Trojany, robaki i inne cuda

szczepanek9 · 12 Kwiecień 2010 18:41

Avira wykrywa różne dziwne rzeczy np. tr/dropper.gen, nie mogę tego usunąć… Na dodatek wyrzuciło mi sterowniki karty sieciowej…

http://wklejto.pl/63712

Kompletnie się nie znam więc z góry przepraszam

jessica · 12 Kwiecień 2010 22:59

Zabójcza infekcja.

Użyj TDSKiller. http://support.kaspersky.com/viruses/so … =208280684

* Pobierz TDSSKiller i zapisz go na pulpicie.

* Wypakuj zawartośc na pulpit.

Ważne: TDSSKiller.exe musi być zapisany bezpośrednio na pulpicie!

* Wciśnij naraz klawisz z symbolem Windowsa oraz R - pokaże się okienko, do którego wkleisz następującą komendę:

* Gdyby powyższa komenda nie dała rady, zastąp w niej słowo “desktop” słowem “pulpit”.

* jeśli narzędzie zwróci komunikat “Hidden Service detected” wciśnij ENTER, nic innego!

* Po zakończeniu działania na dysku C:\ będzie będzie plik TDSSKiller.txt - pokaż tego loga w swojej odpowiedzi.

Ściągnij plik “userinit.exe” stąd >http://www.speedyshare.com/files/21914994/userinit.exe, i umieść go bezpośrednio na C:\
Ściągnij plik “ndis.sys” stąd >http://www.speedyshare.com/files/21915186/ndis.sys, i umieść go bezpośrednio na C:\
Ściągnij -->Avenger.

wklej do niego ten tekst:

Files to delete:

C:\WINDOWS\system\svchost.exe

C:\WINDOWS\cidrive32.exe

C:\WINDOWS\system32\reader_s.exe

C:\Documents and Settings\Szczepson\reader_s.exe

C:\RECYCLER\S-1-5-21-1474276482-7319748991-811190089-7251\mgrls32.exe

C:\Documents and Settings\Szczepson\csrss.exe

C:\Documents and Settings\Szczepson\Menu Start\Programy\Autostart\wwwmen32.exe


Files to move:

C:\userinit.exe | C:\Windows\system32\userinit.exe

C:\ndis.sys | C:\Windows\system32\drivers\ndis.sys


Drivers to delete:

darkness

xkiyapr

Kliknij w " Execute" i zatwierdź restart komputera.

Zrestartuj komputer.

Daj Raport z Avengera z C:\avenger.txt.

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL O4 - HKLM…\Run: [8843] C:\DOCUME~1\SZCZEP~1\USTAWI~1\Temp\iuyriti.exe File not found O4 - HKLM…\Run: [oo] C:\WINDOWS\ndll.exe File not found O4 - HKLM…\Run: [reader_s] C:\WINDOWS\system32\reader_s.exe (Portable Library) O4 - HKLM…\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe (LBLDMy) O4 - HKCU…\Run: [reader_s] C:\Documents and Settings\Szczepson\reader_s.exe (Portable Library) O4 - Startup: C:\Documents and Settings\Szczepson\Menu Start\Programy\Autostart\wwwmen32.exe () O37 - HKCU…exe [@ = exefile] – Reg Error: Key error. File not found 2010-04-12 19:55:01 | 000,179,200 | ---- | C] (LBLDMy) – C:\WINDOWS\System32\regedit.exe [2010-04-12 19:54:53 | 000,025,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\stu2.exe [2010-04-09 15:56:13 | 000,033,792 | ---- | C] (Portable Library) – C:\WINDOWS\System32\reader_s.exe [2010-04-09 15:56:13 | 000,033,792 | ---- | C] (Portable Library) – C:\Documents and Settings\Szczepson\reader_s.exe [2010-04-12 20:37:55 | 000,823,808 | ---- | M] () – C:\WINDOWS\System32\drivers\xkiyapr.sys [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At360.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At359.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At358.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At357.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At356.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At355.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At354.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At353.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At352.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At351.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At350.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At349.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At348.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At347.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At346.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At345.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At344.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At343.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At342.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At341.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At340.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At339.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At338.job [2010-04-12 20:06:25 | 000,000,370 | ---- | M] () – C:\WINDOWS\tasks\At337.job [2010-04-12 20:00:00 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At21.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At9.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At8.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At7.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At6.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At5.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At4.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At3.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At24.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At23.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At22.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At20.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At2.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At19.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At18.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At17.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At16.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At15.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At14.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At13.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At12.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At11.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At10.job [2010-04-12 19:56:31 | 000,000,392 | ---- | M] () – C:\WINDOWS\tasks\At1.job [2010-04-12 19:56:16 | 000,000,106 | --S- | M] () – C:\WINDOWS\System32\2826459960.dat [2010-04-12 19:54:57 | 000,179,200 | ---- | M] () – C:\WINDOWS\System32\regedit.exe [2010-04-12 19:54:54 | 000,068,608 | ---- | M] () – C:\WINDOWS\System\svchost.exe [2010-04-12 19:54:54 | 000,000,024 | ---- | M] () – C:\Documents and Settings\Szczepson\Dane aplikacji\avdrn.dat [2010-04-12 19:54:53 | 000,023,040 | ---- | M] () – C:\lsass.exe [2010-04-12 19:54:53 | 000,009,208 | ---- | M] () – C:\WINDOWS\System32\userinit.exe [2010-04-12 19:54:45 | 000,131,072 | RHS- | M] () – C:\WINDOWS\cidrive32.exe [2010-04-10 15:11:50 | 000,335,888 | ---- | M] () – C:\WINDOWS\setupapi.old [2010-04-09 15:56:13 | 000,033,792 | ---- | M] (Portable Library) – C:\WINDOWS\System32\reader_s.exe [2010-04-09 15:56:13 | 000,033,792 | ---- | M] (Portable Library) – C:\Documents and Settings\Szczepson\reader_s.exe [2010-04-06 19:34:29 | 000,183,808 | RHS- | M] () – C:\Documents and Settings\Szczepson\csrss.exe [2010-03-19 20:46:48 | 000,000,240 | ---- | M] () – C:\WINDOWS\System32\drivers\kgpcpy.cfg :Files C:\WINDOWS\system\svchost.exe C:\WINDOWS\cidrive32.exe C:\WINDOWS\system32\reader_s.exe C:\Documents and Settings\Szczepson\reader_s.exe C:\RECYCLER\S-1-5-21-1474276482-7319748991-811190089-7251\mgrls32.exe C:\Documents and Settings\Szczepson\csrss.exe C:\RECYCLER :Services darkness xkiyapr :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “TaskMan”=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=“explorer.exe” :Commands [emptytemp] [resethosts] [Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij “Run Scan”.

