Jak usunąc wirusa win32/small.ca?

sensei87 · 13 Czerwiec 2007 17:22

nie moge korzystac z wielu programów, po zraportowaniu błedu dostaje informacje o wirusie 32win/small.ca oto log z hijackthis:

Logfile of HijackThis v1.99.1 Scan saved at 18:56:05, on 2007-06-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\mstsdsc.exe C:\Documents and Settings\Administrator\Pulpit\Nowy folder\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {eae8ea8f-8e55-4ed2-8b7e-e0c25132540e} - C:\WINDOWS\system32\kbdvps.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL O4 - HKLM…\Run: [mstsdsc.exe] c:\windows\system32\mstsdsc.exe O4 - HKLM…\Run: [NI.UWA7P_0001_N91M0809] “C:\Documents and Settings\Administrator\Pulpit\WinAntiVirusPro2007FreeInstall.exe” -nag O4 - HKLM…\Run: [NI.UWAS7_0001_N91M2703] “C:\Documents and Settings\Administrator\Pulpit\WinAntiSpyware2007FreeInstall.exe” -nag O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F070173} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F070173} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider ‘rsvp322.dll’ missing O15 - Trusted Zone: *.p0rt2.com O16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_34.cab O20 - AppInit_DLLs: O20 - Winlogon Notify: bnreg - C:\Documents and Settings\All Users\Dokumenty\Settings\bn.dll O20 - Winlogon Notify: kbdvps - C:\WINDOWS\SYSTEM32\kbdvps.dll O21 - SSODL: Systemcheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

Nude Lindsay Lohan saver

http://myscreensavers.info/lindsay.scr

JNJN · 13 Czerwiec 2007 18:04

Proszę zmienić temat postu na konkretny,opcja zmień i popraw.JNJN

adam9870 · 13 Czerwiec 2007 18:42

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Pobierz i odpal LSP-Fix zaznacz " I know what I’m doing" następnie w okienku Keep zaznacz bibliotekę rsvp322.dll i za pomocą strzałki (>>) przenieś ją do okienka Remover i kliknij Finish i restart.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: (no name) - {eae8ea8f-8e55-4ed2-8b7e-e0c25132540e} - C:\WINDOWS\system32\kbdvps.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL O4 - HKLM…\Run: [mstsdsc.exe] c:\windows\system32\mstsdsc.exe O4 - HKLM…\Run: [NI.UWA7P_0001_N91M0809] “C:\Documents and Settings\Administrator\Pulpit\WinAntiVirusPro2007FreeInstall.exe” -nag O4 - HKLM…\Run: [NI.UWAS7_0001_N91M2703] “C:\Documents and Settings\Administrator\Pulpit\WinAntiSpyware2007FreeInstall.exe” -nag O15 - Trusted Zone: *.p0rt2.com O16 - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O20 - AppInit_DLLs: O20 - Winlogon Notify: bnreg - C:\Documents and Settings\All Users\Dokumenty\Settings\bn.dll O20 - Winlogon Notify: kbdvps - C:\WINDOWS\SYSTEM32\kbdvps.dll O21 - SSODL: Systemcheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll

Pliki i foldery zaznaczone na czerwono usuń ręcznie w trybie awaryjnym natomiast wpisy HijackThis.

Użyj VundoFix + FixVundo + VirtumundoBeGone + SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Po wykonaniu wklej log z ComboFix. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

sensei87 · 13 Czerwiec 2007 19:49

zrobiłem wszytsko co mi kazałes poza jednym o co ci chodzi z tym ze mam usunąć w trybie awaryjnym wpisy hijackthis???/

