Problem z wirusem, nie można go usunąć


(Fefka86) #1

Hej mam ad aware 2007 i mks vir i niestety jakiegoś wirusa. Ad aware i mks vir wyrzucają mi komunikaty o modyfikacji rejestru, chodzi głównie o stronę startową explorera. W dodatku pojawiaja mi sie jakies dziwne alerty windows. Na pulpicie pojawily mi sie trzy ikonki spywere detector i cos tam jeszcze, sprawdzalam w programach nie ma niczego takiego. WYskakujace okienka mowia ze mam wirusa i chca sie laczyc z netem ale wchodzą na jakąs podejrzaną strone. Z kolei mks vir i ad aware przy skanowaniu nic nie wykrywają, mimo iz wyrzucaja caly czas modyfikacje rejsestru co robic?

Log

Logfile of HijackThis v1.99.1

Scan saved at 23:44:02, on 2007-12-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\htpatch.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

D:\Program Files\mks_vir_2007\bin\mkstray.exe

D:\Program Files\mks_vir_2007\bin\mks_mail.exe

D:\Program Files\mks_vir_2007\bin\mksregmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\SmartCom\RTEGPRS.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

d:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program Files\mks_vir_2007\bin\MksFwall.exe

D:\Program Files\mks_vir_2007\bin\MksPC.exe

D:\Program Files\mks_vir_2007\bin\mksupdate.exe

D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

d:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

D:\Program Files\mks_vir_2007\bin\mks_scan.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Fefka\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: BDEX System - {8E7FF808-43C3-4D5F-AF01-29FD866BBA58} - C:\WINDOWS\domnftwtwl.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [mkstray] D:\Program Files\mks_vir_2007\bin\mkstray.exe

O4 - HKLM\..\Run: [mks_mail] D:\Program Files\mks_vir_2007\bin\mks_mail.exe

O4 - HKLM\..\Run: [MKSRegmon] D:\Program Files\mks_vir_2007\bin\mksregmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\SmartCom\RTEGPRS.exe" tray

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A5387344-9B49-4FC3-B740-B562BECD31DD}: NameServer = 194.204.159.1,194.204.157.34

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: alxvdvm - {AB32CC69-B5C5-4126-95AF-4229FC26150A} - C:\WINDOWS\alxvdvm.dll

O21 - SSODL: bvtqfvx - {4A59238A-7500-488E-810C-8BCA83C2B45C} - C:\WINDOWS\bvtqfvx.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MksFwall - MKS Sp z o.o. - D:\Program Files\mks_vir_2007\bin\MksFwall.exe

O23 - Service: MksPC - Unknown owner - D:\Program Files\mks_vir_2007\bin\MksPC.exe

O23 - Service: MksUpdate - MKS Sp. z o. o. - D:\Program Files\mks_vir_2007\bin\mksupdate.exe

O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\mks_vir_2007\bin\mks_scan.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

(Gutek) #2

Najpierw automat: Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym - Daj log z ComboFix