... Fara sfarsit de căutare şi Firefox prost ...

**Nikronius** · #1 5 ianuarie 2008, 10:26

Ei bine, nu am mai vazut asta înainte, dar, ori de câte ori i click pe butonul de căutare de la ferestre şi să facă orice căutare Continuând "căutarea" pentru fişiere, chiar dacă i clic pe butonul de oprire, nu sunt sigur dacă este un virus, dar de fapt mă deranjează pentru că dacă vreau să caute un alt fisier apoi i-au pentru a închide această fereastră şi a deschis-o din nou ...

Un alt lucru care continuă să mă deranjează este că, atunci când sunt în Firefox de exemplu, în cazul în im uitam la un video pe YouTube in full screen merge la mic ecran în anumită perioadă de timp de peste si peste din nou sau in cazul in care ma tastând ceva, de ceva misterios motiv I cant mai tip, cum ar fi dacă am selectat-o altă fereastră sau ceva de genul asta ... atunci trebuie să faceţi clic în Firefox din nou, pentru a-mi continua tastarea

(care s-a întâmplat cu mai mult de 10 de ori în doar acest mic mesaj de conducere mine ... nebun, IM vă spun!)

PC-ul meu este ciudat acţionează şi karpersky antivirus spune că i-au nimic în neregulă ...

Am lucrat în domeniul calculatoarelor pentru mult timp, dar acum acest lucru este ceva havent am văzut şi auzit havent încă ... fi din ce în ce mai im paranoic

**evilfantasy** · #2 5 ianuarie 2008, 10:44

Să ia o privire mai atentă.

Descărcaţi şi redenumiţi HijackThis (HJT)

Faceţi dublu-clic pe HJTInstall.
Click pe Instalaţi buton.
Se va transforma automat în loc HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
După instalare, HijackThis ar trebui să se deschidă pentru tine.
- Inchide HijackThis şi redenumiţi-o.
- Du-te la C: \ Program Files \ Trend Micro \HijackThis.exe
- Click dreapta pe HijackThis.exe şi selectaţi Redenumire.
- Tip în sniper.exe şi apăsaţi Introduceţi.
- Clic-dreapta pe sniper.exe şi selectaţi Pentru a trimite > Spaţiul de lucru (crea shortcut)
De la spaţiul de lucru deschis HiackThis.
Dacă utilizaţi Windows Vista, asiguraţi-vă că Executare ca administrator
Click pe Fă-un sistem de scanare şi salva un fişier de log buton
HijackThis va scana şi apoi un jurnal se va deschide în Notepad.
Copiaţi şi lipiţi apoi conectaţi-vă posta.
- Nu au Hijackthis repara nimic încă. Cea mai mare parte a ceea ce se constată va fi inofensiv sau chiar necesare.

Chiar dacă ne-am redenumit HijackThis la lunetist, ne vom referi în continuare să-l ca HijackThis sau HJT.

**Nikronius** · #3 5 ianuarie 2008, 11:08

Aceasta este ceea ce am:

