problem z usunięciem

[AngelPL]

Mam problem z usunięciem wirusa lub trojana.
Kaspersy 7,0 nic nie wykrywa a komp mi bardzo zwalnie nawet po sformatowaniu partycji windowsowej i instalacji nowego systemu.

tak wygląda parycja nie sformatowana po naciśnięciu na nią ppm.

[Lukesh]

Wrzuc logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[AngelPL]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:04, on 2007-09-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 666\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp2\winampa.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tlen.pl2\tlen.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Daniel\Pulpit\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 0 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll (file missing)
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp2\winampa.exe
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl2\tlen.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 666\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8270 bytes

nie wiem czy to coś da bo ten wirus jest na partycji nie systemowej, znaczy się kuzyn przyniósł mi dysk z tym wirusem i ja własnie do was pisze, on sformatował już swoją partycję systemową a log wyjdzie z mojej partycji systemowej

[wojtas]

zastosuj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje
Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt

daj loga z combofixa oraz raport z SDFixa

[AngelPL]

Kod: Zaznacz wszystko

ComboFix 07-09-18.4 - "Daniel" 2007-09-19 21:58:15.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.649 [GMT 2:00]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Autorun.inf
J:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2007-08-19 to 2007-09-19  )))))))))))))))))))))))))))))))
.

2007-09-19 21:37   <DIR>   d--------   C:\WINDOWS\ERUNT
2007-09-19 21:26   3,302   --a------   C:\WINDOWS\system32\tmp.reg
2007-09-19 21:25   53,248   --a------   C:\WINDOWS\system32\Process.exe
2007-09-19 21:25   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2007-09-19 21:25   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2007-09-19 21:25   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2007-09-19 21:24   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-09-19 20:57   82,061   --a------   C:\WINDOWS\system32\drivers\klick.dat
2007-09-19 20:57   81,549   --a------   C:\WINDOWS\system32\drivers\klin.dat
2007-09-19 20:57   7,712   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-19 20:57   2,428,192   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-19 20:57   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2007-09-19 20:57   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab
2007-09-19 20:51   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab Setup Files
2007-09-19 15:54   217,127   --a------   C:\WINDOWS\system32\drv43260.dll
2007-09-19 15:54   208,935   --a------   C:\WINDOWS\system32\drv33260.dll
2007-09-19 15:54   176,165   --a------   C:\WINDOWS\system32\drv23260.dll
2007-09-05 18:51   4,096   --a------   C:\WINDOWS\d3dx.dat
2007-09-05 18:30   <DIR>   d--------   C:\DOCUME~1\Daniel\DANEAP~1\InstallShield
2007-08-31 17:14   <DIR>   d--------   C:\Program Files\GameSpy Arcade
2007-08-21 12:39   22,328   --a------   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-21 12:39   103,736   --a------   C:\WINDOWS\system32\PnkBstrB.exe
2007-08-21 12:37   66,872   --a------   C:\WINDOWS\system32\PnkBstrA.exe
2007-08-21 12:37   <DIR>   d--------   C:\WINDOWS\system32\LogFiles

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 21:57   ---------   d--------   C:\DOCUME~1\Daniel\DANEAP~1\Skype
2007-09-19 21:56   ---------   d-a------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP
2007-09-19 21:56   ---------   d--------   C:\Program Files\AutoConnect
2007-09-19 21:36   7484   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-19 21:36   1436   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-19 17:40   ---------   d--------   C:\Program Files\Tlen.pl2
2007-09-19 16:00   ---------   d--------   C:\DOCUME~1\Daniel\DANEAP~1\Vso
2007-09-19 15:54   ---------   d--------   C:\Program Files\vso
2007-09-16 21:15   ---------   d--------   C:\DOCUME~1\Daniel\DANEAP~1\Image Zone Express
2007-09-16 13:39   ---------   d--------   C:\DOCUME~1\Daniel\DANEAP~1\Hamachi
2007-09-11 21:50   ---------   d--------   C:\Program Files\Opera
2007-09-05 18:31   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-09-04 17:11   43520   --a--c---   C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-31 12:24   ---------   d--------   C:\Program Files\DAP
2007-07-31 12:13   ---------   d--------   C:\Program Files\DAP2
2007-07-31 11:53   ---------   d--------   C:\Program Files\FlashGet
2007-07-19 02:05   ---------   d--------   C:\Program Files\mIRC
2007-07-18 22:49   21840   --a--c-t-   C:\WINDOWS\system32\SIntfNT.dll
2007-07-18 22:49   17212   --a--c-t-   C:\WINDOWS\system32\SIntf32.dll
2007-07-18 22:49   12067   --a--c-t-   C:\WINDOWS\system32\SIntf16.dll
2007-07-18 21:46   106496   --a------   C:\WINDOWS\DIIUnin.exe
2007-07-07 00:44   73216   --a------   C:\WINDOWS\ST6UNST.EXE
2007-07-07 00:44   249856   ---------   C:\WINDOWS\Setup1.exe
2007-06-28 12:51   206088   --a------   C:\WINDOWS\system32\klogon.dll
2007-01-29 19:04   87608   --a------   C:\DOCUME~1\Daniel\DANEAP~1\ezpinst.exe
2007-01-29 19:04   47360   --a------   C:\DOCUME~1\Daniel\DANEAP~1\pcouffin.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 15:29]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 15:08 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Resume copy"="copyfstq.exe" [2006-10-22 13:28 C:\WINDOWS\copyfstq.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"WinampAgent"="C:\Program Files\Winamp2\winampa.exe" [2006-09-26 16:49]
"NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-05-09 10:32]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-07-31 12:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 18:37]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" []
"InternetCalls"="C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" []
"Komunikator"="C:\Program Files\Tlen.pl2\tlen.exe" [2006-12-01 17:11]