Złączono Posta : 13.06.2007 (Sro) 21:54

to jest log z comobofix

((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 ))))))))))))))))))))))))))))))) 2007-06-13 21:51 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-13 21:35 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-06-13 21:35 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-06-13 21:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-06-13 19:02 23,040 --a------ C:\WINDOWS\system32\msaktak.dll 2007-06-13 18:28 2007-06-13 17:11 2007-06-13 17:10 2007-06-13 17:10 2007-06-13 17:04 91,136 --a------ C:\WINDOWS\system32\mstsdsc.exe 2007-06-13 16:56 2007-06-13 16:56 2007-06-13 16:56 2007-06-13 13:46 2007-06-13 13:22 2007-06-13 11:36 2007-06-12 20:50 87 --a------ C:\WINDOWS\system32\pfxzmtsmtspm.dll 2007-06-12 20:50 67 --a------ C:\WINDOWS\system32\sfxzmtforum.dll 2007-06-12 20:50 6 --a------ C:\WINDOWS\system32\pfxzmtfpurse.dll 2007-06-12 20:50 53 --a------ C:\WINDOWS\system32\pfxzmtymsg.dll 2007-06-12 20:50 53 --a------ C:\WINDOWS\system32\pfxzmticq.dll 2007-06-12 20:50 53 --a------ C:\WINDOWS\system32\pfxzmtgtal.dll 2007-06-12 20:50 53 --a------ C:\WINDOWS\system32\pfxzmtaim.dll 2007-06-12 20:50 29 --a------ C:\WINDOWS\system32\pfxzmtwbmail.dll 2007-06-12 20:50 25 --a------ C:\WINDOWS\system32\pfxzmtsmt.dll 2007-06-12 20:50 12 --a------ C:\WINDOWS\system32\pfxzmtzpurse.dll 2007-06-12 20:50 12 --a------ C:\WINDOWS\system32\pfxzmtrpurse.dll 2007-06-12 19:29 2007-06-12 19:28 102,400 --a------ C:\WINDOWS\system32\rsvp322.dll 2007-06-08 23:07 131,160 --a------ C:\WINDOWS\xxxywv.dll 2007-06-04 17:02 39,124 --a------ C:\WINDOWS\system32\tmp56D.tmp.dll 2007-06-04 00:34 106,391 --a------ C:\WINDOWS\awussr.dll 2007-06-01 18:35 39,236 --a------ C:\WINDOWS\system32\tmpA2.tmp.dll 2007-05-30 20:21 106,639 --a------ C:\WINDOWS\rqonkj.dll 2007-05-29 14:10 39,344 --a------ C:\WINDOWS\system32\tmp65.tmp.dll 2007-05-25 19:07 106,398 --a------ C:\WINDOWS\hggecb.dll 2007-05-25 19:04 38,295 --a------ C:\WINDOWS\system32\tmp6C.tmp.dll 2007-05-23 02:52 2007-05-23 02:51 2007-05-23 00:49 38,218 --a------ C:\WINDOWS\system32\tmpF49.tmp.dll 2007-05-23 00:48 106,487 --a------ C:\WINDOWS\pmnmli.dll 2007-05-22 11:46 2007-05-20 20:42 639,066 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-18 17:26 38,193 --a------ C:\WINDOWS\system32\tmp5A5.tmp.dll 2007-05-18 16:34 106,517 --a------ C:\WINDOWS\cbbbcd.dll 2007-05-17 11:38 2007-05-16 20:52 2007-05-16 12:51 38,126 --a------ C:\WINDOWS\system32\tmp4.tmp.dll 2007-05-15 23:16 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-05-15 23:15 2007-05-15 23:10 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys 2007-05-15 23:10 9,728 --------- C:\WINDOWS\system32\rwnh.dll 2007-05-15 23:10 9,728 --------- C:\WINDOWS\system32\comsdupd.exe 2007-05-15 23:10 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll 2007-05-15 23:10 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-05-15 23:10 73,832 --------- C:\WINDOWS\system32\slcoinst.dll 2007-05-15 23:10 73,796 --------- C:\WINDOWS\system32\slserv.exe 2007-05-15 23:10 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys 2007-05-15 23:10 7,168 --------- C:\WINDOWS\system32\hccoin.dll 2007-05-15 23:10 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-05-15 23:10 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-05-15 23:10 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-05-15 23:10 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys 2007-05-15 23:10 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-05-15 23:10 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-05-15 23:10 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-05-15 23:10 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys 2007-05-15 23:10 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-05-15 23:10 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-05-15 23:10 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys 2007-05-15 23:10 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys 2007-05-15 23:10 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys 2007-05-15 23:10 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys 2007-05-15 23:10 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys 2007-05-15 23:10 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys 2007-05-15 23:10 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys 2007-05-15 23:10 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys 2007-05-15 23:10 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2007-05-15 23:10 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-05-15 23:10 397,056 --------- C:\WINDOWS\system32\s3gnb.dll 2007-05-15 23:10 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys 2007-05-15 23:10 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll 2007-05-15 23:10 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-05-15 23:10 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys 2007-05-15 23:10 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-05-15 23:10 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-05-15 23:10 32,866 --------- C:\WINDOWS\system32\slrundll.exe 2007-05-15 23:10 32,866 --------- C:\WINDOWS\slrundll.exe 2007-05-15 23:10 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll 2007-05-15 23:10 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll 2007-05-15 23:10 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-05-15 