**************************************************
Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 02:08:32, pe 05/01/2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Archivos de programa \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe
C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Windows \ system32 \ HPZipm12.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ dllhost.exe
C: \ WINDOWS \ Explorer.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe
C: \ Windows \ system32 \ SVOHOST.exe
C: \ Archivos de programa \ DAEMON Tools \ daemon.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Archivos de programa \ Microsoft Office \ OFFICE11 \ WINWORD.EXE
C: \ Archivos de programa \ Skype \ Phone \ Skype.exe
C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Archivos de programa \ Trend Micro \ HijackThis \ asdf.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = despre: necompletat
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
F2 - REG: System.ini: Userinit = C: \ Windows \ system32 \ userinit.exe, C: \ WINDO WS \ system32 \ ODBCJET.exe,
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Archivos de programa \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe"
O4 - HKLM \ .. \ Run: [SoundMam] C: \ Windows \ system32 \ SVOHOST.exe
O4 - HKCU \ .. \ Run: [DAEMON Tools] "C: \ Archivos de programa \ DAEMON Tools \ daemon.exe"-lang 1033
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Archivos de programa \ Windows Live \ Messenger \ MsnMsgr.Exe" / fundal
O4 - HKCU \ .. \ Run: [Comrade.exe] C: \ Archivos de programa \ GameSpy \ Comrade \ Comrade.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User "Servicio LOCAL")
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'Servicio LOCAL ")
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide1] cmd.exe / C move / Y "% SystemRoot% \ System32 \ syssetub.dll" "% SystemRoot% \ System32 \ syssetup.dll" (utilizator "Servicio LOCAL")
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User "Servicio de culoare roşie")
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User "Servicio de culoare roşie")
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'Default user')
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Restrictions prezent
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel prezent
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Toolbars \ Restrictions prezent
O8 - Extra context menu item: E & xportar o Microsoft Excel - res: / / C: \ Archív ~ 1 \ milionimi ~ 1 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra buton: referinţă - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archív ~ 1 \ milionimi ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/ES-LA/.../GAME_UNO1.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (BAA62A6B-DD15-4E55-A719-401AF676E3A9): nume = 10.0.0.1,10.0.0.2
O20 - Winlogon Notify: usbmon - C: \ Windows \ system32 \ usbmons.dll
O23 - Service: ABBYY FineReader 9.0 licenţiere Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C: \ Archivos de programa \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Dezvoltare Group - C: \ Archivos de programa \ Ares \ chatServer.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C: \ Archivos de programa \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc - C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc - C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ Windows \ system32 \ HPZipm12.exe
O23 - Service: Spyware Doctor de servicii auxiliare (sdAuxService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ swdsvc.exe

--
Sfârşit de fişier - 5942 bytes

**evilfantasy** · #4 5 ianuarie 2008, 11:24

Da, ai unele urât pe cei de acolo.

1. Acesta a dezactivat antivirus.
2. Este o mass-mailing vierme cu backdoor keylogging şi capabilităţi.
3. Aceasta a stabilit restricţii de pe panoul de control.

---------------

Vă rugăm să descărcaţi Combofix de sUBs de la fie aici sau aici

IMPORTANT - Salvaţi Combofix.exe la Spaţiul dumneavoastră de lucru.

Închideţi orice deschide browsere. (Firefox, Internet Explorer, etc)
Faceţi dublu clic combofix.exe & urmăriţi solicitările.
De la tastatura, selectaţi 1 şi apăsaţi Introduceţi
Când aţi terminat, se va produce un jurnal pentru tine.
Post-vă că intraţi în următorul răspuns.

Nu mouseclick combofix fereastra în timp ce se execută. Care pot determina pe computer pentru a se bloca

Înainte posta, vă rugăm să adăugaţi
combofix jurnal
noi hijackthis log

**Nikronius** · #5 5 ianuarie 2008, 12:33

ComboFix 08-01-06.3 - administrador 2008-01-05 14:48:48.1 - NTFSx86
Se ejecuta desde: C: \ Documents and Settings \ administrador \ escritorio \ ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))) )))))))))))))))))))))))))))))))))))))
.

C: \ WINDOWS \ install.exe
C: \ Windows \ system32 \ svohost.exe
C: \ Windows \ system32 \ winscok.dll

.

