mam problem przez wirusa Win32:Agent-LTS [Trj] mam avasta i to caly czas sie wyswietla(bez przerwy co kilka minut)
juz probowalem tak:
-
na 2 opcji awaryjnego - programu SmitfraudFix (zgodnie z zaleceniami)
-
ATF - Cleaner (wszystko zrobilem zgodnie z zaleceniami)
-
Windows Worms Door Cleaner
i nic to nie pomaga!
oto zainfekowane pliki, ktore mi sie wyswietlily w Avascie z inf. o tym cholernym trojanie :
C:\DOCUME~1\Admin\USTAWI~1\Temp\ac8zt2\main_uninstaller.
C:\DOCUME~1\Admin\USTAWI~1\Temp\ac8zt2\msmdev.dll
C:\DOCUME~1\Admin\USTAWI~1\Temp\ac8zt2\nsduo.dll
C:\DOCUME~1\Admin\USTAWI~1\Temp\ac8zt2\rmv.exe
C:\DOCUME~1\Admin\USTAWI~1\Temp\ac8zt2\main_uninstaller.exe
C:\DOCUME~1\Admin\USTAWI~1\Temp\ac8zt2\msmhost.dll
C:\WINDOWS\main_uninstaller.exe
C:\windows\MSMHOST.DLL
Tło pulpitu zmienia się na czerwone z dużym znaczkiem takiego jak w ARCAvIR.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:57, on 2007-11-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\system32\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\neostradatp.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
L:\Listopad 2007 cz.15\Windows-KB890830-V1.35.exe
k:\37ac431bd3076e7136e79a5a0ac0f160\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
L:\Listopad 2007 cz.19\szczepionki.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: MSVPS System - {6A78E352-B1FA-4C18-9C48-96DD03979770} - C:\WINDOWS\popnetmtq.dll
O3 - Toolbar: The jokwmp - {6BA27973-068D-4F85-BE84-1251E0B20FD3} - C:\WINDOWS\jokwmp.dll
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM…\Run: [VTTimer] VTTimer.exe
O4 - HKLM…\Run: [s3Trayp] S3trayp.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\system32\qttask.exe” -atboottime
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip…{97D6D253-7B4A-4927-942F-E8BA5D7B9733}: NameServer = 194.204.159.1 217.98.63.164
O21 - SSODL: rmvgor - {D4F14E37-9E15-4209-8877-C54E54885307} - C:\WINDOWS\rmvgor.dll
O21 - SSODL: sapnet - {20CD8452-15C3-4A91-B750-9FFE7C443BE8} - C:\WINDOWS\sapnet.dll (file missing)
O21 - SSODL: msmhost - {BBFEB3FD-9BF0-4365-A5CE-7EF140D21AD4} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {F1559391-64B5-469A-99AA-032EB124E118} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
–
End of file - 5611 bytes