Trojany

[zina181]

Komputer wolno mi chodzi. Pomimo tego że mam w opcjach zaznaczone aby folder otwierał mi się w tym samym oknie to on i tak otwiera się w nowym. Oto log z hijackthis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:12, on 2009-03-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Axesstel\AxessManager\AxessManager.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{15C5D33E-EE52-4452-AE0E-0C8B85E39E09}: NameServer = 217.116.100.65 79.163.127.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{15C5D33E-EE52-4452-AE0E-0C8B85E39E09}: NameServer = 217.116.100.65 79.163.127.70
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - file:///F:/programy/rozrywka/gry/GeneRally/screenh.jpg

--
End of file - 5918 bytes


Dodano Dzisiaj, 11:45:
Oto log z combofixa:

Kod: Zaznacz wszystko

ComboFix 09-03-10.03 - admin 2009-03-12 11:33:30.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1023.610 [GMT 1:00]
Uruchomiony z: c:\documents and settings\admin\Pulpit\ComboFix.exe
AV: AVG 7.5.430 *On-access scanning enabled* (Outdated)

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2.bat
C:\autorun.inf
C:\u.com
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\nmdfgds2.dll
c:\windows\system32\olhrwef.exe
D:\2.bat
D:\Autorun.inf
D:\u.com
E:\2.bat
E:\Autorun.inf
E:\u.com

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-02-12 do 2009-03-12  )))))))))))))))))))))))))))))))
.

2009-03-12 11:17 . 2009-03-12 11:17   <DIR>   d--------   c:\program files\ESET
2009-03-12 11:17 . 2002-01-11 14:37   235,008   --a------   c:\windows\system32\nod32cc.exe
2009-03-12 11:17 . 2002-01-04 11:38   133,440   --a------   c:\windows\system32\drivers\amon.sys
2009-03-12 11:17 . 2001-06-19 19:33   69,632   --a------   c:\windows\system32\nms32.dll
2009-03-12 11:17 . 2001-04-10 10:19   40,960   --a------   c:\windows\system32\nod32m2.exe
2009-03-12 11:17 . 2002-01-11 12:23   25,168   --a------   c:\windows\system32\nod32cc.hlp
2009-03-12 11:17 . 2001-01-12 01:59   24,064   --a------   c:\windows\system32\drivers\upd_serv.sys
2009-03-12 11:17 . 2009-03-12 11:17   442   --a------   c:\windows\system32\mapisvc.inf
2009-03-11 09:04 . 2009-03-11 19:14   107,190   -r-hs----   C:\cb.exe
2009-03-10 22:12 . 2009-03-10 22:12   <DIR>   d--------   c:\documents and settings\admin\Dane aplikacji\Nowe Gadu-Gadu
2009-03-10 22:06 . 2009-03-10 22:06   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2009-03-10 16:27 . 2009-03-12 08:55   <DIR>   d--------   c:\documents and settings\admin\Dane aplikacji\skypePM
2009-03-10 16:27 . 2009-03-10 16:27   56   --ah-----   c:\windows\system32\ezsidmv.dat
2009-03-10 16:26 . 2009-03-10 22:09   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-10 16:22 . 2009-03-12 11:40   <DIR>   d--------   c:\documents and settings\admin\Dane aplikacji\Skype
2009-03-10 16:21 . 2009-03-10 16:21   <DIR>   d--------   c:\program files\Common Files\Skype
2009-03-10 16:20 . 2009-03-10 16:21   <DIR>   dr-------   c:\program files\Skype
2009-03-10 16:19 . 2009-03-10 16:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2009-03-10 16:07 . 2009-03-10 16:07   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ESET
2009-03-07 19:22 . 2009-03-09 09:07   108,664   -r-hs----   C:\i.com
2009-03-06 23:37 . 2004-08-04 13:00   70,144   --a------   c:\windows\AhnRpta.exe
2009-03-06 18:42 . 2009-03-06 18:42   <DIR>   d--------   c:\program files\Axesstel
2009-03-06 18:42 . 2008-09-16 03:19   118,784   -ra------   c:\program files\MSP_Uninstall.exe
2009-03-06 18:42 . 2008-09-16 03:19   90,112   -ra------   c:\program files\axesstel.dll
2009-03-06 18:42 . 2008-09-16 03:18   40,064   -ra------   c:\windows\system32\drivers\Axtmvmdm.sys
2009-03-06 18:42 . 2008-09-16 03:19   38,784   -ra------   c:\windows\system32\drivers\Axtmvprt.sys
2009-03-06 18:42 . 2008-09-16 03:18   3,456   -ra------   c:\windows\system32\drivers\Axtmvflt.sys
2009-03-06 11:19 . 2009-03-06 11:19   <DIR>   d--------   c:\documents and settings\admin\Dane aplikacji\SPORE Creature Creator
2009-02-26 09:04 . 2009-02-26 09:04   <DIR>   d--------   c:\program files\VID_0E8F&PID_0003
2009-02-25 11:18 . 2009-02-25 11:19   12,281,687   ---------   C:\AVG7QT.DAT
2009-02-25 11:14 . 2009-02-25 11:14   <DIR>   d--------   c:\documents and settings\LocalService\Dane aplikacji\AVG7
2009-02-25 11:14 . 2009-02-25 11:32   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\avg7
2009-02-25 11:14 . 2009-02-25 11:18   <DIR>   d--------   c:\documents and settings\admin\Dane aplikacji\AVG7
2009-02-16 10:28 . 2009-02-16 10:28   0   --a------   c:\windows\nsreg.dat
2009-02-16 10:27 . 2004-08-03 23:08   31,616   --a------   c:\windows\system32\drivers\usbccgp.sys
2009-02-16 10:27 . 2004-08-03 23:08   31,616   --a--c---   c:\windows\system32\dllcache\usbccgp.sys
2009-02-16 10:27 . 2009-03-06 23:33   2,950   --a------   c:\windows\mozver.dat
2009-02-16 10:26 . 2009-02-16 10:26   <DIR>   d--------   c:\program files\Huawei technologies
2009-02-16 10:26 . 2007-07-11 11:05   101,120   --a------   c:\windows\system32\drivers\ewusbmdm.sys
2009-02-16 10:26 . 2007-07-11 11:02   24,448   --a------   c:\windows\system32\drivers\ewdcsc.sys
2009-02-14 15:14 . 2009-02-14 15:14   <DIR>   d--------   c:\program files\Realtek Sound Manager
2009-02-14 15:14 . 2009-02-14 15:14   <DIR>   d--------   c:\program files\Real Alternative
2009-02-14 15:14 . 2009-02-14 15:14   <DIR>   d--------   c:\program files\Media Player Classic
2009-02-14 15:14 . 2009-02-14 15:14   <DIR>   d--------   c:\program files\AvRack
2009-02-14 15:13 . 2009-02-14 15:13   <DIR>   d--------   C:\Gratka