(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))) )))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 18:49 --------- d ----- w C: \ Documents and Settings \ administrador \ datos de programa \ Skype
2008-01-05 15:21 --------- d --- Aw C: \ Documents and Settings \ All Users \ datos de programa \ temp
2008-01-05 13:00 --------- d ----- w C: \ Documents and Settings \ administrador \ datos de programa \ Azureus
2007-12-26 22:39 --------- d ----- w C: \ Documents and Settings \ administrador \ datos de programa \ U3
2007-12-24 14:38 --------- d - h - w C: \ Archivos de programa \ InstallShield Installation Information
2007-12-23 04:15 --------- d ----- w C: \ Archivos de programa \ Azureus
2007-12-13 14:40 11.973 ---- Aw C: \ Windows \ system32 \ drivers \ secdrv.sys
2007-12-11 15:46 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ InstallShield
2007-12-05 20:12 --------- d ----- w C: \ Documents and Settings \ administrador \ datos de programa \ JAM Software
2007-12-05 20:09 --------- d ----- w C: \ Archivos de programa \ JAM Software
2007-12-04 19:25 --------- d ----- w C: \ Documents and Settings \ All Users \ datos de programa \ Office Genuine Advantage
2007-12-03 15:32 --------- d ----- w C: \ Archivos de programa \ FinalData
2007-12-02 17:05 --------- d ----- w C: \ Documents and Settings \ administrador \ datos de programa \ Media Player Classic
2007-12-02 16:43 --------- d ----- w C: \ Documents and Settings \ All Users \ datos de programa \ WM
2007-12-02 14:42 --------- d ----- w C: \ Documents and Settings \ administrador \ datos de programa \ WM
2007-12-02 14:39 --------- d ----- w C: \ Archivos de programa \ Word Magic Software
2007-12-02 00:44 --------- d ----- w C: \ Documents and Settings \ administrador \ datos de programa \ BSplayer Pro
2007-12-02 00:19 70.656 ---- Aw C: \ WINDOWS \ ScUnin.exe
2007-11-30 22:17 --------- d ----- w C: \ Archivos de programa \ DivX
2007-11-30 22:01 --------- d ----- w C: \ Archivos de programa \ Microsoft Works
2007-11-30 21:45 --------- d ----- w C: \ Documents and Settings \ Dimart \ datos de programa \ Talkback
2007-11-30 21:19 --------- d ----- w C: \ Archivos de programa \ DAEMON Tools
2007-11-30 21:13 685.816 ---- Aw C: \ Windows \ system32 \ drivers \ sptd.sys
2007-11-30 20:28 --------- d ----- w C: \ Documents and Settings \ All Users \ datos de programa \ Azureus
2007-11-30 13:42 --------- d ----- w C: \ Documents and Settings \ administrador \ datos de programa \ Talkback
2007-11-30 12:38 220.160 ---- Aw C: \ Windows \ system32 \ uxtheme.dll
2007-11-30 12:38 --------- d ----- w C: \ Archivos de programa \ Skype
2007-11-30 12:37 --------- d ----- w C: \ Documents and Settings \ All Users \ datos de programa \ Apple Computer
2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ Windows Media Connect 2
2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ Real Alternative
2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ QuickTime Alternative
2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ Media Player Classic
2007-11-30 12:35 --------- d ----- w C: \ Archivos de programa \ K-Lite Codec Pack
2007-11-30 12:35 --------- d ----- w C: \ Archivos de programa \ Java