Pokaż nowy log OTL.txt oraz raport z usuwania.

Ten nowy log zrobisz na dodatkowym ustawieniu:

W pole Custom Scans/Fixes wklej:

i dopiero wtedy kliknij “Run Scan”.

Dużo masz do zrobienia, ale to naprawdę niebezpieczna infekcja.

jessi

szczepanek9 · 12 Kwiecień 2010 23:55

TDSKiller.txt

xVwa2fp6TfaNN62TeS2TA+/A0RISbteOR9Qa5uda9SXG21ecfbmgakssk3TlR0lLZNZ0mQ3xRlZvd5rMUyNfKqUoVaCdqNreEbnWCpS7UiIJZl/gPbPe6t1oVebt25659afsy5uaHGe8qy71S8rUlEKaZQYxXO8a884o5JQTKok8svDCuwgl5cA3+hbcQtxXkOGvNxEXjy7qBiT4hGKIi2tNRH4SLXe1XJQrTUdheH5hpdU1CANuKKf25/++a/O7l9h/8tjGkz6r9NKCOOSLQq8BfbUtHZa3xYBzQZJDlk4S2qBEEkrIsYTCCy5k1V6nlk+73HY2EMyBwgnqmHqpjJEXP2pZY2/Ys5TmK4yQAO1Yqz/6U4dmfNaS9tLl6MYHN06kdv+SV0x81LTcaTM5MRGVvqSggRbFOGqQIAr7RCVQ6CUokiWI4Dxl0FrvzsY0SOG30ud380HA+EbuyaCIWy9Dyu6gTavO/+nmD+HChlR/sVd3OKp/QICuO8racuX2bMLgZJ4CuKa+nd2MvU0BKc7vGeGP5h+XFH7RpnG0W5XQ3x5KFrYhfQTtF6PDcu+P/3Osxtj3MJrg4c3VTdMKNGubaTzFmd8fPZtnHxusUj1yMwY4HrrGOSRWY7j83hkwlsQpYhulNuu+dHq4ZxUFN7Y9H9hbaNy355hxR/2P3DewGZZl/vskzxZRwKEYyos3efScZHPNEBkd7Uw2vDsl6VlSuL5POv9QLk83rkWFSanPDIkRlNSxTBe72902nYqmT0pAJm3XdecBoIhrlJzjWQEDYEv7ru7GMPk8d15o31sFtw/7hMHZMA3XYf4ctPsvwMQAMCCJ2FMltSV2b/bjCa3QM4o/AAz/vqpZaBscykd00FQAQLNYiWj4s0BO+zIGJl01GG2jWeYu9aWkueshIoqqK2Nm+QI5UCeVHB36mkxrSedBTagl5YSyODNFdffm/adIGZ8yYbYRs6Nkx/rXGwvpIPpLIO2dPMAPXprII3QkpUh/uVOZJowcjsqFZYKWvwmZCKOEy2joP2Aq7hsoWBjrpJTJ6EJQoODLcjEByC/peWR7qBW/xdQJo1flajAXQhFFZCe1aoPwomy4pBwvFaS1NB/+pRuN7rxDD4MOuxwPMLJ8wmFdMHiMA5rXq1eXiKpDb1+ue6xYikZlueViaclH6BmF1cRTqHlvf7LLtvBxLuAcxzO7caWi8V1Sny1Fs11ncOpNu8HsMVhTe8ccWdPHVqRcog2GjQfqisbWU/Vx+pEXICImYJWUH/wo3lUfa/2hvlMzGpWPskAJcxFWAOsoubCvwIeH8ayocX25xvvcpwQS00dYFFDyzyDgBWk7weNEL4hE0Xf1KK0PbIoBi9L5v97goB1oEnYaM5mk6Xf/5xnPQpXypEDQL8JVNFq1wjyFUJzH8gpbl8QJCytqLorzvnXrXl30fXUxTOSolzae1LD6AeRs9w+XM07QNfke2GvgplL9RnyS5LdRDTnZb6TQWbIHzdWMv5y9XjLLAX1CLMpnc7Zd1jgYLIOis0qGJfuWcQeRUCUBoJP6kJFnrBwTUQ0pncRF+ngKt9SUp/kupXSKN2kfXJJYB7lmWJSBLEoLrjDCv8TwmTH33WqpDX+ZVMLJF/0YZCdtd+wC3LW8SYVLPx73qh20Z9UsF6+AILHC2aXABesodvxDIFgDLFQ6dF8GywBnniHQQNVuiX9leGPOiDn4vYUKHs+91Zh9b08faiG3M2DlhKG5DiXvHo6kHp9swdjLMYFxOjPzz3vFaejII70G0maIHK9/FvcHcsjO3Ziu+7FpmSQPzmidLtBJ3Do9TCVfDfeE+7Sg/1B7fwkACQBIx4Bj+j2iaulGh7aRqQ8rzipjPVuU9V2GKMRpbBfa7wdFYGOo3wJ1UzN7IJZ6zKToyhh5YTgnGdzVJbJqK3KMDRbiNRdTyqZrStg5gmQ+EV22FoXQ2xcz+GV0RL+FydRqtAipBfXYT+9RmPyZ6kXRuba2aGHFAzfZ5IImGb8XrMxGQHgWqSGHerQWtbzoH5Ke7hSQh35jcQ5fveicrwi0uuavNshDCG4OZRsW+icwJJ6aznzsnIIDTibM6Ra8S4eq7D26SOpuaMf9Fr7yWZnr3XKp0713Fa/vKR15efS+0XKwBrUQscJAE/tfb7dVBFRxrkm6P97jHFnVPKdhL+hn3nQl3+7JONAiKa+UOYLqE2DOZHSgiw8V8zCFDobGH9/cOBA9u8GxAlq74SVrBcIADCsTTtqYajBzuWc4XSWpQM/7KO+u2R9pGq84oxZrkiVVe1Y0VJ/wW5tuCGV38K761EgdjAhj5f+Et7ZdwPeLN24/596afSNMQ1rQK6BkYuXIrci0c7WdX6pGgtvWhOHbcM5Rvj3Ha+I4QR5FR9XXT2xkcVYYAzUf8WysgbL4xkhDGMzikmFa2gshPRd02CI8OwRr/m74etAsKR4vzrhpdez2BKqxWj4GZv1x6/z8UUWPehMNQODX62IIBn2fN5uNgjYi5/BHNPOeMUxJ82VxokuQRWyLto9Tgf6rm1KQfTBZ7y2kPXmce2RMcYRhcUzxukYwZ6URz8lqkY27FCbnXEu2Gy/oHryOV2YbUFYV4QdxSGbDZLE0kJ+4k5LIH116VWNMyuG1TPQiwPpED0tYUeqJBD/Ap2Dw3T8aZofJXFCn9qbPzBJr/+i4fdz6kig9LiPvHIJIKE2Sp4YOpNSpl0Sg3hEk1bxHy69l6IpI6lKjfzZ4M9JCtO6PLc2+FmuoNbGDBP86r4/uKC/+dsUUPL4opFYnW3gLYgnXAejiG+KjA8fldRY/buA6yMI7NHlgCgo+VyFE+sQQi8c0EXwPvGq1bHW8vjcgwVBnHutv1bG0MkY02jCJyWxoGrSvSIVZ1XkGjQ4F4EU9Mue/GbEk+NV8c7388Vyo/GkM+cRJNEyzWnyFv+m+piYULL4iiGlbH63TijccB1PxnzPVmfFHhkLKIs9fyzmh/lo9roKofa3GRQZ/wL3i3jWt4EwdYqLCg1D+vUbW+w0H3sHVYCd4U/H/NM2pyzfwWb/f9lqNtBS0Ys3N24G+EvW6zAvwGHhl69Z0k93FcCnsCDgxU+UKdTv50rE9ci1zVUi8P+Mq5DZSedx2F02iWFdoiJxVndYs0NI2LKpEpoPrI+oCbSQy2AFpVVFCNWVgbjhF3cLx1MfJVTyLUmRY+bkUwu4CuGctLfrG2qAiZirCEzHtPinsJ2je1uuY+Rle4Hg+ygEdHSgXRkOmh3c9P6WoKj3cU3YSXXtWCGmU7htWBi3K9wwnilbWEqwvrXjiSLc45pEUTMMVz1cUIOUZNcAhQiptUhMWXt3j9XKVnO2BMWcqB/MZc96iypEHyPTYCHHCZuyIxPgAf2lKIzRXLKujgXZ4jTpFLCu4HIgtxQLM9Rt0hC79xo3Y2VCNxworBxaVljtxBUFNUXWfE1JfYmQisJtXPhrLPuzstiF4oTfZWj+IjxPJod1XdIeRZ+J9zsvfFw5V+U3BMxm69Q2TP1klq4EmRXlCjxhBjT6O4N/imMmk6UsAwi0m52EuaiWMVrjjFnw/69jgYYNFEiqoq/pOs6FywgK7ef9O3O3ZltyzIsDQLQR2KjX5fW9xHv0iekVwScp9H7jHxfa+5ToIp4eEfFDnruow