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 10:03   ---------   d-----w   c:\program files\Trend Micro
2009-03-06 17:45   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-06 10:19   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2009-03-06 10:17   ---------   d-----w   c:\program files\Electronic Arts
2009-02-25 10:41   ---------   d-----w   c:\program files\Sprint Cars
2009-02-15 09:12   ---------   d-----w   c:\documents and settings\admin\Dane aplikacji\PC Suite
2009-02-14 14:15   ---------   d-----w   c:\program files\Trabi Racer
2009-02-14 14:15   ---------   d-----w   c:\program files\Ri-li
2009-02-14 14:15   ---------   d-----w   c:\program files\Micro Madness
2009-02-14 14:14   ---------   d-----w   c:\program files\PLAY ONLINE
2009-02-10 16:00   ---------   d-----w   c:\documents and settings\admin\Dane aplikacji\ZoomBrowser EX
2009-01-13 14:36   ---------   d-----w   c:\program files\Skoki Narciarskie 2003 GOLD
2008-02-22 20:56   19,552   ----a-w   c:\documents and settings\admin\Dane aplikacji\GDIPFONTCACHEV1.DAT
2006-08-12 08:29   3,106   ----a-w   c:\program files\install.ini
2004-07-15 11:11   89,080   ----a-w   c:\program files\install.bmp
2004-06-25 13:30   159,744   ----a-w   c:\program files\uninstall.exe
2002-07-22 11:39   8,132,648   ----a-w   c:\program files\m4.wav
2002-07-22 11:38   9,520,136   ----a-w   c:\program files\m1.wav
2002-07-22 11:38   13,358,856   ----a-w   c:\program files\m2.wav
2002-07-22 11:31   8,771,880   ----a-w   c:\program files\m3.wav
2002-06-20 14:22   51   ----a-w   c:\program files\am.url
1999-09-14 18:30   357,888   ----a-w   c:\program files\KM.exe
.