2007-11-30 12:35 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ Java
2007-11-30 12:34 --------- d ----- w C: \ Archivos de programa \ Webteh
2007-11-30 12:34 --------- d ----- w C: \ Archivos de programa \ Lavalys
2007-11-30 12:34 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ Adobe
2007-11-30 12:23 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ MSSoap
2007-11-30 12:15 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ SpeechEngines
2007-11-30 12:15 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ ODBC
2007-11-15 22:46 23.736 ---- Aw C: \ Windows \ system32 \ lmimirr.dll
2007-11-15 22:46 10.040 ---- Aw C: \ Windows \ system32 \ lmimirr2.dll
2007-11-14 07:28 450.560 ------ w C: \ Windows \ system32 \ dllcache \ jscript.dll
2007-10-30 10:17 3.079.680 ---- Aw C: \ Windows \ system32 \ dllcache \ Mshtml.dll
2007-10-29 22:43 1.293.824 ---- Aw C: \ Windows \ system32 \ quartz.dll
2007-10-29 22:43 1.293.824 ------ w C: \ Windows \ system32 \ dllcache \ quartz.dll
2007-10-25 16:56 8.496.640 ------ w C: \ Windows \ system32 \ dllcache \ shell32.dll
2007-10-25 13:28 222.720 ---- Aw C: \ Windows \ system32 \ wmasf.dll
2007-10-25 13:28 222.720 ------ w C: \ Windows \ system32 \ dllcache \ wmasf.dll
2007-10-20 00:56 200.704 ---- Aw C: \ Windows \ system32 \ ssldivx.dll
2007-10-20 00:56 1.044.480 ---- Aw C: \ Windows \ system32 \ libdivx.dll
2007-10-18 15:31 51.224 ---- Aw C: \ Windows \ system32 \ sirenacm.dll
2007-10-11 06:12 96.768 ------ w C: \ Windows \ system32 \ dllcache \ inseng.dll
2007-10-11 06:12 662.016 ------ w C: \ Windows \ system32 \ dllcache \ Wininet.dll
2007-10-11 06:12 616.448 ---- Aw C: \ Windows \ system32 \ dllcache \ urlmon.dll
2007-10-11 06:12 55.808 ------ w C: \ Windows \ system32 \ dllcache \ extmgr.dll
2007-10-11 06:12 532.480 ------ w C: \ Windows \ system32 \ dllcache \ mstime.dll
2007-10-11 06:12 474.624 ---- Aw C: \ Windows \ system32 \ dllcache \ shlwapi.dll
2007-10-11 06:12 449.024 ------ w C: \ Windows \ system32 \ dllcache \ mshtmled.dll
2007-10-11 06:12 39.424 ------ w C: \ Windows \ system32 \ dllcache \ pngfilt.dll
2007-10-11 06:12 357.888 ------ w C: \ Windows \ system32 \ dllcache \ dxtmsft.dll
2007-10-11 06:12 251.392 ------ w C: \ Windows \ system32 \ dllcache \ iepeers.dll
2007-10-11 06:12 205.312 ------ w C: \ Windows \ system32 \ dllcache \ dxtrans.dll
2007-10-11 06:12 16.384 ------ w C: \ Windows \ system32 \ dllcache \ jsproxy.dll
2007-10-11 06:12 151.552 ---- Aw C: \ Windows \ system32 \ dllcache \ cdfview.dll
2007-10-11 06:12 146.432 ------ w C: \ Windows \ system32 \ dllcache \ msrating.dll
2007-10-11 06:12 1.495.040 ---- Aw C: \ Windows \ system32 \ dllcache \ Shdocvw.dll
2007-10-11 06:12 1.056.256 ------ w C: \ Windows \ system32 \ dllcache \ danim.dll
2007-10-11 06:12 1.023.488 ---- Aw C: \ Windows \ system32 \ dllcache \ browseui.dll
2007-10-10 11:16 18.432 ------ w C: \ Windows \ system32 \ dllcache \ iedw.exe
2006-11-07 14:29 145.920 ---- Aw C: \ WINDOWS \ inf \ hdaudio.sys
2006-09-05 08:18 20.992 - SHA-r C: \ Windows \ system32 \ usbmons.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))) ))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
* Nota * entradas vacías & entradas legítimas predeterminadas nu fiu mostradas

