prosim o pomoc s odstranenin viru Win32/Olmarik.TDL4.trojan

[Žbeky]

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe /Stay
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Jak se chová počítač?

Jinak neřeš problémn na 2 fórech! Tak si akorát koleduješ o průser

[Reklama]

[imprezion]

Dobry vecer,

Kod som fixol v HJT.
Po restartovani pocitaca mi NOD32 stale ukazuje hlasku ze Trojan sa nachadza v operacnej pamati.
Catalist uz vyzera byt v pohode.

Ospravedlujem sa, ale vobec som netusil ze tento problem nemozem riesit na 2 forach.
Bohuzial som trochu zufaly a tak som to skusil.

tak sorry

[Žbeky]

To je jak chodit ke dvěma doktorům. Každý ti nasadí své prášky a kdo ti zaručí, že se snesou?

Stáhni si MBR Rootkit Detektor
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.

[imprezion]

log z MBR:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR
error: Read Neplatný popisovac.
kernel: error reading MBR

[jaro3]

Stáhni si aswMBR

na svojí plochu.Poklepej na aswMBR.exe. Klikni na Scan.
Po skenu klikni na aswASW.log a ulož si ho na plochu , vlož sem celý obsak toho logu.

Stáhni Bootkit Remover

-ulož na plochu
-spusť
- pak klikni do černého okna a zkopíruj sem výsledek, případně dej screen

[imprezion]

Zdravim,

log z aswMBR:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-24 20:37:29
-----------------------------
20:37:29.054 OS Version: Windows x64 6.1.7600
20:37:29.054 Number of processors: 2 586 0x2505
20:37:29.055 ComputerName: ADMIN-VAIO UserName: admin
20:37:31.933 Initialize success
20:37:43.852 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:37:43.856 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
20:37:43.871 Disk 0 MBR read successfully
20:37:43.874 Disk 0 MBR scan
20:37:43.877 Disk 0 TDL4@MBR code has been found
20:37:43.880 Disk 0 Windows 7 default MBR code found via API
20:37:43.884 Disk 0 MBR hidden
20:37:43.888 Disk 0 MBR [TDL4] **ROOTKIT**
20:37:43.892 Disk 0 trace - called modules:
20:37:43.897 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006252254]<<
20:37:43.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006237060]
20:37:43.905 3 CLASSPNP.SYS[fffff88001b4743f] -> nt!IofCallDriver -> [0xfffffa8003578040]
20:37:43.910 5 ACPI.sys[fffff88000f8d781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80042fd050]
20:37:43.915 \Driver\iaStor[0xfffffa80042cd3b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006252254
20:37:44.243 Scan finished successfully
20:37:56.557 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
20:37:56.563 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"

Bootkit Remover mi nejde stiahnut a nikde ho nemozem najst.
Nemozete mi poradit iny link?

[jaro3]

http://www.esagelab.com/files/bootkit_remover.zip