------- Sigcheck -------

2006-07-27 09:34  504832  381221f69d1248864861889a64f100b6   c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"pccguide.exe"="c:\program files\Trend Micro\PC-cillin 2002\pccguide.exe" [2003-03-26 258048]
"PCCClient.exe"="c:\program files\Trend Micro\PC-cillin 2002\PCCClient.exe" [2003-03-26 462848]
"Pop3trap.exe"="c:\program files\Trend Micro\PC-cillin 2002\Pop3trap.exe" [2003-03-26 315458]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Amon"="c:\program files\Eset\amon.exe" [2002-01-11 727552]
"Nod32CC"="c:\windows\system32\nod32cc.exe" [2002-01-11 235008]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2004-08-04 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 NOD32ControlCenter;NOD32 Control Center Service;c:\windows\system32\nod32cc.exe [2009-03-12 235008]
R2 NOD32Service;NOD32 Service;c:\windows\system32\nod32m2.exe [2009-03-12 40960]
R2 PCC_PFW;PC-Cillin Personal Firewall;c:\windows\system32\drivers\PCC_PFW.sys [2003-03-26 56796]
R2 PCCPFW;PC-cillin PersonalFirewall;c:\program files\Trend Micro\PC-cillin 2002\PCCPFW.exe [2003-03-26 163840]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2003-01-25 174720]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\PC-cillin 2002\Tmntsrv.exe [2003-03-26 176128]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2003-01-25 18432]
R3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [2009-03-06 3456]
R3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [2009-03-06 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [2009-03-06 38784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\u.com
\Shell\open\Command - C:\u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - 1sertc.exe
\Shell\explore\Command - 1sertc.exe
\Shell\open\Command - 1sertc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - 1sertc.exe
\Shell\explore\Command - 1sertc.exe
\Shell\open\Command - 1sertc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70958144-dcc3-11dd-8350-0015f259289a}]
\Shell\AutoRun\command - I:\cb.exe
\Shell\open\Command - I:\cb.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5858850-fc0b-11dd-8365-0015f259289a}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5858852-fc0b-11dd-8365-0015f259289a}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe


.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\pcjzi8tj.default\
FF - prefs.js: browser.search.selectedEngine - Google
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 11:41:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-12 11:43:23 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-03-12 10:43:19

Przed: 4 618 887 168 bajtów wolnych
Po: 5,665,169,408 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe

213


[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\cb.exe
d:\cb.exe
d:\i.com
C:\i.com
c:\windows\AhnRpta.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70958144-dcc3-11dd-8350-0015f259289a}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[zina181]

Oto log:

Kod: Zaznacz wszystko

ComboFix 09-03-10.03 - admin 2009-03-13 14:34:32.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1023.576 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\admin\Pulpit\ComboFix.exe
Użyto następujących komend :: C:\Documents and Settings\admin\Pulpit\CFScript.txt
AV: AVG 7.5.430 *On-access scanning enabled* (Outdated)
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::
C:\cb.exe
C:\i.com
c:\windows\AhnRpta.exe
d:\cb.exe
d:\i.com
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cb.exe
C:\i.com
c:\windows\AhnRpta.exe
d:\cb.exe
d:\i.com

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-02-13 do 2009-03-13  )))))))))))))))))))))))))))))))
.