avenger.txt

tl+VBfS9RYV30189etjPBdd+tIhBvi6Z9Lp17LSlSIsNxLlejj6I03gmdGSFBegJ3ErD1PtlvA1MDHP+7Vta/6TPN9QNfbT/L+fciz4xixluki3E3Nnf483c/Mv6RE5nf2tGXhT6ZG/H/6KkSV1zFDLlp0tDQmz0uSs+1YBi0KR+Jc6dAQDuP2rezFROPVwqK69wPzqhK+E5eBKTAfjDSLwMKZQSgm8Ahsziz9UODw2Mw9qMtgd3RKffrJuAvkEq/Yp5Hgee+tNBAKnsNtDIpyXz2o1L+PbcVAw8H8h1YgA24u+jCSWAbSd9YASMWSeMI/1KFF+vg+pGXt5p03bhLyJzZtXT+joXYm3pBNMhRQ3A8SFLaMyVdzvoshMGq9VUf6ljXbwScydHQ4Sfic4Mo/qCLtDmQN9J5QJNRrieV2iZoGKYi1HWJg0noNTUCXTLBizLkfS/dbJsYy7z79XZGyAMxT94zUkRhZCHCzXMkB5gN8qp4vX4Hdqf3nWyh0iHD6vLCZqTYwarMeCaSdGWTD2mVWSjHryClTvyRNqT/IZxKRDaNGCipj29D4+QHJ2gyX/nQ7+rqud8BbPOL+cSebiiTUEhcszx9EcFg/0Kmr3mDWJ7gJ31DiGQknOaVSdTmrpql8nzkV5hPiYkJLWzAZKe0di36y8mmoAfD68xkl0JbJ+YNYglPrtvdpS7uzmVMv7Vzr6gtbl8k9zGLvGyU6KqHI+K7EIZ1T9I2nNIOzIYgCjBLBFirEAaOE0fRbyzOe5e8s6u3G53eaz2iIEI/nrKy3C3PB+RYCaYozz/dpHJ/Tafn/2i3TtfmoHyjvUSJFBPS0OsjVAyjGi4g4sBkxA14pPs1AZtNUWzmdqhUVx3gW5dH399FAngrZrb0jczUwwW8S8nGQ0trhstATHT/ozgFqV3jjqI5YRt1Q0sfA1hYvHxHXqmDjdc6dCvtQ9+wynoEbQ/sa2K8Yyowwf2Uekye085GKcDKRBbhREbymOrE8IXMtbg8aHPJYLgDdUtQ3+MSQfQbR7xybz5uF4dmmIBtzoLyHdO2CUSWPF50TBNE6ywsQU7v48JrhSglX6QWi4+BF0xnUdDg+Lk7+TbJAwq8MGqTSDeI/3CsSSOiEaOgydkM5Xhj70hLUVM4D4iVAZvSXKVFnJ2Wkmdnqol7e2iwIrnoOZ9pNkj0dzK33TFObWsUEIHuMlUbXbgHK2s2c3BNtgJVbxy6PBVrctZ3Yr3peQTzFaZc1QT/2agSn6TB9eQ7NdPH4Hyst+xEXCjYMRRNDQzYQH3VdzKI6ZSEyTorm1AaU8+J+vOPGMbXFhdGGVJfwiFweypiZnceO0+HO81LD/xbd8V+IzZ2piqPq9S4JASJEIrc+usVKf41MVTMXDlquyCuziOqkLlinYsCnMIA1SRInVyOw8XB2e9MP9oPC2TT8njGMau+ldaBZZrrnHHsrYCxm5eEp9o882EGUdiO8E3LLB7DHOy561Q/d0x8o+5nLibFZh5CC3X7peGVqpuJFo1/EyjYalPVf5ck2QF6/sn7OU+teEu8Yj5Wlf/YCBaYeoDdBG+PRb85VTx+nmAQL1E8ZHtVvq8VyFJ3X1vvSBEDBVrXAWD7iFzlmOJMsCDsn8y29vO5vsiAFJ3gWq2kFOMi3d/JVBpX49wArRR+ZraTn4S+ks0531/omLtN1rQ7Zqd/0PJCO/PwmQqx+SxpMJuWYKPhe81lVU39FWsqT8fJnIUtIe8x7VuN09vP9LeRog3l4hTmXyPOjk0LS4ydkie/w2dPSupcqbrRW18r2J5twkEApfwrAyZWTHXdVeeA5U15nsAQgZfuHAQtbykYMTD79cx4GRtih8Ioptv1hrcrI7RzP4vcWrYzfog6XkItRzvyTvxqNCYzAPMi47VJ44I6CI/ED7FjuYX+3TdAlHlnSnT3cwD90FuSWX3zJIeNvbJ6j/h+wdvgEfwQDIsWoBHB04tNkuIb9IIkJMeQdpAANz7MmNt9HMs1ZstjQNjOodRCKdQuP3KKLyKIY46ekqTTeWI1Mxnn7tAI5QjzetId0i6d7rMnVhA7Z3WzYuuLeEKcDy5zhB2y0E8zU31TCETi8H0YwS8+Zo/OBjCKnms1Z4k9vXj6UXq+C8pZBtqeo5n1qeEEAv3TF0/QGlYrmWf7jfwPInjH6/ObO1pne7lGTRQy3nEuuNC7cZtXzRL852jyLmY4Xuc5+sf+q2gWJhtAtgG3lvPL5K9o8napw7V2D0L/4fwIoPuL/ykDsUKnzYFf+ZfMxcsMXOqyz+MHrG2/BbploiW+3OZUWgiZvfUXLRizRbME1D5L+FRO7XQtkXsIDwgUCena8aWN08zn4vLvSL7ZIN4qGzNS+yrrHLJvSn03I5oEHuQGw4BdHokL/ZEqCbnUssi6qnJxa25ZqIsaw3Ro6uxed1NPCAJUVY7xhefGSNxAkVC2SYEot/R+dlslrGErpqQ5+K6PWjtIDl8t003nvaZRhARtnocMbou60YTnfg1sRKe4059l+TqAZ/v8b+nvUI2Dxh+HxvcxuxHlkMxmWPmS3HvRreaqmR5zVZc5VtFTPofM6v/GmJEMvS0DRVcuhSvTEzCkrGWYyWW6txpuG0scW00ljWnWiVGf4VIL2/P6iE1SqLjgQjv86IIcaE6W3ZWRkuHgjKOpDA3+HeTb/E5Wllrzoef/Xts/NpbwEtLyJOhjkC7kJSVRUQ+8H9M5FLpJXqogPfWVMfzamWAHcd68M0AkUGioreuKNXSXxvgdQzwEfcpEZ9yXE0ft/1IErHjmFBSEnVNRIT1Hgj+h0latTiohhKcRbXzK6w8t+aCg9MR9j+oZt/Z3AKTG4xIUgJ11xzF4UtCEOrGWkKWH09URR9Uax7bF31cktvRn/v2Z+AaKK6uS7772ZDAHa/Y6WlxHJQ7HEG3JgzK0TTNHm7PnBQrcQj8fzZo6D8rj/Gwm6IaBh/XSKD5DW8xm0Dzb9/70pfNAUvKzA7P33GVf1yfZ1wmTug2KpLcWMC6NogvRaflmqE+y/j9e9Tw+eP9IsIa0ICOUC5681kKAn2DIrdizGAhvIKFUxmC9BUDHer7tPLilKQ6A8gpgpn9L9SCEfP2GAbhRb2JR6zPJhsG9Xf8xB17r7kjwjugR7om1mecn4KjR2eOooSp4/mCmgSGFSrrMho7KaahR5DqJAIbvLpAqTZ3MBptPzG2cwVHRqWO98OmfV2au6Kc5GseigeXq3G1nkrHwj0fZ1UIBdARmrzB5ZbEb5A5c/Akb0HifufIV+FMumLG