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DAEMON Tools" = "C: \ Archivos de programa \ DAEMON Tools \ daemon.exe" [2007-09-18 10:16 171464]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2004-08-19 08:42 30208]
"MsnMsgr" = "C: \ Archivos de programa \ Windows Live \ Messenger \ MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Comrade.exe" = "C: \ Archivos de programa \ GameSpy \ Comrade \ Comrade.exe" [2007-12-20 13:47 36864]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"LogMeIn GUI" = "C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe" [2007-08-03 15:09 63048]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2004-08-19 08:42 30208]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ policies \ system]
"DisableStatusMessages" = 0 (0x0)
"HideShutdownScripts" = 0 (0x0)
"RunLogonScriptSync" = 0 (0x0)
"RunStartupScriptSync" = 0 (0x0)
"HideStartupScripts" = 0 (0x0)

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableLockWorkstation" = 0 (0x0)
"DisableChangePassword" = 0 (0x0)
"HideLogonScripts" = 0 (0x0)
"HideLogoffScripts" = 0 (0x0)
"HideLegacyLogonScripts" = 0 (0x0)

[HKEY_USERS \. Implicit \ SOFTWARE \ Microsoft \ Windows \ actuală rentversion \ policies \ system]
"NoDispCPL" = 0 (0x0)
"NoDispAppearancePage" = 0 (0x0)
"NoDispScrSavPage" = 0 (0x0)
"NoDispSettingsPage" = 0 (0x0)
"NoVisualStyleChoice" = 0 (0x0)
"NoColorChoice" = 0 (0x0)
"NoSizeChoice" = 0 (0x0)
"DisableLockWorkstation" = 0 (0x0)
"DisableChangePassword" = 0 (0x0)
"HideLogonScripts" = 0 (0x0)
"HideLogoffScripts" = 0 (0x0)
"HideLegacyLogonScripts" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Policies \ Explorer]
"NoDesktopCleanupWizard" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoWelcomeScreen" = 0 (0x0)

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoChangeKeyboardNavigationIndicators" = 0 (0x0)
"NoChangeAnimation" = 0 (0x0)
"NoAddPrinter" = 0 (0x0)
"NoDeletePrinter" = 0 (0x0)
"RestrictCpl" = 0 (0x0)
"DisallowCpl" = 0 (0x0)
"NoViewOnDrive" = 0 (0x0)
"RestrictRun" = 0 (0x0)
"DisallowRun" = 0 (0x0)
"NoRecycleFiles" = 0 (0x0)
"ForceRecycleBinSize" = 0 (0x0)
"NoCustomizeWebView" = 0 (0x0)
"NoWinKeys" = 0 (0x0)
"NoFileAssociate" = 0 (0x0)
"NoDFSTab" = 0 (0x0)
"NoInstrumentation" = 0 (0x0)
"NoCustomizeThisFolder" = 0 (0x0)
"NoWebView" = 0 (0x0)
"DontShowSuperHidden" = 0 (0x0)
"NoOnlinePrintsWizard" = 0 (0x0)
"NoPublishingWizard" = 0 (0x0)
"NoSMConfigurePrograms" = 0 (0x0)
"NoSMMyPictures" = 0 (0x0)
"NoStartMenuMyMusic" = 0 (0x0)
"NoFavoritesMenu" = 0 (0x0)
"NoHelp" = 0 (0x0)
"NoCommonGroups" = 0 (0x0)
"NoStartMenuMFUprogramsList" = 0 (0x0)
"NoStartMenuPinnedList" = 0 (0x0)
"NoUserNameInStartMenu" = 0 (0x0)
"NoStartMenuMorePrograms" = 0 (0x0)
"NoStartMenuEjectPC" = 0 (0x0)
"NoSimpleStartMenu" = 0 (0x0)
"ForceStartMenuLogoff" = 0 (0x0)
"NoStartMenuSubFolders" = 0 (0x0)
"NoDisconnect" = 0 (0x0)
"NoNtSecurity" = 0 (0x0)
"NoSetFolders" = 0 (0x0)
"GreyMSIAds" = 0 (0x0)
"ForceMaxRecentDocs" = 0 (0x0)
"NoSMBalloonTip" = 0 (0x0)
"NoSMBalloonTips" = 0 (0x0)
"NoTrayContextMenu" = 0 (0x0)
"LockTaskbar" = 0 (0x0)
"NoTaskGrouping" = 0 (0x0)
"NoWebServices" = 0 (0x0)
"NoFileUrl" = 0 (0x0)
"NoBandCustomize" = 0 (0x0)
"NoToolbarCustomize" = 0 (0x0)
"NoExpandedNewMenu" = 0 (0x0)
"SpecifyDefaultButtons" = 0 (0x0)
"NoRecentDocsNetHood" = 0 (0x0)
"EnforceShellExtensionSecurity" = 0 (0x0)
"NoLogOff" = 0 (0x0)
"NoRunasInstallPrompt" = 0 (0x0)
"PromptRunasInstallNetPath" = 1 (0x1)
"NoResolveTrack" = 0 (0x0)
"NoResolveSearch" = 0 (0x0)
"NoDevMgrUpdate" = 0 (0x0)
"NoThumbnailCache" = 0 (0x0)
"ForceCopyAclwithFile" = 0 (0x0)
"StartRunNoHOMEPATH" = 0 (0x0)