2009-03-13 14:30 . 2009-03-13 14:33   <DIR>   d--------   C:\Program Files\Spyware Doctor
2009-03-13 14:30 . 2009-03-13 14:30   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\PC Tools
2009-03-13 14:30 . 2008-08-25 12:36   81,288   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2009-03-13 14:30 . 2008-08-25 12:36   66,952   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2009-03-13 14:30 . 2008-08-25 12:36   40,840   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2009-03-13 14:30 . 2008-06-02 16:19   29,576   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2009-03-12 19:12 . 2009-03-12 19:12   <DIR>   d--------   C:\Documents and Settings\admin\.gstreamer-0.10
2009-03-12 11:17 . 2009-03-13 14:25   <DIR>   d--------   C:\Program Files\ESET
2009-03-12 11:17 . 2009-03-13 14:25   12   --a------   C:\WINDOWS\system32\mapisvc.inf
2009-03-10 22:12 . 2009-03-10 22:12   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\Nowe Gadu-Gadu
2009-03-10 22:06 . 2009-03-10 22:06   <DIR>   d--------   C:\Program Files\Nowe Gadu-Gadu
2009-03-10 16:27 . 2009-03-13 10:43   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\skypePM
2009-03-10 16:27 . 2009-03-10 16:27   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2009-03-10 16:26 . 2009-03-13 14:35   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-03-10 16:22 . 2009-03-13 14:28   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\Skype
2009-03-10 16:21 . 2009-03-10 16:21   <DIR>   d--------   C:\Program Files\Common Files\Skype
2009-03-10 16:20 . 2009-03-10 16:21   <DIR>   dr-------   C:\Program Files\Skype
2009-03-10 16:19 . 2009-03-10 16:21   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2009-03-10 16:07 . 2009-03-10 16:07   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2009-03-06 18:42 . 2009-03-06 18:42   <DIR>   d--------   C:\Program Files\Axesstel
2009-03-06 18:42 . 2008-09-16 03:19   118,784   -ra------   C:\Program Files\MSP_Uninstall.exe
2009-03-06 18:42 . 2008-09-16 03:19   90,112   -ra------   C:\Program Files\axesstel.dll
2009-03-06 18:42 . 2008-09-16 03:18   40,064   -ra------   C:\WINDOWS\system32\drivers\Axtmvmdm.sys
2009-03-06 18:42 . 2008-09-16 03:19   38,784   -ra------   C:\WINDOWS\system32\drivers\Axtmvprt.sys
2009-03-06 18:42 . 2008-09-16 03:18   3,456   -ra------   C:\WINDOWS\system32\drivers\Axtmvflt.sys
2009-03-06 11:19 . 2009-03-06 11:19   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\SPORE Creature Creator
2009-02-26 09:04 . 2009-02-26 09:04   <DIR>   d--------   C:\Program Files\VID_0E8F&PID_0003
2009-02-25 11:18 . 2009-02-25 11:19   12,281,687   ---------   C:\AVG7QT.DAT
2009-02-25 11:14 . 2009-02-25 11:14   <DIR>   d--------   C:\Documents and Settings\LocalService\Dane aplikacji\AVG7
2009-02-25 11:14 . 2009-02-25 11:32   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\avg7
2009-02-25 11:14 . 2009-02-25 11:18   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\AVG7
2009-02-16 10:28 . 2009-02-16 10:28   0   --a------   C:\WINDOWS\nsreg.dat
2009-02-16 10:27 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2009-02-16 10:27 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2009-02-16 10:27 . 2009-03-06 23:33   2,950   --a------   C:\WINDOWS\mozver.dat
2009-02-16 10:26 . 2009-02-16 10:26   <DIR>   d--------   C:\Program Files\Huawei technologies
2009-02-16 10:26 . 2007-07-11 11:05   101,120   --a------   C:\WINDOWS\system32\drivers\ewusbmdm.sys
2009-02-16 10:26 . 2007-07-11 11:02   24,448   --a------   C:\WINDOWS\system32\drivers\ewdcsc.sys
2009-02-14 15:14 . 2009-02-14 15:14   <DIR>   d--------   C:\Program Files\Realtek Sound Manager
2009-02-14 15:14 . 2009-02-14 15:14   <DIR>   d--------   C:\Program Files\Real Alternative
2009-02-14 15:14 . 2009-02-14 15:14   <DIR>   d--------   C:\Program Files\Media Player Classic
2009-02-14 15:14 . 2009-02-14 15:14   <DIR>   d--------   C:\Program Files\AvRack
2009-02-14 15:13 . 2009-02-14 15:13   <DIR>   d--------   C:\Gratka

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 10:03   ---------   d-----w   C:\Program Files\Trend Micro
2009-03-06 17:45   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2009-03-06 10:19   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2009-03-06 10:17   ---------   d-----w   C:\Program Files\Electronic Arts
2009-02-25 10:41   ---------   d-----w   C:\Program Files\Sprint Cars
2009-02-15 09:12   ---------   d-----w   C:\Documents and Settings\admin\Dane aplikacji\PC Suite
2009-02-14 14:15   ---------   d-----w   C:\Program Files\Trabi Racer
2009-02-14 14:15   ---------   d-----w   C:\Program Files\Ri-li
2009-02-14 14:15   ---------   d-----w   C:\Program Files\Micro Madness
2009-02-14 14:14   ---------   d-----w   C:\Program Files\PLAY ONLINE
2009-02-10 16:00   ---------   d-----w   C:\Documents and Settings\admin\Dane aplikacji\ZoomBrowser EX
2009-01-13 14:36   ---------   d-----w   C:\Program Files\Skoki Narciarskie 2003 GOLD
2008-02-22 20:56   19,552   ----a-w   C:\Documents and Settings\admin\Dane aplikacji\GDIPFONTCACHEV1.DAT
2006-08-12 08:29   3,106   ----a-w   C:\Program Files\install.ini
2004-07-15 11:11   89,080   ----a-w   C:\Program Files\install.bmp
2004-06-25 13:30   159,744   ----a-w   C:\Program Files\uninstall.exe
2002-07-22 11:39   8,132,648   ----a-w   C:\Program Files\m4.wav
2002-07-22 11:38   9,520,136   ----a-w   C:\Program Files\m1.wav
2002-07-22 11:38   13,358,856   ----a-w   C:\Program Files\m2.wav
2002-07-22 11:31   8,771,880   ----a-w   C:\Program Files\m3.wav
2002-06-20 14:22   51   ----a-w   C:\Program Files\am.url
1999-09-14 18:30   357,888   ----a-w   C:\Program Files\KM.exe
.