Po kroku z Run Fix i restarcie kompa na pulpicie nie ma ikon oraz paska zadań…

– Dodane 13.04.2010 (Wt) 2:04 –

Jakimś cudem udało mi się uruchomić…

log

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\8843 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\oo deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\reader_s deleted successfully.

File C:\WINDOWS\system32\reader_s.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Regedit32 deleted successfully.

File move failed. C:\WINDOWS\system32\regedit.exe scheduled to be moved on reboot.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\reader_s deleted successfully.

File C:\Documents and Settings\Szczepson\reader_s.exe not found.

File C:\Documents and Settings\Szczepson\Menu Start\Programy\Autostart\wwwmen32.exe not found.

Registry key HKEY_CURRENT_USER\Software\Classes.exe\ deleted successfully.

HKEY_LOCAL_MACHINE\Software\Classes.exe\|exefile /E : value set successfully!

C:\WINDOWS\system32\stu2.exe moved successfully.

File C:\WINDOWS\System32\reader_s.exe not found.

File C:\Documents and Settings\Szczepson\reader_s.exe not found.

C:\WINDOWS\system32\drivers\xkiyapr.sys moved successfully.

File C:\WINDOWS\tasks\At360.job not found.

File C:\WINDOWS\tasks\At359.job not found.

File C:\WINDOWS\tasks\At358.job not found.

File C:\WINDOWS\tasks\At357.job not found.

File C:\WINDOWS\tasks\At356.job not found.

File C:\WINDOWS\tasks\At355.job not found.

File C:\WINDOWS\tasks\At354.job not found.

File C:\WINDOWS\tasks\At353.job not found.

File C:\WINDOWS\tasks\At352.job not found.

File C:\WINDOWS\tasks\At351.job not found.

File C:\WINDOWS\tasks\At350.job not found.

File C:\WINDOWS\tasks\At349.job not found.

File C:\WINDOWS\tasks\At348.job not found.

File C:\WINDOWS\tasks\At347.job not found.

File C:\WINDOWS\tasks\At346.job not found.

File C:\WINDOWS\tasks\At345.job not found.

File C:\WINDOWS\tasks\At344.job not found.

File C:\WINDOWS\tasks\At343.job not found.

File C:\WINDOWS\tasks\At342.job not found.

File C:\WINDOWS\tasks\At341.job not found.

File C:\WINDOWS\tasks\At340.job not found.

File C:\WINDOWS\tasks\At339.job not found.

File C:\WINDOWS\tasks\At338.job not found.

File C:\WINDOWS\tasks\At337.job not found.

C:\WINDOWS\tasks\At21.job moved successfully.

C:\WINDOWS\tasks\At9.job moved successfully.

C:\WINDOWS\tasks\At8.job moved successfully.

C:\WINDOWS\tasks\At7.job moved successfully.

C:\WINDOWS\tasks\At6.job moved successfully.

C:\WINDOWS\tasks\At5.job moved successfully.

C:\WINDOWS\tasks\At4.job moved successfully.

C:\WINDOWS\tasks\At3.job moved successfully.

C:\WINDOWS\tasks\At24.job moved successfully.

C:\WINDOWS\tasks\At23.job moved successfully.

C:\WINDOWS\tasks\At22.job moved successfully.

C:\WINDOWS\tasks\At20.job moved successfully.

C:\WINDOWS\tasks\At2.job moved successfully.

C:\WINDOWS\tasks\At19.job moved successfully.

C:\WINDOWS\tasks\At18.job moved successfully.

C:\WINDOWS\tasks\At17.job moved successfully.

C:\WINDOWS\tasks\At16.job moved successfully.

C:\WINDOWS\tasks\At15.job moved successfully.

C:\WINDOWS\tasks\At14.job moved successfully.

C:\WINDOWS\tasks\At13.job moved successfully.

C:\WINDOWS\tasks\At12.job moved successfully.