[HKEY_USERS \. Implicit \ SOFTWARE \ Microsoft \ Windows \ actuală rentversion \ Policies \ Explorer]
"NoThemesTab" = 0 (0x0)
"NoChangeKeyboardNavigationIndicators" = 0 (0x0)
"NoChangeAnimation" = 0 (0x0)
"NoAddPrinter" = 0 (0x0)
"NoDeletePrinter" = 0 (0x0)
"RestrictCpl" = 0 (0x0)
"DisallowCpl" = 0 (0x0)
"NoViewOnDrive" = 0 (0x0)
"RestrictRun" = 0 (0x0)
"DisallowRun" = 0 (0x0)
"NoRecycleFiles" = 0 (0x0)
"ForceRecycleBinSize" = 0 (0x0)
"NoCustomizeWebView" = 0 (0x0)
"NoViewContextMenu" = 0 (0x0)
"NoWinKeys" = 0 (0x0)
"NoFileAssociate" = 0 (0x0)
"NoDFSTab" = 0 (0x0)
"NoInstrumentation" = 0 (0x0)
"NoCustomizeThisFolder" = 0 (0x0)
"NoWebView" = 0 (0x0)
"DontShowSuperHidden" = 0 (0x0)
"NoOnlinePrintsWizard" = 0 (0x0)
"NoPublishingWizard" = 0 (0x0)
"NoRun" = 0 (0x0)
"NoSMConfigurePrograms" = 0 (0x0)
"NoSMMyPictures" = 0 (0x0)
"NoStartMenuMyMusic" = 0 (0x0)
"NoFavoritesMenu" = 0 (0x0)
"NoHelp" = 0 (0x0)
"NoCommonGroups" = 0 (0x0)
"NoFind" = 0 (0x0)
"NoFolderOptions" = 0 (0x0)
"NoStartMenuMFUprogramsList" = 0 (0x0)
"NoStartMenuPinnedList" = 0 (0x0)
"NoUserNameInStartMenu" = 0 (0x0)
"NoStartMenuMorePrograms" = 0 (0x0)
"NoStartMenuEjectPC" = 0 (0x0)
"NoSimpleStartMenu" = 0 (0x0)
"ForceStartMenuLogoff" = 0 (0x0)
"StartMenuLogoff" = 0 (0x0)
"NoStartMenuSubFolders" = 0 (0x0)
"NoDisconnect" = 0 (0x0)
"NoNtSecurity" = 0 (0x0)
"NoSetFolders" = 0 (0x0)
"GreyMSIAds" = 0 (0x0)
"ForceMaxRecentDocs" = 0 (0x0)
"NoSMBalloonTip" = 0 (0x0)
"NoSMBalloonTips" = 0 (0x0)
"NoTrayContextMenu" = 0 (0x0)
"LockTaskbar" = 0 (0x0)
"HideClock" = 0 (0x0)
"NoTaskGrouping" = 0 (0x0)
"NoActiveDesktopChanges" = 0 (0x0)
"NoWebServices" = 0 (0x0)
"NoFileUrl" = 0 (0x0)
"NoBandCustomize" = 0 (0x0)
"NoToolbarCustomize" = 0 (0x0)
"NoExpandedNewMenu" = 0 (0x0)
"SpecifyDefaultButtons" = 0 (0x0)
"NoRecentDocsNetHood" = 0 (0x0)
"EnforceShellExtensionSecurity" = 0 (0x0)
"NoClose" = 0 (0x0)
"NoLogOff" = 0 (0x0)
"NoRunasInstallPrompt" = 0 (0x0)
"PromptRunasInstallNetPath" = 1 (0x1)
"NoResolveTrack" = 0 (0x0)
"NoResolveSearch" = 0 (0x0)
"NoDevMgrUpdate" = 0 (0x0)
"NoThumbnailCache" = 0 (0x0)
"ForceCopyAclwithFile" = 0 (0x0)
"StartRunNoHOMEPATH" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \ LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C: \ Windows \ system32 \ LMIinit.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Caffe-Server]
- a ------ 2006-07-09 15:27 4803072 C: \ Program Files \ Caffe \ Server.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Cmaudio]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Ctfmon.exe]
- a ------ 2004-08-19 08:42 30208 C: \ Windows \ system32 \ Ctfmon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ igfxhkcmd]
- a ------ 2005-09-20 10:32 77824 C: \ Windows \ system32 \ hkcmd.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ igfxpers]
- a ------ 2005-09-20 10:36 114688 C: \ Windows \ system32 \ igfxpers.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ igfxtray]
- a ------ 2005-09-20 10:35 94208 C: \ Windows \ system32 \ igfxtray.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ kis]
C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Internet Security 6.0 \ avp.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ msnmsgr]
C: \ Archivos de programa \ MSN Messenger \ msnmsgr.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ TaskSwitchXP]
C: \ Archivos de programa \ TaskSwitchXP \ TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ WinampAgent]
C: \ Archivos de programa \ Winamp \ winampa.exe