------- Sigcheck -------

2006-07-27 09:34  504832  381221f69d1248864861889a64f100b6   C:\WINDOWS\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:55 1667584]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 17:25 1961984]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-01-29 14:01 23975720]
"Nowe Gadu-Gadu"="C:\Program Files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 17:12 9339496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 19:41 33792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" [2003-03-26 14:00 258048]
"PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" [2003-03-26 13:52 462848]
"Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" [2003-03-26 13:56 315458]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"= "C:\WINDOWS\system32\afmain0.dll" [2004-08-04 13:00 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 PCC_PFW;PC-Cillin Personal Firewall;C:\WINDOWS\system32\drivers\PCC_PFW.sys [2003-03-26 13:50:38 56796]
R2 PCCPFW;PC-cillin PersonalFirewall;C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe [2003-03-26 13:53:04 163840]
R2 Tmfilter;Tmfilter;C:\WINDOWS\system32\drivers\TmXPFlt.sys [2003-01-25 04:11:22 174720]
R2 Tmntsrv;Trend NT Realtime Service;C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe [2003-03-26 13:56:24 176128]
R2 Tmpreflt;Tmpreflt;C:\WINDOWS\system32\drivers\tmpreflt.sys [2003-01-25 04:11:20 18432]
R3 Axtmvflt;Axesstel USB Filter Service;C:\WINDOWS\system32\drivers\Axtmvflt.sys [2009-03-06 18:42:34 3456]
R3 Axtmvmdm;Axesstel USB Modem;C:\WINDOWS\system32\drivers\Axtmvmdm.sys [2009-03-06 18:42:34 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;C:\WINDOWS\system32\drivers\Axtmvprt.sys [2009-03-06 18:42:34 38784]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-03-13 14:30:08 356920]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - MCHINJDRV
*NewlyCreated* - SDAUXSERVICE
*NewlyCreated* - SDCORESERVICE
*Deregistered* - AMON
*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5858850-fc0b-11dd-8365-0015f259289a}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5858852-fc0b-11dd-8365-0015f259289a}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {15C5D33E-EE52-4452-AE0E-0C8B85E39E09} = 217.116.100.65 79.163.127.70
FF - ProfilePath - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\pcjzi8tj.default\
FF - prefs.js: browser.search.selectedEngine - Google
.


[Okocza]

Kod: Zaznacz wszystko

C:\Program Files\m4.wav
C:\Program Files\m1.wav
C:\Program Files\m2.wav
C:\Program Files\m3.wav
C:\Program Files\am.url
C:\Program Files\KM.exe

sprawdz te pliki i wklej raporty na stronie http://www.virustotal.com

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"=-

wklej to w notatnik i zapisz jako fix.reg odpalasz i dodajesz do rejestru.

[zina181]

Jak mam sprawdzić te pliki i czym?

[Okocza]

sprawdz te pliki i wklej raporty na stronie http://www.virustotal.com

napisałem na jakiej stronie masz sprawdzić.

