3o.exe i ukryte pliki multi vir?

[Mawgan]

Witam,

Dziwne nic nie ściągałem, a dzisiaj po południu po autoaktualizacji AVASTa nagle mi zaczęło wyskakiwać pełno ostrzeżeń o 3o.exe początkowo. i to na wszystkich dyskach. Nie do usunięcia. Proszę o pomoc.
Dodam tylko, że później pojawiło się więcej dziwnych "plików" + problem z plikami ukrytymi. Jestem zielony więc nie potrafie inaczej tego opisać.

Poszperałem na forum i na razie tyle co zrobiłem to przeleciałem ComboFixem.
oto log: http://www.wklej.org/id/99fa154709 jednak nic więcej nie robilem, coś tam się robi w pliku txt jakiś skrypt wrzuca etc ale nie wiem co wpisac i tak dalej.

Proszę o pomoc w odwirusowaniu komputera, abym innych mógł nauczać : )

[wojtas]

Wykonaj to co jest podane w tym temacie

zastosuj:

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa ( jak będziesz sciągał zapisz go pod nazwa combo-fix.exe) oraz daj loga z hijacka ( w tagach code lub quote)

[Mawgan]

Witam, dzieki za odpowiedz Bracie!

Oto co zrobiłem:
1. Użyłem programu Seconfig XP zeby tam zabezpieczyć porty
2. Ściągnąłem smitfraudfix i zrobiłem jak w opisie Twoim
3. Zastosowałem SDFix łącznie z trybem awaryjnym etc jak pisałeś.
4. Jeszcze raz użyłem ComboFix tego co już na dysku miałem.

oto logi nic mi nie mówią, możesz na ich podstawie stwierdzić czy jest dobrze czy źle?:

ComboFix 08-03-14.4 - eXe 2008-03-17 22:06:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2521 [GMT 1:00]
Running from: C:\Documents and Settings\eXe\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-18 09:25 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll
2008-03-18 08:58 . 2008-03-18 09:16 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-18 08:58 . 2008-03-18 09:59 61,626 --a------ C:\WINDOWS\War3Unin.dat
2008-03-18 08:58 . 2008-03-18 09:16 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-18 03:57 . 2008-03-17 11:22 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-18 03:55 . 2008-03-18 03:55 <DIR> d-------- C:\Documents and Settings\eXe\Dane aplikacji\DAEMON Tools
2008-03-18 03:55 . 2008-03-18 03:55 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-17 21:55 . 2008-03-17 21:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-17 21:50 . 2008-03-17 22:02 <DIR> d-------- C:\SDFix
2008-03-17 21:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 21:42 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 21:42 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 21:42 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 21:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 21:42 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 21:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 21:42 . 2008-03-17 21:42 3,194 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-17 20:46 . 2008-03-17 20:46 <DIR> d-------- C:\Program Files\EditPlus 3
2008-03-17 20:46 . 2008-03-17 21:35 <DIR> d-------- C:\Documents and Settings\eXe\Dane aplikacji\EditPlus 3
2008-03-17 15:07 . 2008-03-17 15:07 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-03-17 15:07 . 2008-03-17 15:07 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-17 15:06 . 2008-03-17 15:06 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-14 15:14 . 2008-03-17 12:47 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-14 15:13 . 2008-03-14 15:13 <DIR> d-------- C:\WINDOWS\Cache
2008-03-13 23:27 . 2008-03-13 23:28 <DIR> d-------- C:\DVDVideoSoft
2008-03-13 23:26 . 2008-03-13 23:26 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-03-13 23:26 . 2008-03-13 23:26 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-03-13 23:26 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-03-13 15:57 . 2008-03-17 15:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-13 11:32 . 2008-03-17 18:56 161 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-13 11:31 . 2008-03-13 11:31 <DIR> d-------- C:\Program Files\totalcmd
2008-03-13 11:31 . 2008-03-17 18:57 802 --a------ C:\WINDOWS\wincmd.ini
2008-03-13 11:31 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-03-13 11:31 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-03-13 11:31 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-03-13 11:31 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-03-13 11:31 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-03-13 11:31 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-03-13 11:31 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-03-12 21:06 . 2008-03-17 11:23 <DIR> d-------- C:\Documents and Settings\eXe\Dane aplikacji\skypePM
2008-03-12 21:06 . 2008-03-12 21:06 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-12 21:03 . 2008-03-12 21:03 <DIR> d-------- C:\Program Files\Skype
2008-03-12 21:03 . 2008-03-12 21:03 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-12 21:03 . 2008-03-17 22:03 <DIR> d-------- C:\Documents and Settings\eXe\Dane aplikacji\Skype
2008-03-12 21:02 . 2008-03-12 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-12 15:27 . 2008-03-13 23:43 <DIR> d-------- C:\Program Files\ikonki
2008-03-12 14:47 . 2008-03-12 14:47 <DIR> d-------- C:\Program Files\Spik
2008-03-12 14:47 . 2008-03-12 14:47 <DIR> d-------- C:\Documents and Settings\eXe\Dane aplikacji\Spik
2008-03-12 14:13 . 2008-03-12 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\IM
2008-03-12 14:12 . 2008-03-12 14:12 <DIR> d-------- C:\Program Files\IncrediMail
2008-03-12 14:12 . 2008-03-12 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail
2008-03-12 13:34 . 2008-03-17 18:21 <DIR> d-------- C:\Program Files\SkanerOnline
2008-03-12 12:43 . 2008-03-12 12:43 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-12 12:39 . 2008-03-12 12:39 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-11 18:30 . 2008-03-11 18:37 <DIR> d-------- C:\Program Files\Winamp
2008-03-11 18:30 . 2008-03-11 18:38 <DIR> d-------- C:\Documents and Settings\eXe\Dane aplikacji\Winamp
2008-03-11 18:10 . 2008-03-11 18:10 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-11 18:08 . 2008-03-11 18:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-11 17:35 . 2008-03-11 17:35 3,888,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-11 17:35 . 2008-03-11 17:35 62,024 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-03-11 17:33 . 2008-03-11 17:33 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-03-11 17:33 . 2008-03-11 17:44 <DIR> d-------- C:\Program Files\Vista Inspirat 2
2008-03-11 17:33 . 2008-03-11 17:35 5,390 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-11 16:42 . 2008-03-11 16:42 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-11 16:42 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-11 16:42 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-11 16:42 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-11 16:42 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-11 16:42 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-11 16:42 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-11 16:42 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-11 16:42 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-11 16:28 . 2008-03-11 16:28 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-03-11 16:27 . 2008-03-11 16:27 <DIR> d---s---- C:\Documents and Settings\eXe\UserData
2008-03-10 21:32 . 2008-03-10 21:32 427 --a------ C:\WINDOWS\ODBC.INI
2008-03-10 21:29 . 2008-03-10 21:29 <DIR> d-------- C:\WINDOWS\ShellNew
2008-03-10 21:28 . 2008-03-10 21:28 <DIR> d-------- C:\Documents and Settings\eXe\Dane aplikacji\Microsoft Web Folders
2008-03-10 21:11 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-07 18:03 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-07 18:03 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-05 20:39 . 2008-03-05 20:39 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Infineon
2008-03-05 20:37 . 2008-03-05 20:37 <DIR> d-------- C:\Program Files\Compal Electronics, INC
2008-03-05 20:36 . 2007-05-03 17:47 1,986,560 --a------ C:\WINDOWS\system32\WVAProp.cpl
2008-03-05 20:36 . 2007-05-03 17:45 790,528 --a------ C:\WINDOWS\system32\SMB.cpl
2008-03-05 20:35 . 2008-03-05 20:35 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel
2008-03-05 20:35 . 2008-03-05 20:35 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Intel
2008-03-05 20:35 . 2008-03-05 20:35 <DIR> d-------- C:\Documents and Settings\eXe\Dane aplikacji\Intel
2008-03-05 20:35 . 2008-03-05 20:35 356,352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-03-05 20:35 . 2008-03-05 20:35 21,393 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-05 20:35 . 2008-03-05 20:35 21,393 --a------ C:\WINDOWS\AegisP.sys
2008-03-05 20:35 . 2008-03-05 20:35 13,864 --a------ C:\WINDOWS\AegisP.inf
2008-03-05 20:35 . 2008-03-05 20:35 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-03-05 20:34 . 2008-03-05 20:34 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel
2008-03-05 20:34 . 2008-03-05 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intel
2008-03-05 20:34 . 2007-06-01 10:33 2,772,992 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-03-05 20:34 . 2007-05-28 09:03 2,207,232 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-03-05 20:34 . 2007-06-01 10:33 684,032 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-03-05 20:33 . 2008-03-05 20:33 <DIR> d-------- C:\Program Files\Infineon
2008-03-05 20:33 . 2008-03-05 20:33 <DIR> d-------- C:\Documents and Settings\eXe\Dane aplikacji\Infineon
2008-03-05 20:33 . 2008-03-05 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Infineon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 16:35 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-10 20:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-05 19:34 --------- d-----w C:\Program Files\Intel
2008-03-05 18:44 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((( snapshot@2008-03-17_20.30.34,81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-17 20:55:32 1,929,216 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-17 20:55:32 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-16 05:18:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-17 20:55:21 1,929,216 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-17 20:55:21 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-03-17 19:13:57 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-17 21:04:06 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-17 19:13:57 49,910 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-03-17 21:04:06 49,910 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-03-17 19:13:57 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-17 21:04:06 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-17 19:13:57 356,068 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-03-17 21:04:07 356,068 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-03-17 20:59:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-29 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-09 12:51 243072]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 12:55 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-26 13:06 8462336]
"nwiz"="nwiz.exe" [2007-06-26 13:06 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2007-06-26 13:06 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 07:49 16377344 C:\WINDOWS\RTHDCPL.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 07:34 634880]
"WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 18:55 190000]
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [ ]
"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 11:48 569344]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 19:23 49168]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 10:51 823296]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 10:49 974848]
"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 17:51 951856]
"SMBTray"="C:\Program Files\Compal\Smart Battery\SMBTray.exe" [2007-06-04 17:22 521776]
"Smart Watch Dog"="-C:\Program Files\Compal Electronics" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-10-29 13:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 16:35:34 561213]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-04-06 14:28 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-28 19:46 90112 C:\WINDOWS\system32\psqlpwd.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Spik\\Spik.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"E:\\BattleField2\\BF2.exe"=
"E:\\Garena\\Garena.exe"=
"E:\\Warcraft III\\War3.exe"=
"E:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-04-06 15:09]
R2 Smart Watchdog;Smart Watchdog Service;C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe [2007-05-14 23:18]
R3 CamFilter;CamFilter;C:\WINDOWS\system32\Drivers\CamFilter.sys [2007-05-11 15:56]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-04-25 09:26]
R3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-18 02:55]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-28 19:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\startuj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{250d5741-f030-11dc-bd4e-001de0a8914d}]
\Shell\AutoRun\command - G:\v.cmd
\Shell\explore\Command - G:\v.cmd
\Shell\open\Command - G:\v.cmd