R1 NtFsLdf20; NtFsLdf20; C: \ Windows \ system32 \ drivers \ nt FsLdf20.sys [2002-07-04 13:52]
R2 LMIInfo; LogMeIn Kernel Information Provider; C: \ Archivos de programa \ LogMeIn \ x86 \ RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver; LogMeIn Remote File System Driver; C: \ Windows \ system32 \ drivers \ LMIRfsDriver.sy s [2007-08-03 15:09]
R3 usbscan; Controlador de escáner USB; C: \ WINDOWS \ system32 \ drivers \ usbscan.sys [2006-08-17 21:32]
S2 ABBYY.Licensing.FineReader.Professional.9.0; ABBYY FineReader 9.0 Serviciul de licenţiere; "C: \ Archivos de programa \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe" [2007-09-25 00:11]
S3 bepldr; BCL easyPDF SDK 5 Loader; "C: \ Archivos de programa \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe" [2007-08-22 16:19]
S3 USBSTOR; Dispositivo de almacenamiento masivo de date USB; C: \ WINDOWS \ system32 \ drivers \ USBSTOR.SYS [2004-08-03 23:08]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost]
LocalService REG_MULTI_SZ Alerter WebClient LmHosts upnphost SSDPSRV

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (5714de88-a427-11dc-861c-00196604d2ae)]
\ Shell \ Auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ Windows \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (68ae8df5-aca4-11dc-81b1-00196604d2ae)]
\ Shell \ AutoRun \ command - auto.exe
\ Shell \ explora \ Command - RavMon.exe e-mail
\ Shell \ open \ Command - RavMon.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (805ec9a7-a004-11dc-8615-00196604d2ae)]
\ Shell \ AutoRun \ command - G: \ LaunchU3.exe-o

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (92ef7850-a108-11dc-8619-00196604d2ae)]
\ Shell \ Auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ Windows \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (92ef78aa-a108-11dc-8619-00196604d2ae)]
\ Shell \ Auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ Windows \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (92ef78b4-a108-11dc-8619-00196604d2ae)]
\ Shell \ Auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ Windows \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (b05019b3-a665-11dc-a263-00196604d2ae)]
\ Shell \ AutoRun \ command - ntde1ect.com
\ Shell \ explora \ Command - ntde1ect.com
\ Shell \ open \ Command - ntde1ect.com

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (d79ae692-9f95-11dc-8614-00196604d2ae)]
\ Shell \ AutoRun \ command - G: \ ntde1ect.com
\ Shell \ explora \ Command - G: \ ntde1ect.com
\ Shell \ open \ Command - G: \ ntde1ect.com

* Newly Created Service * - COMSYSAPP
* Newly Created Service * - PROCEXP90
.
Contenido de la carpeta "Tareas Programadas"
"2007-12-08 20:22:33 C: \ WINDOWS \ Tasks \ McDefragTask.job"
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 14:51:38
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

erori de disc: C: \ WINDOWS \

************************************************** ************************

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ c atchme]
"ImagePath" = "\?? \ C: \ Windows \ Temp \ catchme.sys"
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------

