Jak usunąć Adware.Agent.BN - podaje loga?


(Rajland) #1
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:07:09, on 2008-03-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\msupdsvc32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll

O21 - SSODL: apdqnxp - {2D3F6413-1D20-4954-BB2C-B0A156670A1A} - C:\WINDOWS\apdqnxp.dll

O21 - SSODL: KernelPrx - {068a3193-506d-42f2-bf98-12f70b473812} - C:\WINDOWS\Installer\{068a3193-506d-42f2-bf98-12f70b473812}\KernelPrx.dll

O21 - SSODL: btrklfr - {E1C19827-BE22-469B-B7B0-7E46E7A5B3B4} - C:\WINDOWS\btrklfr.dll

O21 - SSODL: zip - {150b61c2-4aa5-43cc-95db-96b2c8fa3fec} - C:\WINDOWS\Installer\{150b61c2-4aa5-43cc-95db-96b2c8fa3fec}\zip.dll

O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe

O23 - Service: Microsoft Update Service Helper (msupdsvc) - Unknown owner - C:\WINDOWS\system32\msupdsvc32.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O24 - Desktop Component 0: Privacy Protection - (no file)


--

End of file - 3257 bytes

(Gutek) #2

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym daj log z ComboFix