C:\WINDOWS\tasks\At11.job moved successfully.

C:\WINDOWS\tasks\At10.job moved successfully.

C:\WINDOWS\tasks\At1.job moved successfully.

File move failed. C:\WINDOWS\system32\2826459960.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\regedit.exe scheduled to be moved on reboot.

File C:\WINDOWS\System\svchost.exe not found.

C:\Documents and Settings\Szczepson\Dane aplikacji\avdrn.dat moved successfully.

C:\lsass.exe moved successfully.

Item C:\WINDOWS\system32\userinit.exe is whitelisted and cannot be moved.

C:\WINDOWS\cidrive32.exe moved successfully.

C:\WINDOWS\setupapi.old moved successfully.

File C:\WINDOWS\System32\reader_s.exe not found.

File C:\Documents and Settings\Szczepson\reader_s.exe not found.

File C:\Documents and Settings\Szczepson\csrss.exe not found.

C:\WINDOWS\system32\drivers\kgpcpy.cfg moved successfully.

========== FILES ==========

File\Folder C:\WINDOWS\system\svchost.exe not found.

File\Folder C:\WINDOWS\cidrive32.exe not found.

File\Folder C:\WINDOWS\system32\reader_s.exe not found.

File\Folder C:\Documents and Settings\Szczepson\reader_s.exe not found.

File\Folder C:\RECYCLER\S-1-5-21-1474276482-7319748991-811190089-7251\mgrls32.exe not found.

File\Folder C:\Documents and Settings\Szczepson\csrss.exe not found.

C:\RECYCLER\S-1-5-21-9714414699-2880173788-346746439-0514 folder moved successfully.

C:\RECYCLER\S-1-5-21-9651971665-5875080359-021562423-6036 folder moved successfully.

C:\RECYCLER\S-1-5-21-8823417464-6178360977-831460787-6402 folder moved successfully.

C:\RECYCLER\S-1-5-21-8636933832-0076832418-385901427-1407 folder moved successfully.

C:\RECYCLER\S-1-5-21-7577295357-8300172352-589776989-9565 folder moved successfully.

C:\RECYCLER\S-1-5-21-7357433430-3342756548-387331569-3719 folder moved successfully.

C:\RECYCLER\S-1-5-21-6718712958-5005814561-186852597-8603 folder moved successfully.

C:\RECYCLER\S-1-5-21-6574776242-4868336344-834588079-8322 folder moved successfully.

C:\RECYCLER\S-1-5-21-5515306188-4802511661-187129540-2287 folder moved successfully.

C:\RECYCLER\S-1-5-21-5473259964-6057573575-895870263-0541 folder moved successfully.

C:\RECYCLER\S-1-5-21-5076619753-4480910432-738046422-5086 folder moved successfully.

C:\RECYCLER\S-1-5-21-4988557941-6405516323-055746605-6864 folder moved successfully.

C:\RECYCLER\S-1-5-21-4204392372-0975362434-497277064-6352 folder moved successfully.

C:\RECYCLER\S-1-5-21-4116885182-1059710875-949847538-4213 folder moved successfully.

C:\RECYCLER\S-1-5-21-4021649081-3736643011-162484792-5753 folder moved successfully.

C:\RECYCLER\S-1-5-21-3342640642-0739066063-150714133-1924 folder moved successfully.

C:\RECYCLER\S-1-5-21-2170399215-6336847630-302462963-1657 folder moved successfully.

C:\RECYCLER\S-1-5-21-1730595568-0214185107-617598966-0793 folder moved successfully.

C:\RECYCLER\S-1-5-21-1701485718-6181666790-349336198-7335 folder moved successfully.

C:\RECYCLER\S-1-5-21-1644491937-1383384898-839522115-1003 folder moved successfully.

C:\RECYCLER\S-1-5-21-1575646921-6586194554-543278136-8161 folder moved successfully.

C:\RECYCLER\S-1-5-21-1509400602-3640207449-502776795-8327 folder moved successfully.

C:\RECYCLER\S-1-5-21-1474276482-7319748991-811190089-7251 folder moved successfully.

C:\RECYCLER\S-1-5-21-0692189014-7242566598-224748664-9427 folder moved successfully.

C:\RECYCLER\S-1-5-21-0552153152-4295881576-394000164-7245 folder moved successfully.

C:\RECYCLER\S-1-5-21-0316735633-5692832793-559779064-3367 folder moved successfully.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 folder moved successfully.

C:\RECYCLER\S-1-5-21-0206015318-0277780620-326041722-1184 folder moved successfully.

C:\RECYCLER folder moved successfully.

========== SERVICES/DRIVERS ==========

Service darkness stopped successfully!

Service darkness deleted successfully!

Service xkiyapr stopped successfully!

Service xkiyapr deleted successfully!

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\TaskMan deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\“Shell”|“explorer.exe” /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Szczepson

->Temp folder emptied: 1414859 bytes

->Temporary Internet Files folder emptied: 62354 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 2796201 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16390 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.1 log created on 04132010_014343

Files\Folders moved on Reboot…

C:\WINDOWS\system32\regedit.exe moved successfully.

File move failed. C:\WINDOWS\system32\2826459960.dat scheduled to be moved on reboot.

C:\Documents and Settings\Szczepson\Ustawienia lokalne\Temp\in4.tmp moved successfully.