[zina181]

Kod: Zaznacz wszystko

File size: 8132648 bytes
MD5...: 1d454b2a8101e6092761ca620076e855
SHA1..: 131cdab0c3f23b88a29305836dfadf9272489293
SHA256: efa359eaae202b914c5bad28bbc8b081fb64c13132684e61f162b790d90beec2
SHA512: d6eafcf6a3bec5554f6c7b503d5ccbca4151b66a3e5487111c274c05e2e4c8ed
c350a3ac99f35823e6ab4e484ccc799b7c9696f4f69f8c7d97e8ba653beacce7
ssdeep: 196608:+BPWU8CsUT64Hl6LFqpVJs1DY4PxWOjVUaF1+yybfeTZ+S19jvH:+VWUv
L6QwhqpVSC4PxWOCaXxyqsS3H
PEiD..: -
TrID..: File type identification
RIFF/WAVe standard Audio (50.0%)
Generic RIFF container (49.9%)
PEInfo: -

Dodano Dzisiaj, 19:40:

Kod: Zaznacz wszystko

a-squared   4.0.0.101   2009.03.15   -
AhnLab-V3   5.0.0.2   2009.03.15   -
AntiVir   7.9.0.114   2009.03.13   -
Authentium   5.1.0.4   2009.03.15   -
Avast   4.8.1335.0   2009.03.14   -
AVG   8.0.0.237   2009.03.15   -
BitDefender   7.2   2009.03.15   -
CAT-QuickHeal   10.00   2009.03.14   -
ClamAV   0.94.1   2009.03.15   -
Comodo   1057   2009.03.15   -
DrWeb   4.44.0.09170   2009.03.15   -
eSafe   7.0.17.0   2009.03.15   -
eTrust-Vet   31.6.6388   2009.03.09   -
F-Prot   4.4.4.56   2009.03.15   -
F-Secure   8.0.14470.0   2009.03.15   -
Fortinet   3.117.0.0   2009.03.15   -
GData   19   2009.03.15   -
Ikarus   T3.1.1.45.0   2009.03.15   -
K7AntiVirus   7.10.671   2009.03.14   -
Kaspersky   7.0.0.125   2009.03.15   -
McAfee   5554   2009.03.15   -
McAfee+Artemis   5554   2009.03.15   -
McAfee-GW-Edition   6.7.6   2009.03.13   -
Microsoft   1.4405   2009.03.15   -
NOD32   3937   2009.03.15   -
Norman   6.00.06   2009.03.13   -
nProtect   2009.1.8.0   2009.03.15   -
Panda   10.0.0.10   2009.03.15   -
PCTools   4.4.2.0   2009.03.15   -
Prevx1   V2   2009.03.15   -
Rising   21.20.62.00   2009.03.15   -
Sophos   4.39.0   2009.03.15   -
Sunbelt   3.2.1858.2   2009.03.15   -
Symantec   1.4.4.12   2009.03.15   -
TheHacker   6.3.3.0.282   2009.03.15   -
TrendMicro   8.700.0.1004   2009.03.13   -
VBA32   3.12.10.1   2009.03.15   -
ViRobot   2009.3.13.1648   2009.03.13   -
VirusBuster   4.6.5.0   2009.03.15   -

[wojtas]

sprbuj tu :


http://virusscan.jotti.org/


bo cos nie wyszlo CI

[zina181]

To co przed chwilą wkleiłam to log z pliku m4.wav

[wojtas]

przeskanuj tylko te:

C:\Program Files\am.url
C:\Program Files\KM.exe

bo tamte to jakies dzwieki chyba

[zina181]

Na tej stronie co podałeś jest napisane, że jest zajęty i żeby spróbować później

Dodano Dzisiaj, 20:05:
ten plik km.exe to z gry koziołek matołek

Dodano Dzisiaj, 20:14:
Te pliki już sprawdziłam i nie były zainfekowane. Nie były też potrzebne więc je usunęłam.

Dodano Dzisiaj, 20:39:
nod wykrył mi trojana Win32/PSW.OnLineGames.NMP w pamięci operacyjnej z pliku C:\WINDOWS\system32\afmain0.dll. Po ponownym uruchomieniu komputera nod ma usunąć ten plik. Dobrze zrobiłam?

[wojtas]

tak ale daj nowego loga z combofixa

[zina181]

już daję

Kod: Zaznacz wszystko

ComboFix 09-03-10.03 - admin 2009-03-15 21:59:34.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1023.577 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\admin\Pulpit\ComboFix.exe
AV: AVG 7.5.430 *On-access scanning enabled* (Outdated)
AV: System Antywirusowy NOD32 2.51 *On-access scanning enabled* (Updated)
* Utworzono nowy punkt przywracania
* Resident AV is active


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Poprzednie uruchomienie -------
.
C:\cb.exe
C:\i.com
c:\windows\AhnRpta.exe
d:\cb.exe
d:\i.com

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-02-15 do 2009-03-15  )))))))))))))))))))))))))))))))
.