23:10 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-05-15 23:10 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-05-15 23:10 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-05-15 23:10 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll 2007-05-15 23:10 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-05-15 23:10 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-05-15 23:10 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-05-15 23:10 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-05-15 23:10 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-12 21:28:36 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-23 19:04:15 -------- d-----w C:\Program Files\Azureus 2007-05-20 19:42:02 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-20 19:41:56 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-05-16 19:51:25 -------- d-----w C:\Program Files\BearFlix 2007-05-15 22:10:47 -------- d-----w C:\Program Files\Messenger 2007-05-15 22:00:53 3,712 ----a-w C:\WINDOWS\system32\ksys.sys 2007-05-14 18:09:13 82,944 ----a-w C:\WINDOWS\system32\ws2_32.dll 2007-05-12 15:17:43 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\ACD Systems 2007-05-12 15:17:01 -------- d-----w C:\Program Files\Yahoo! 2007-05-12 15:15:57 -------- d-----w C:\Program Files\Common Files\ACD Systems 2007-05-12 15:15:38 -------- d-----w C:\Program Files\ACD Systems 2007-05-11 16:59:00 37,814 ----a-w C:\WINDOWS\system32\tmpF4A.tmp.dll 2007-05-11 16:57:25 37,814 ----a-w C:\WINDOWS\system32\tmpF44.tmp.dll 2007-05-09 12:55:51 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-09 12:55:51 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-09 12:53:26 22,528 ----a-w C:\WINDOWS\chi.exe 2007-05-09 12:53:03 91,136 ----a-w C:\WINDOWS\system32\a.exe 2007-05-09 12:53:03 8,704 ----a-w C:\WINDOWS\system32\sporder.dll 2007-05-09 12:53:03 123,392 ----a-w C:\WINDOWS\system32\tmwsock.dll 2007-05-09 12:10:09 12,160 --s-a-w C:\WINDOWS\system32\bkernel.sys 2007-05-09 10:50:30 16,896 ----a-w C:\WINDOWS\winlogon1.dll 2007-05-09 10:50:30 16,896 ----a-w C:\WINDOWS\uvchost1.dll 2007-05-09 10:50:30 16,896 ----a-w C:\WINDOWS\taskmgr1.dll 2007-05-09 10:50:30 16,896 ----a-w C:\WINDOWS\smssa1.dll 2007-05-09 10:50:29 30,720 ----a-w C:\WINDOWS\msiau1.dll 2007-05-04 17:21:18 49,152 ----a-w C:\WINDOWS\system32\vbsys2.dll 2007-05-04 10:48:55 106,768 ----a-w C:\WINDOWS\kheeec.dll 2007-05-02 22:04:56 4 ----a-w C:\WINDOWS\system32\proc-1278289914.bin 2007-05-02 22:04:56 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\GanymedeNet 2007-05-01 13:57:17 -------- d-----w C:\Program Files\Cartall 2007-04-30 14:26:20 38,066 ----a-w C:\WINDOWS\system32\tmpA.tmp.dll 2007-04-26 20:46:12 -------- d-----w C:\Program Files\FreeRIP2 2007-04-26 19:54:04 38,066 ----a-w C:\WINDOWS\system32\tmp2.tmp.dll 2007-04-22 17:48:16 37,938 ----a-w C:\WINDOWS\system32\tmp163A.tmp.dll 2007-04-21 10:08:27 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\Azureus 2007-04-20 16:41:19 -------- d-----w C:\Program Files\Common Files\Ahead 2007-04-20 16:20:12 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\Ahead 2007-04-17 20:58:03 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\vlc_user 2007-04-17 20:58:03 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\vlc 2007-04-17 14:13:13 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\Help 2007-04-14 11:33:55 -------- d-----w C:\Program Files\Nero 2007-04-13 14:33:49 203,264 ----a-w C:\WINDOWS\system32\screensaver_a5.scr 2007-04-05 19:18:55 0 --sha-r C:\MSDOS.SYS 2007-04-05 19:18:55 0 --sha-r C:\IO.SYS 2007-04-05 19:18:55 0 ----a-w C:\CONFIG.SYS 2007-04-05 19:18:55 0 ----a-w C:\AUTOEXEC.BAT 2007-04-05 19:13:31 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NI.UWA7P_0001_N91M0809”=“C:\Documents and Settings\Administrator\Pulpit\WinAntiVirusPro2007FreeInstall.exe” [] “NI.UWAS7_0001_N91M2703”=“C:\Documents and Settings\Administrator\Pulpit\WinAntiSpyware2007FreeInstall.exe” [] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-02-13 19:29] “mstsdsc.exe”=“c:\windows\system32\mstsdsc.exe” [2007-06-13 21:47] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “nlsf”=cmd.exe /C move /Y “%SystemRoot%\System32\syssetupo.dll” “%SystemRoot%\System32\syssetup.dll” “tscuninstall”=%systemroot%\system32\tscupgrd.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] “Userinit”=“C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,” [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bnreg] C:\Documents and Settings\All Users\Dokumenty\Settings\bn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=C:\WINDOWS\system32\msaktak.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ??? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mstsdsc.exe] c:\windows\system32\mstsdsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ??? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysRestore] “C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\tmp12.tmp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs NtmlSvc ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-13 21:51:56 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … C:\WINDOWS\system32\ws2_32.dll:fork2 21504 bytes executable C:\WINDOWS\system32\drivers\runtime2.sys ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\runtime2] “ImagePath”="\SystemRoot\system32\drivers\runtime2.sys" Completion time: 2007-06-13 21:52:56 — E O F —