Registry entries deleted on Reboot…

– Dodane 13.04.2010 (Wt) 2:08 –

i po ostatnim kroku

http://wklejto.pl/63736

– Dodane 13.04.2010 (Wt) 2:16 –

Ikony nadal nie pokazują się po restarcie

i wyskakują jakieś kolejne błędy nrktcvy.exe

jessica · 13 Kwiecień 2010 07:01

Raport z TDSKiller - nieczytelny, to kupa przypadkowych liter

Raport z Avengera - nieczytelny, to kupa przypadkowych liter

Ściągnij jeszcze raz plik “ndis.sys” i umieść go na C:\
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL O4 - HKLM…\Run: [Microsoft Driver Setup] C:\WINDOWS\cidrive32.exe File not found O4 - HKLM…\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\cidrive32.exe File not found O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-8204314052-7185987348-944833105-2501\mgrls32.exe) - C:\RECYCLER\S-1-5-21-8204314052-7185987348-944833105-2501\mgrls32.exe () O32 - AutoRun File - [2010-04-13 01:43:46 | 000,000,192 | ---- | M] () - I:\autorun.inf – [FAT] O33 - MountPoints2{1597a842-1fc2-11df-9b63-002354628385}\Shell\AutoRun\command - “” = I:\RECYCLER\autorun.exe – [2010-04-09 09:41:16 | 000,107,520 | RHS- | M] () O33 - MountPoints2{1597a842-1fc2-11df-9b63-002354628385}\Shell\open\command - “” = I:\RECYCLER\autorun.exe – [2010-04-09 09:41:16 | 000,107,520 | RHS- | M] () [2010-04-12 19:56:16 | 000,000,106 | --S- | M] () – C:\WINDOWS\System32\2826459960.dat [2010-04-12 19:54:45 | 000,131,072 | RHS- | M] () – C:\WINDOWS\ndll.exe [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At9.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At8.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At7.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At6.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At5.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At4.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At3.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At24.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At23.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At22.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At21.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At20.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At2.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At19.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At18.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At17.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At16.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At15.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At14.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At13.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At12.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At11.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At10.job [2010-04-13 02:01:21 | 000,000,370 | ---- | C] () – C:\WINDOWS\tasks\At1.job [2010-04-12 19:55:12 | 000,000,106 | --S- | C] () – C:\WINDOWS\System32\2826459960.dat [2010-04-12 14:59:14 | 000,131,072 | RHS- | C] () – C:\WINDOWS\ndll.exe :Files C:\Windows\System32\userinit.exe|C:\userinit.exe /replace C:\WINDOWS\System32\dllcache\ndis.sys | C:\ndis.sys /replace C:\RECYCLER\S-1-5-21-8204314052-7185987348-944833105-2501\mgrls32.exe C:\RECYCLER :Reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “HideIcons”=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “TaskMan”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Userinit”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Userinit”=“C:\WINDOWS\system32\userinit.exe,” :Commands [Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij “Run Scan”.

Pokaż nowy log OTL.txt oraz raport z usuwania.

Ma spację w nazwie, więc wygląda, jakby był podmieniony przez VUNDO. Sprawdź go na --> JOTTI/

albo na VIRUSTOTAL.

jessi

szczepanek9 · 13 Kwiecień 2010 10:07

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Regedit32 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Microsoft Driver Setup deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\TaskMan:C:\RECYCLER\S-1-5-21-8204314052-7185987348-944833105-2501\mgrls32.exe deleted successfully.

File move failed. C:\RECYCLER\S-1-5-21-8204314052-7185987348-944833105-2501\mgrls32.exe scheduled to be moved on reboot.

File I:\autorun.inf not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{1597a842-1fc2-11df-9b63-002354628385}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{1597a842-1fc2-11df-9b63-002354628385}\ not found.

File I:\RECYCLER\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{1597a842-1fc2-11df-9b63-002354628385}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{1597a842-1fc2-11df-9b63-002354628385}\ not found.

File I:\RECYCLER\autorun.exe not found.

File move failed. C:\WINDOWS\system32\2826459960.dat scheduled to be moved on reboot.

C:\WINDOWS\ndll.exe moved successfully.

C:\WINDOWS\tasks\At9.job moved successfully.

C:\WINDOWS\tasks\At8.job moved successfully.

C:\WINDOWS\tasks\At7.job moved successfully.

C:\WINDOWS\tasks\At6.job moved successfully.

C:\WINDOWS\tasks\At5.job moved successfully.

C:\WINDOWS\tasks\At4.job moved successfully.

C:\WINDOWS\tasks\At3.job moved successfully.

C:\WINDOWS\tasks\At24.job moved successfully.

C:\WINDOWS\tasks\At23.job moved successfully.

C:\WINDOWS\tasks\At22.job moved successfully.

C:\WINDOWS\tasks\At21.job moved successfully.

C:\WINDOWS\tasks\At20.job moved successfully.

C:\WINDOWS\tasks\At2.job moved successfully.

C:\WINDOWS\tasks\At19.job moved successfully.

C:\WINDOWS\tasks\At18.job moved successfully.

C:\WINDOWS\tasks\At17.job moved successfully.

C:\WINDOWS\tasks\At16.job moved successfully.

C:\WINDOWS\tasks\At15.job moved successfully.

C:\WINDOWS\tasks\At14.job moved successfully.

C:\WINDOWS\tasks\At13.job moved successfully.

C:\WINDOWS\tasks\At12.job moved successfully.

C:\WINDOWS\tasks\At11.job moved successfully.

C:\WINDOWS\tasks\At10.job moved successfully.

C:\WINDOWS\tasks\At1.job moved successfully.

File move failed. C:\WINDOWS\system32\2826459960.dat scheduled to be moved on reboot.

