Problem z arking0.dll

**Posty:** 1 · przez **zibikid** 05 Kwi 2011, 19:21

Witam
Mam problem z czyms o nazwie arking0.dll i bardzo chcialbym sie tego pozbyc :-)
Oto logi :
OTL : http://www.wklej.org/id/506745/
Gmer : http://www.wklej.org/id/506762/
Dziekuje i pzdr

**Posty:** 18165 · przez **wojtas** 05 Kwi 2011, 20:21

brak 2 loga z OTL extras... uzupełnij:

to jest tzw. infekcja z pendriva więc takie rzeczy tupu pendrive, telefon może mieć infekcję...

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKU\S-1-5-21-1229272821-602162358-1801674531-1003..\Run: [api32] C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\apiqq.exe ()
O4 - HKU\S-1-5-21-1229272821-602162358-1801674531-1003..\Run: [King_ar] C:\WINDOWS\system32\arking.exe ()
O4 - HKU\S-1-5-21-1229272821-602162358-1801674531-1003..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O32 - AutoRun File - [2011-04-05 18:34:44 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010-11-21 18:09:18 | 000,000,061 | RHS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2011-04-05 18:34:42 | 000,000,061 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{18924911-5ba0-11e0-adfd-0016d3601f95}\Shell - "" = AutoRun
O33 - MountPoints2\{18924911-5ba0-11e0-adfd-0016d3601f95}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{4c02cffe-5d6c-11e0-b6ab-806d6172696f}\Shell\AutoRun\command - "" = F:\w9.exe
O33 - MountPoints2\{4c02cffe-5d6c-11e0-b6ab-806d6172696f}\Shell\open\Command - "" = F:\w9.exe
O33 - MountPoints2\{6c39b886-d784-11df-a7d7-806d6172696f}\Shell\AutoRun\command - "" = C:\w9.exe -- [2010-11-26 23:23:12 | 000,181,760 | RHS- | M] ()
O33 - MountPoints2\{6c39b886-d784-11df-a7d7-806d6172696f}\Shell\open\Command - "" = C:\w9.exe -- [2010-11-26 23:23:12 | 000,181,760 | RHS- | M] ()
O33 - MountPoints2\{6c39b887-d784-11df-a7d7-806d6172696f}\Shell\AutoRun\command - "" = D:\w9.exe -- [2010-11-26 23:23:12 | 000,181,760 | RHS- | M] ()
O33 - MountPoints2\{6c39b887-d784-11df-a7d7-806d6172696f}\Shell\open\Command - "" = D:\w9.exe -- [2010-11-26 23:23:12 | 000,181,760 | RHS- | M] ()
O33 - MountPoints2\{6e457a80-de19-11df-ad68-0016d3601f95}\Shell\AutoRun\command - "" = F:\io3yalc.exe
O33 - MountPoints2\{6e457a80-de19-11df-ad68-0016d3601f95}\Shell\open\Command - "" = F:\io3yalc.exe
O33 - MountPoints2\{74660498-20cc-11e0-addc-0016d3601f95}\Shell\AutoRun\command - "" = F:\w9.exe
O33 - MountPoints2\{74660498-20cc-11e0-addc-0016d3601f95}\Shell\open\Command - "" = F:\w9.exe
O33 - MountPoints2\{869fc24a-20f2-11e0-adde-0016d3601f95}\Shell - "" = AutoRun
O33 - MountPoints2\{869fc24a-20f2-11e0-adde-0016d3601f95}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{869fc24b-20f2-11e0-adde-0016d3601f95}\Shell\AutoRun\command - "" = H:\w9.exe
O33 - MountPoints2\{869fc24b-20f2-11e0-adde-0016d3601f95}\Shell\open\Command - "" = H:\w9.exe
O33 - MountPoints2\{ba859218-d784-11df-ad50-f203656384ee}\Shell\AutoRun\command - "" = F:\io3yalc.exe
O33 - MountPoints2\{ba859218-d784-11df-ad50-f203656384ee}\Shell\open\Command - "" = F:\io3yalc.exe
O33 - MountPoints2\{c447099e-f589-11df-ad88-0016d3601f95}\Shell\AutoRun\command - "" = F:\i00dvoym.exe
O33 - MountPoints2\{c447099e-f589-11df-ad88-0016d3601f95}\Shell\open\Command - "" = F:\i00dvoym.exe
O33 - MountPoints2\{d3035853-dd26-11df-ad64-0016d3601f95}\Shell\AutoRun\command - "" = F:\io3yalc.exe
O33 - MountPoints2\{d3035853-dd26-11df-ad64-0016d3601f95}\Shell\open\Command - "" = F:\io3yalc.exe

:Files
c:\Documents and Settings\Ja\Ustawienia lokalne\Temp\apiqq0.dll
C:\WINDOWS\system32\mgking0.dll
w9.exe /alldrives
io3yalc.exe /alldrives
autorun.inf /alldrives
C:\WINDOWS\System32\arking1.dll
C:\WINDOWS\System32\arking.exe
C:\WINDOWS\System32\mgking2.dll
C:\WINDOWS\System32\mgking1.dll
C:\WINDOWS\System32\mgking.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .
Przy podpiętym urządzeniu przenośnym (pendrive, telefon - to co jest podłączane do komputera) , uruchom USBFIX z opcji Listing i pokaż raport na forum.

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).