C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-02-22 00:13:57]

C:\DOCUME~1\Daniel\MENUST~1\Programy\AUTOST~1\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 km_filter;km_filter;C:\WINDOWS\system32\drivers\km_filter.sys
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys
S3 GVCplDrv;GVCplDrv;\??\C:\WINDOWS\system32\Drivers\GVCplDrv.sys
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 22:06:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-19 22:07:19
C:\ComboFix-quarantined-files.txt ... 2007-09-19 22:07
.
   --- E O F ---


Kod: Zaznacz wszystko

SDFix: Version 1.105

Run by Daniel on 2007-09-19 at 21:38

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\FCM1A2.TMP - Deleted
C:\FCM1A3.TMP - Deleted
C:\FCM1A4.TMP - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                 Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"="C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe:*:Enabled:InternetCalls"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Tlen.pl2\\tlen.exe"="C:\\Program Files\\Tlen.pl2\\tlen.exe:*:Enabled:Komunikator Tlen.pl"
"I:\\cc\\Command and Conquer Generals\\game.dat"="I:\\cc\\Command and Conquer Generals\\game.dat:*:Enabled:game"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Team17\\Worms World Party\\wwp.exe"="C:\\Team17\\Worms World Party\\wwp.exe:*:Enabled:Worms World Party"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"D:\\Cod22\\CoD2MP_s.exe"="D:\\Cod22\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\\cod2\\CoD2MP_s.exe"="D:\\cod2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Documents and Settings\\Daniel\\Pulpit\\Majesty\\Majesty - The Fantasy Kingdom Sim\\Majesty.exe"="C:\\Documents and Settings\\Daniel\\Pulpit\\Majesty\\Majesty - The Fantasy Kingdom Sim\\Majesty.exe:*:Enabled:Majesty"
"C:\\Documents and Settings\\Daniel\\Pulpit\\Majesty\\Majesty - The Fantasy Kingdom Sim\\MajX.exe"="C:\\Documents and Settings\\Daniel\\Pulpit\\Majesty\\Majesty - The Fantasy Kingdom Sim\\MajX.exe:*:Enabled:Majesty Expansion"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"E:\\Fifa07\\fifa07.exe"="E:\\Fifa07\\fifa07.exe:*:Enabled:fifa07"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:


Finished!

Kod: Zaznacz wszystko

SmitFraudFix v2.225

Scan done at 21:25:29.87, 2007-09-19
Run from C:\Documents and Settings\Daniel\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost
0   L2authd.lineage2.com

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\Daniel\Ulubione\Online Security Test.url Deleted
C:\Program Files\Gold Codec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SAGEM Wi-Fi 11g USB adapter - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{340B1DCE-779A-4265-9B3A-58B0DF347C7E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3DB3EE79-C08F-4276-91BD-119543641502}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{340B1DCE-779A-4265-9B3A-58B0DF347C7E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3DB3EE79-C08F-4276-91BD-119543641502}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{340B1DCE-779A-4265-9B3A-58B0DF347C7E}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3DB3EE79-C08F-4276-91BD-119543641502}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

uzyskałem te 3 logi, tak w miarę ścislości wirus jest na innym dysku
mój dysk jest czysty tylko 2 dysk podpięty zawiera tego wirusa

[wojtas]

poczytaj temat o usuwaniu infekcji na dole:

http://www.searchengines.pl/lofiversion/index.php/t94761.html

[AngelPL]

dziękuje bardzo za pomoc
udało się usunąc ten syf