trojan winpez32.dljak usunąć

IP: *.c27.msk.pl 06.03.07, 23:32
padła mi przeglądarka mozilla i po przeskanowaniu avastem okazalo się że
wykrył trojana w katalogu windows...system 32/winpez32.dll,nie moge go usunąć
ad awarem ani avastem proszę o pomoc,thx
    • Gość: catatonia Re: trojan winpez32.dljak usunąć IP: *.c27.msk.pl 06.03.07, 23:34
      oto log;
      Logfile of HijackThis v1.99.1
      Scan saved at 23:24:55, on 2007-03-06
      Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
      C:\WINDOWS\system32\PDFSaver.exe
      C:\WINDOWS\System32\mqsvc.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\hijackthis\HijackThis.exe

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
      c:\program files\google\googletoolbar2.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
      files\google\googletoolbar2.dll (file missing)
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
      C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
      O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe
      O4 - HKLM\..\Run: [LXCFCATS] rundll32
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
      O4 - HKLM\..\Run: [WindowsServicesStartup]
      C:\DOCUME~1\CATATO~1\USTAWI~1\Temp\svchost.exe 1
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
      -lang 1033
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
      O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\StartMenu.exe"
      O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Program
      Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
      Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Symfonia® PDF.lnk = C:\WINDOWS\system32\PDFSaver.exe
      O8 - Extra context menu item: &Google Search - res://c:\program
      files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://c:\program
      files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://c:\program
      files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
      files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Similar Pages - res://c:\program
      files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program
      files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
      C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
      messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
      ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
      messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
      mks.com.pl/skaner/SkanerOnline.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
      messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
      cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
      ax.emsisoft.com/asquared.cab
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
      zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} -
      mks.com.pl/skaner/SkanerOnline.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
      messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
      C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
      C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - AppInit_DLLs: pushow70.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
      - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Unknown owner - C:\Program
      Files\iPod\bin\iPodService.exe (file missing)
      O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\System32\lxcfcoms.exe

    • Gość: Kolobos Re: trojan winpez32.dljak usunąć IP: *.escom.net.pl 07.03.07, 08:45
      Zamknij porty przy pomocy wwdc.exe
      Uzyj i oczysc temp itd:
      www.atribune.org/content/view/25/2/
      W hjt usun:
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
      c:\program files\google\googletoolbar2.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
      files\google\googletoolbar2.dll (file missing)
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
      C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll <- odinstaluj w dodaj-usun programy lub klikajac na olowek na pasku yahoo i uninstall.
      O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
      O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
      O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto <- katalog winupdate usun z dysku.
      O4 - HKLM\..\Run: [WindowsServicesStartup]
      C:\DOCUME~1\CATATO~1\USTAWI~1\Temp\svchost.exe 1
      O8 - Extra context menu item: &Google Search - res://c:\program
      files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://c:\program
      files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://c:\program
      files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
      files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://c:\program
      files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program
      files\google\GoogleToolbar2.dll/cmtrans.html
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
      ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
      O20 - AppInit_DLLs: pushow70.dll <- plik usun z dysku.

      winpez32.dll rowniez.

      Pliki usuwaj przy pomocy killbox'a (opis w naglowku forum).
Pełna wersja