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 22:06:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-17 22:07:15
ComboFix2.txt 2008-03-17 19:30:51
.
2008-03-13 14:58:27 --- E O F ---

A to z drugiego programu raport:

SDFix: Version 1.158

Run by eXe on 2008-03-17 at 21:57

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 22:00:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:05,48,cb,e2,e3,ae,96,63,f5,83,3d,33,ab,a5,be,20,04,3b,c8,56,da,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e7,74,72,b7,3d,1e,18,f7,b3,eb,06,81,39,17,cf,f7,f9,..
"khjeh"=hex:5d,de,ff,f4,31,47,65,e4,30,39,2a,79,4d,e3,77,57,c4,19,0f,cd,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0d,a8,79,0f,85,f3,3d,3a,c5,10,39,b0,b0,d0,04,94,c2,7b,e6,e1,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:a3,3d,e8,81,e6,ef,b0,47,d3,68,e8,47,2c,bb,0a,db,14,64,99,db,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:05,48,cb,e2,e3,ae,96,63,f5,83,3d,33,ab,a5,be,20,04,3b,c8,56,da,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e7,74,72,b7,3d,1e,18,f7,b3,eb,06,81,39,17,cf,f7,f9,..
"khjeh"=hex:5d,de,ff,f4,31,47,65,e4,30,39,2a,79,4d,e3,77,57,c4,19,0f,cd,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0d,a8,79,0f,85,f3,3d,3a,c5,10,39,b0,b0,d0,04,94,c2,7b,e6,e1,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:a3,3d,e8,81,e6,ef,b0,47,d3,68,e8,47,2c,bb,0a,db,14,64,99,db,9a,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Spik\\Spik.exe"="C:\\Program Files\\Spik\\Spik.exe:*:Enabled:Spik"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"E:\\BattleField2\\BF2.exe"="E:\\BattleField2\\BF2.exe:*:Enabled:Battlefield 2"
"E:\\Garena\\Garena.exe"="E:\\Garena\\Garena.exe:*:Enabled:Garena"
"E:\\Warcraft III\\War3.exe"="E:\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"E:\\Warcraft III\\Warcraft III.exe"="E:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :


Finished!

Czy jak już będzie ok mogę pousuwać te programiki ?

[wojtas]

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{250d5741-f030-11dc-bd4e-001de0a8914d}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

i powinno byc ok

Autor postu otrzymał pochwałę

[Mawgan]

Dodałem.

Zobaczymy na razie się nic nie dzieje ale aż boje się odpalić Avasta ;D

Pozdrawiam i +pomoc daję. hej

[ Dodano: Dzisiaj o 1:40 ]
Czy te programy mozna pousuwac z HDD juz? Czy one w jakis sposob samoczynnie pomagaja blokowac dostep wirusow ?