2009-03-15 20:19 . 2009-03-15 20:19   502,368   --a------   C:\WINDOWS\system32\drivers\amon.sys
2009-03-15 20:19 . 2009-03-15 20:19   274,432   --a------   C:\WINDOWS\system32\_mon.d00
2009-03-15 19:32 . 2006-03-02 13:00   605,696   --a------   C:\WINDOWS\system32\getuname.dll
2009-03-13 14:30 . 2009-03-15 20:52   <DIR>   d--------   C:\Program Files\Spyware Doctor
2009-03-13 14:30 . 2009-03-13 14:30   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\PC Tools
2009-03-13 14:30 . 2008-08-25 12:36   81,288   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2009-03-13 14:30 . 2008-08-25 12:36   66,952   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2009-03-13 14:30 . 2008-08-25 12:36   40,840   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2009-03-13 14:30 . 2008-06-02 16:19   29,576   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2009-03-12 19:12 . 2009-03-12 19:12   <DIR>   d--------   C:\Documents and Settings\admin\.gstreamer-0.10
2009-03-12 11:17 . 2009-03-15 21:59   <DIR>   d--------   C:\Program Files\ESET
2009-03-12 11:17 . 2009-03-13 14:25   12   --a------   C:\WINDOWS\system32\mapisvc.inf
2009-03-10 22:12 . 2009-03-15 19:23   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\Nowe Gadu-Gadu
2009-03-10 22:06 . 2009-03-10 22:06   <DIR>   d--------   C:\Program Files\Nowe Gadu-Gadu
2009-03-10 16:27 . 2009-03-15 19:07   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\skypePM
2009-03-10 16:27 . 2009-03-10 16:27   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2009-03-10 16:26 . 2009-03-15 20:53   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-03-10 16:22 . 2009-03-15 21:53   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\Skype
2009-03-10 16:21 . 2009-03-10 16:21   <DIR>   d--------   C:\Program Files\Common Files\Skype
2009-03-10 16:20 . 2009-03-10 16:21   <DIR>   dr-------   C:\Program Files\Skype
2009-03-10 16:19 . 2009-03-10 16:21   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2009-03-10 16:07 . 2009-03-10 16:07   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2009-03-06 18:42 . 2009-03-06 18:42   <DIR>   d--------   C:\Program Files\Axesstel
2009-03-06 18:42 . 2008-09-16 03:19   118,784   -ra------   C:\Program Files\MSP_Uninstall.exe
2009-03-06 18:42 . 2008-09-16 03:19   90,112   -ra------   C:\Program Files\axesstel.dll
2009-03-06 18:42 . 2008-09-16 03:18   40,064   -ra------   C:\WINDOWS\system32\drivers\Axtmvmdm.sys
2009-03-06 18:42 . 2008-09-16 03:19   38,784   -ra------   C:\WINDOWS\system32\drivers\Axtmvprt.sys
2009-03-06 18:42 . 2008-09-16 03:18   3,456   -ra------   C:\WINDOWS\system32\drivers\Axtmvflt.sys
2009-03-06 11:19 . 2009-03-06 11:19   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\SPORE Creature Creator
2009-02-26 09:04 . 2009-02-26 09:04   <DIR>   d--------   C:\Program Files\VID_0E8F&PID_0003
2009-02-25 11:14 . 2009-02-25 11:14   <DIR>   d--------   C:\Documents and Settings\LocalService\Dane aplikacji\AVG7
2009-02-25 11:14 . 2009-02-25 11:32   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\avg7
2009-02-25 11:14 . 2009-02-25 11:18   <DIR>   d--------   C:\Documents and Settings\admin\Dane aplikacji\AVG7
2009-02-16 10:28 . 2009-02-16 10:28   0   --a------   C:\WINDOWS\nsreg.dat
2009-02-16 10:27 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2009-02-16 10:27 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2009-02-16 10:27 . 2009-03-06 23:33   2,950   --a------   C:\WINDOWS\mozver.dat
2009-02-16 10:26 . 2009-02-16 10:26   <DIR>   d--------   C:\Program Files\Huawei technologies
2009-02-16 10:26 . 2007-07-11 11:05   101,120   --a------   C:\WINDOWS\system32\drivers\ewusbmdm.sys
2009-02-16 10:26 . 2007-07-11 11:02   24,448   --a------   C:\WINDOWS\system32\drivers\ewdcsc.sys