Proces: C: \ Windows \ system32 \ winlogon.exe
-> C: \ Windows \ system32 \ usbmons.dll
.
Tiempo completado: 2008-01-06 14:52:51
ComboFix-carantină-files.txt 2008-01-06 18:51:58
.
2007-12-18 03:51:13 --- EOF ---

Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 03:32:28, pe 06/01/2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe
C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Windows \ system32 \ HPZipm12.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe
C: \ Archivos de programa \ DAEMON Tools \ daemon.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Windows \ system32 \ dllhost.exe
C: \ WINDOWS \ explorer.exe
C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Archivos de programa \ Microsoft Office \ OFFICE11 \ WINWORD.EXE
C: \ Archivos de programa \ Trend Micro \ HijackThis \ asdf.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = despre: necompletat
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Archivos de programa \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe"
O4 - HKCU \ .. \ Run: [DAEMON Tools] "C: \ Archivos de programa \ DAEMON Tools \ daemon.exe"-lang 1033
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Archivos de programa \ Windows Live \ Messenger \ MsnMsgr.Exe" / fundal
O4 - HKCU \ .. \ Run: [Comrade.exe] C: \ Archivos de programa \ GameSpy \ Comrade \ Comrade.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User "Servicio LOCAL")
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User "Servicio de culoare roşie")
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Toolbars \ Restrictions prezent
O8 - Extra context menu item: E & xportar o Microsoft Excel - res: / / C: \ Archív ~ 1 \ milionimi ~ 1 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra buton: referinţă - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archív ~ 1 \ milionimi ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/ES-LA/.../GAME_UNO1.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (BAA62A6B-DD15-4E55-A719-401AF676E3A9): nume = 10.0.0.1,10.0.0.2
O23 - Service: ABBYY FineReader 9.0 licenţiere Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C: \ Archivos de programa \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Dezvoltare Group - C: \ Archivos de programa \ Ares \ chatServer.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C: \ Archivos de programa \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe
O23 - Service: Indexare Service (CiSvc) - Unknown owner - C: \ Windows \ system32 \ cisvc.exe (fişierul lipseşte)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc - C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc - C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ Windows \ system32 \ HPZipm12.exe
O23 - Service: Spyware Doctor de servicii auxiliare (sdAuxService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ swdsvc.exe

--
Sfârşit de fişier - 4754 bytes

**evilfantasy** · #6 5 ianuarie 2008, 12:52

Asta am câteva dintre ele, dar există încă multe altele.

Descărca SDFix.exe şi salvaţi-l pe Desktop.

Faceţi dublu clic SDFix.exe şi se va extrage fişierele% systemdrive%
(Unitatea care conţine directorul Windows, de obicei, C: \ SDFix)

Vă rugăm să apoi reporniţi computerul în Safe Mode de a face următoarele:

Reporniţi computerul
După audiere computer sonor de o dată în timpul pornirii, dar înainte de Windows apare pictograma, atingeţi tasta F8 continuu;
În loc de Windows încărcare ca de obicei, de meniu de opţiuni avansate ar trebui să apară;
Selectaţi prima opţiune, pentru a rula Windows în Safe Mode, apoi apăsaţi Introduceţi.
Alege-ţi contul de obicei.
Deschideţi extrase SDFix dosar şi dublu clic RunThis.bat pentru a porni script-ul.
Tip Y pentru a începe procesul de curăţare.
Se va elimina orice Trojan Servicii şi intrările registry pe care le găseşte apoi vă solicită să apăsaţi orice tastă pentru a reporni.
Apăsaţi orice tastă şi se va reporni PC-ul.
În cazul în care PC-ul reporneşte Fixtool va rula din nou şi a termina procesul de eliminare apoi de afişare Terminate, Apăsaţi orice tastă pentru a termina script sarcină şi spaţiul de lucru pictograme.
Odată ce desktop icoane incarca SDFix raport se va deschide pe ecran şi, de asemenea, cu excepţia în SDFix ca dosarul Report.txt
(Report.txt De asemenea, vor fi copiate în clipboard).
În cele din urmă de a adăuga conţinut al Report.txt în următoarea posta ca o Atasament cu un nou HijackThis log