts: </div>
# O1 - Hosts: </div>
# O1 - Hosts: </body>
# O1 - Hosts: </html>
# O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
# O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1205428374&f=us-w68" ALT=1 WIDTH=1 HEIGHT=1>
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O4 - HKCU\..\Run: [Tok-Cirrhatus] "D:\Documents and Settings\Oskar\Ustawienia lokalne\Dane aplikacji\smss.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "D:\WINDOWS\ShellNew\bronstab.exe"
Po wykonaniu tego daj koniecznie loga z combofix'a.
# O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
# O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
# O1 - Hosts: <html>
# O1 - Hosts: <head>
# O1 - Hosts: <script LANGUAGE="JavaScript">
# O1 - Hosts: <!--
# O1 - Hosts: if (window != top)
# O1 - Hosts: top.location.href = location.href;
# O1 - Hosts: // -->
# O1 - Hosts: </script>
# O1 - Hosts: <title>Site Unavailable</title>
# O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
# O1 - Hosts: <style type="text/css">
# O1 - Hosts: body{text-align:center;}
# O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
# O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
# O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px sol
O4 - HKCU\..\Run: [Tok-Cirrhatus] "D:\Documents and Settings\Oskar\Ustawienia lokalne\Dane aplikacji\smss.exe"id #999999; height:27px;}
# O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
# O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
# O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
# O1 - Hosts: .bodywrap{display:block;height:470px;}
# O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
# O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
# O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
# O1 - Hosts: .adcnt td {text-align:left;}
# O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}
# O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
# O1 - Hosts: .ybadge img {margin-top:6px;}
# O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
# O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
# O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
# O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
# O1 - Hosts: </style>
# O1 - Hosts: </head>
# O1 - Hosts: <body>
# O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
# O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
# O1 - Hosts: <div id="maincnt">
# O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>
# O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>
# O1 - Hosts: </div></div>
# O1 - Hosts: <div class="bodywrap">
# O1 - Hosts: <div class="bodycnt">
# O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>
# O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>
# O1 - Hosts: <p>Are you the site owner?
# O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!
# O1 - Hosts: <a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p>
# O1 - Hosts: <p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>
# O1 - Hosts: </div>
# O1 - Hosts: <div class="adcnt">
# O1 - Hosts: <a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
# O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
# O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
# O1 - Hosts: <div class="adtable">
# O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br>
# O1 - Hosts: $25 Setup Waived</a></div>
# O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>
# O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>
# O1 - Hosts: </div>
# O1 - Hosts: <div class="adtable">
# O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
# O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
# O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>
# O1 - Hosts: </div>
# O1 - Hosts: <div class="adtable">
# O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>
# O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>
# O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
# O1 - Hosts: </div>
# O1 - Hosts: <div class="adtable">
# O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>
# O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
# O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>
# O1 - Hosts: </div>
# O1 - Hosts: <div class="ybadge">
# O1 - Hosts: Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>
# O1 - Hosts: <a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
# O1 - Hosts: </div>
# O1 - Hosts: </div>
# O1 - Hosts: </div>
# O1 - Hosts: <div class=ftr>
# O1 - Hosts: <hr size=1 width=100%>
# O1 - Hosts: Copyright ©
# O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>
# O1 - Hosts: <a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>
# O1 - Hosts: - <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>
# O1 - Hosts: - <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>
# O1 - Hosts: - <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>
# O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>
# O1 - Hosts: </div>
# O1 - Hosts: </div>
# O1 - Hosts: </body>
# O1 - Hosts: </html>
# O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
# O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1205428374&f=us-w68" ALT=1 WIDTH=1 HEIGHT=1>
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O4 - HKCU\..\Run: [Tok-Cirrhatus] "D:\Documents and Settings\Oskar\Ustawienia lokalne\Dane aplikacji\smss.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "D:\WINDOWS\ShellNew\bronstab.exe"
Po wykonaniu tego daj koniecznie loga z combofix'a.
#3
oskar93
-
-
- 678 postów
Banned
Napisano 15 03 2008 - 12:27
Ten wir to explorasi.exe ale zainstalowalem kasperskiego to usunal go i jeszcze kilka innych.
Mam jeszcze kilka problemow, w exploratorze windows Narzędziach nie ma opcji folderow tylko "odlacz dysk sieciowy" "mapuj dysk sieciowy" "synchronizuj". Oprocz tego nie moge dodać żadnego wpisu do rejestru bo wybija komunikat ze adminitrator wylaczyl edytowanie rejestru. Po trzecie nie moge wejs na dysk C i E, wywala komunikat "Odmowa dostępu", na dysk D wchodzę normalnie.
Załączm log z combofixa.
http://wklej.org/id/39120c9183
Mam jeszcze kilka problemow, w exploratorze windows Narzędziach nie ma opcji folderow tylko "odlacz dysk sieciowy" "mapuj dysk sieciowy" "synchronizuj". Oprocz tego nie moge dodać żadnego wpisu do rejestru bo wybija komunikat ze adminitrator wylaczyl edytowanie rejestru. Po trzecie nie moge wejs na dysk C i E, wywala komunikat "Odmowa dostępu", na dysk D wchodzę normalnie.
Załączm log z combofixa.
http://wklej.org/id/39120c9183
#4
ordynat
-
-
- 804 postów
Zaawansowany użytkownik
Napisano 15 03 2008 - 16:33
Trochę to dziwnie wygląda:
1)objawy wskazują, że masz infekcję z pendrive'a
2) ComboFix usunął trzy pliki infekcji z pendrive'a
3) w logu jest "D:\Recycled" będący folderem z infekcji z pendrive'a (to nie jest prawdziwy Kosz)
4) w logu jest klucz z "Autostart\ctfmon.exe" z infekcji z pendrive'a (nie mylić z "system32\ctfmon.exe")
5) nie ma natomiast klucza pendrive
Skąd więc infekcja? Czy komputer nie jest przypadkiem połączony z innym komputerem w domu?
Wklej do Notatnika:
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
ordynat
1)objawy wskazują, że masz infekcję z pendrive'a
2) ComboFix usunął trzy pliki infekcji z pendrive'a
3) w logu jest "D:\Recycled" będący folderem z infekcji z pendrive'a (to nie jest prawdziwy Kosz)
4) w logu jest klucz z "Autostart\ctfmon.exe" z infekcji z pendrive'a (nie mylić z "system32\ctfmon.exe")
5) nie ma natomiast klucza pendrive
Skąd więc infekcja? Czy komputer nie jest przypadkiem połączony z innym komputerem w domu?
Wklej do Notatnika:
File:: D:\Documents and Settings\Oskar\Menu Start\Programy\Autostart\ctfmon.exe Folder:: D:\Recycled Registry:: [-HKLM\~\startupfolder\D:^Documents and Settings^Oskar^Menu Start^Programy^Autostart^ctfmon.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bron-Spizaetus]>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
ordynat
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