qrczak13 · 15 Czerwiec 2007 21:00

Pobierz LSP - FIX zaznacz " I know what I’m doing",

następnie w okienku Keep zaznacz bibliotekę tmwsock.dll i za pomocą strzałki (>>) przenieś ją do okienka Remover i kliknij Finish i restart.

Ściągnij The Avenger,

wypakuj > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:

Files to delete: C:\WINDOWS\system32\msaktak.dll C:\WINDOWS\system32\mstsdsc.exe C:\WINDOWS\system32\pfxzmtsmtspm.dll C:\WINDOWS\system32\sfxzmtforum.dll C:\WINDOWS\system32\pfxzmtymsg.dll C:\WINDOWS\system32\pfxzmticq.dll C:\WINDOWS\system32\pfxzmtgtal.dll C:\WINDOWS\system32\pfxzmtaim.dll C:\WINDOWS\system32\pfxzmtwbmail.dll C:\WINDOWS\system32\pfxzmtsmt.dll C:\WINDOWS\system32\pfxzmtzpurse.dll C:\WINDOWS\system32\rsvp322.dll C:\WINDOWS\xxxywv.dll C:\WINDOWS\system32\tmp56D.tmp.dll C:\WINDOWS\awussr.dll C:\WINDOWS\system32\tmpA2.tmp.dll C:\WINDOWS\rqonkj.dll C:\WINDOWS\system32\tmp65.tmp.dll C:\WINDOWS\hggecb.dll C:\WINDOWS\system32\tmp6C.tmp.dll :\WINDOWS\system32\tmpF49.tmp.dll C:\WINDOWS\pmnmli.dll C:\WINDOWS\system32\tmp5A5.tmp.dll C:\WINDOWS\cbbbcd.dll C:\WINDOWS\system32\tmp4.tmp.dll C:\WINDOWS\system32\ksys.sys C:\WINDOWS\system32\tmpF4A.tmp.dll C:\WINDOWS\system32\tmpF44.tmp.dll C:\WINDOWS\chi.exe C:\WINDOWS\system32\a.exe C:\WINDOWS\system32\sporder.dll C:\WINDOWS\system32\tmwsock.dll C:\WINDOWS\system32\bkernel.sys C:\WINDOWS\winlogon1.dll C:\WINDOWS\uvchost1.dll C:\WINDOWS\taskmgr1.dll C:\WINDOWS\smssa1.dll C:\WINDOWS\msiau1.dll C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\kheeec.dll C:\WINDOWS\system32\proc-1278289914.bin C:\WINDOWS\system32\tmpA.tmp.dll C:\WINDOWS\system32\tmp2.tmp.dll C:\WINDOWS\system32\tmp163A.tmp.dll C:\WINDOWS\system32\drivers\runtime2.sys Folders to delete: C:\WINDOWS\system32\wsnpoem Registry keys to delete: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bnreg Registry values to delete: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” | “mstsdsc.exe” “HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon” | “Userinit” “HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows” | “appinit_dlls”

Po wklejeniu > Done > klik na zielone światło > ok i będzie restart. Po restarcie wchodzisz gdzie masz The Avenger i wklejasz raport C:\avenger.txt.

http://www.searchengines.pl/phpbb203/index.php?showtopic=6745&st=0&p=58780entry58780

Po tym nowy log z combo.

Wpisy w HijackThis kasuje po scanie, stawiasz ptaszka przy wpisie z lewej strony i naciskasz fix checked.