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 10:03   ---------   d-----w   C:\Program Files\Trend Micro
2009-03-06 17:45   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2009-03-06 10:19   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2009-03-06 10:17   ---------   d-----w   C:\Program Files\Electronic Arts
2009-02-25 10:41   ---------   d-----w   C:\Program Files\Sprint Cars
2009-02-15 09:12   ---------   d-----w   C:\Documents and Settings\admin\Dane aplikacji\PC Suite
2009-02-14 14:15   ---------   d-----w   C:\Program Files\Trabi Racer
2009-02-14 14:15   ---------   d-----w   C:\Program Files\Ri-li
2009-02-14 14:15   ---------   d-----w   C:\Program Files\Micro Madness
2009-02-14 14:14   ---------   d-----w   C:\Program Files\Realtek Sound Manager
2009-02-14 14:14   ---------   d-----w   C:\Program Files\Real Alternative
2009-02-14 14:14   ---------   d-----w   C:\Program Files\PLAY ONLINE
2009-02-14 14:14   ---------   d-----w   C:\Program Files\Media Player Classic
2009-02-14 14:14   ---------   d-----w   C:\Program Files\AvRack
2009-02-10 16:00   ---------   d-----w   C:\Documents and Settings\admin\Dane aplikacji\ZoomBrowser EX
2009-02-06 13:24   93,336   ----a-w   C:\WINDOWS\system32\drivers\epfwtdir.sys
2009-02-06 13:23   106,208   ----a-w   C:\WINDOWS\system32\drivers\ehdrv.sys
2009-02-06 13:19   113,448   ----a-w   C:\WINDOWS\system32\drivers\eamon.sys
2008-02-22 20:56   19,552   ----a-w   C:\Documents and Settings\admin\Dane aplikacji\GDIPFONTCACHEV1.DAT
2002-06-20 14:22   51   ----a-w   C:\Program Files\am.url
.

------- Sigcheck -------

2006-07-27 09:34  504832  381221f69d1248864861889a64f100b6   C:\WINDOWS\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:55 1667584]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 17:25 1961984]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-01-29 14:01 23975720]
"Nowe Gadu-Gadu"="C:\Program Files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 17:12 9339496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 19:41 33792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"pccguide.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" [2003-03-26 14:00 258048]
"PCCClient.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" [2003-03-26 13:52 462848]
"Pop3trap.exe"="C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" [2003-03-26 13:56 315458]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 12:36 1168264]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2009-03-15 20:19 921600]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [2009-02-06 14:23:18 106208]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [2009-02-06 14:24:24 93336]
R2 PCC_PFW;PC-Cillin Personal Firewall;C:\WINDOWS\system32\drivers\PCC_PFW.sys [2003-03-26 13:50:38 56796]
R2 PCCPFW;PC-cillin PersonalFirewall;C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe [2003-03-26 13:53:04 163840]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-03-13 14:30:08 356920]
R2 Tmfilter;Tmfilter;C:\WINDOWS\system32\drivers\TmXPFlt.sys [2003-01-25 04:11:22 174720]
R2 Tmntsrv;Trend NT Realtime Service;C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe [2003-03-26 13:56:24 176128]
R2 Tmpreflt;Tmpreflt;C:\WINDOWS\system32\drivers\tmpreflt.sys [2003-01-25 04:11:20 18432]
R3 Axtmvflt;Axesstel USB Filter Service;C:\WINDOWS\system32\drivers\Axtmvflt.sys [2009-03-06 18:42:34 3456]
R3 Axtmvmdm;Axesstel USB Modem;C:\WINDOWS\system32\drivers\Axtmvmdm.sys [2009-03-06 18:42:34 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;C:\WINDOWS\system32\drivers\Axtmvprt.sys [2009-03-06 18:42:34 38784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5858850-fc0b-11dd-8365-0015f259289a}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5858852-fc0b-11dd-8365-0015f259289a}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -

ShellExecuteHooks-{BB4C402F-882A-4526-8C08-51278EA437C1} - C:\WINDOWS\system32\afmain0.dll


.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: C:\WINDOWS\system32\imon.dll
FF - ProfilePath - C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\pcjzi8tj.default\
FF - prefs.js: browser.search.selectedEngine - Google
.


Dodano Dzisiaj, 22:10:
Nod wykrył mi 416 wirusów. Wszystkie usunęłam

Dodano Dzisiaj, 22:10:
a ten log jest zrobiony po usunięciu tych wirusów

[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.