File C:\WINDOWS\ndll.exe not found.

========== FILES ==========

File C:\Windows\System32\userinit.exe successfully replaced with C:\userinit.exe

Unable to replace file: C:\WINDOWS\System32\dllcache\ndis.sys with C:\ndis.sys without a reboot.

File move failed. C:\RECYCLER\S-1-5-21-8204314052-7185987348-944833105-2501\mgrls32.exe scheduled to be moved on reboot.

Folder move failed. C:\RECYCLER\S-1-5-21-8204314052-7185987348-944833105-2501 scheduled to be moved on reboot.

C:\RECYCLER\S-1-5-21-3940348310-6011750699-900074966-1832 folder moved successfully.

C:\RECYCLER\S-1-5-21-1644491937-1383384898-839522115-1003 folder moved successfully.

C:\RECYCLER\S-1-5-21-1474059335-9331413246-130868979-7345 folder moved successfully.

C:\RECYCLER\S-1-5-21-0735786848-2590089091-185426922-3085 folder moved successfully.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 folder moved successfully.

Folder move failed. C:\RECYCLER scheduled to be moved on reboot.

========== REGISTRY ==========

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\“HideIcons”|dword:00000000 /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\TaskMan deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\“Userinit”|“C:\WINDOWS\system32\userinit.exe,” /E : value set successfully!

========== COMMANDS ==========

OTL by OldTimer - Version 3.2.1.1 log created on 04132010_120208

Files\Folders moved on Reboot…

C:\RECYCLER\S-1-5-21-8204314052-7185987348-944833105-2501\mgrls32.exe moved successfully.

C:\WINDOWS\system32\2826459960.dat moved successfully.

C:\RECYCLER\S-1-5-21-8204314052-7185987348-944833105-2501 folder moved successfully.

C:\RECYCLER folder moved successfully.

Registry entries deleted on Reboot…

– Dodane 13.04.2010 (Wt) 12:09 –

http://www.virustotal.com/pl/analisis/9 … 1271071341

– Dodane 13.04.2010 (Wt) 12:14 –

http://wklejto.pl/63743

– Dodane 13.04.2010 (Wt) 12:15 –

Słychać charakterystyczne cykanie co chwile jak przy otwieraniu folderu…

jessica · 13 Kwiecień 2010 11:56

Zamiast być coraz lepiej, to jest coraz gorzej - zaczynam żałować, że w ogóle zajrzałam do tego tematu.

Ściągnij plik “cdrom.sys” stąd> http://www.speedyshare.com/files/21918179/cdrom.sys, i umieść go na C:\
Ściągnij -->Avenger.

wklej do niego ten tekst:

Files to delete:

C:\RECYCLER\S-1-5-21-8204314052-7185987348-944833105-2501\mgrls32.exe

C:\WINDOWS\System32\alrsvch.exe

C:\WINDOWS\System32\2052f.exe

C:\WINDOWS\System32\ansim.exe

C:\WINDOWS\System32\alrsvch.exe

C:\Documents and Settings\Szczepson\Ustawienia lokalne\Temp\nrktcvy.exe 

C:\Documents and Settings\Szczepson\Menu Start\Programy\Autostart\wwwmen32.exe

C:\Documents and Settings\All Users\Dane aplikacji\68015525

C:\WINDOWS\System32\dllcache\cdrom.sys

C:\WINDOWS\System32\fjhdyfhsn.bat

C:\WINDOWS\System32\wuaucldt.exe

C:\Documents and Settings\Szczepson\wuaucldt.exe

C:\WINDOWS\System32\reader_s.exe

C:\WINDOWS\System32\msxsltsso.dll

C:\WINDOWS\System32\stu2.exe

C:\WINDOWS\System32\fjhdyfhsn.bat

C:\Documents and Settings\LocalService\Dane aplikacji\ypgmjw.dat

C:\WINDOWS\System32\drivers\protect.sys

C:\Documents and Settings\Szczepson\Pulpit\Security Tool.lnk

C:\WINDOWS\System32\drivers\125.exe

C:\WINDOWS\System32\regedit.exe

C:\WINDOWS\System32\drivers\foyqj.sys

C:\WINDOWS\cidrive32.exe

C:\Documents and Settings\Szczepson\reader_s.exe

C:\Documents and Settings\Szczepson\Dane aplikacji\avdrn.dat

C:\lsass.exe

C:\WINDOWS\System32\2826459960.dat


Folders to delete:

C:\RECYCLER


Files to move:

C:\cdrom.sys | C:\WINDOWS\System32\drivers\cdrom.sys


Registry values to delete: 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | 7474

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | GootkitSSO

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | TaskMan


Drivers to delete:

NetlogonCiSvc

protect

RasManRichVideo

lanmanserverNetlogon

foyqj

Kliknij w " Execute" i zatwierdź restart komputera.

Zrestartuj komputer.

Daj Raport z Avengera z C:\avenger.txt.

Daj też nowy log z OTL, na dodatkowym ustawieniu:

W pole Custom Scans/Fixes wklej

i dopiero wtedy kliknij Run Scan

jessi

szczepanek9 · 13 Kwiecień 2010 12:53

Jeszcze tego nie zrobiłem co napisałaś a już pojawił się problem…

Niebieski ekran i…

“Pojawił sie problem i system windows zostanie zamkniety…”

system · 20 Kwiecień 2010 16:34

Witam jestem w kropce nie wiem jak sobie z tym poradzić , Avira wykrył mi trojana TR/vundo.gen … a oto co przedstawił Hijack http://www.wklejto.pl/txt64509