Komputer totalnie zawirusowany!

[Trans33]

Komputer wykazuje oznaki powaznego zakazenia wirusami (same trojany)
Wiesza sie i mamy tu przykład idelnie zaśmieconego kompa...
Powinno byc wszystko w logu

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:27, on 2008-12-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\windowsupdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [Windows Service] windowsupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Windows Service] windowsupdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8943 bytes


[djarta]

O4 - HKLM\..\Run: [Windows Service] windowsupdate.exe
O4 - HKLM\..\RunServices: [Windows Service] windowsup
C:\WINDOWS\system32\windowsupdate.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

1) Użyj (w Trybie Awaryjnym)-->SDFix. (niżej na stronie linku).
Pokaż Report.txt znajdujący się w folderze SDFix.

2) Zamknij robaczywe porty przy pomocy --> Windows Worms Doors Cleaner (niżej na stronie linku)..
Ustaw znaczki na zielono, Netbios może być na żółto.
Po użyciu narzędzia wymagany jest restart.

3) Daj log z ComboFixa.

[Trans33]

tu masz log z combofixa:

Kod: Zaznacz wszystko

ComboFix 08-12-25.04 - Wojtas 2008-12-26 11:28:55.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1535.1179 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Wojtas\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\updater.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-26 do 2008-12-26  )))))))))))))))))))))))))))))))
.

2014-09-01 00:05 . 2004-08-03 22:08   10,624   --a------   c:\windows\system32\drivers\gameenum.sys
2008-12-25 20:45 . 2008-12-25 20:45   <DIR>   d--------   c:\program files\Trend Micro
2008-12-25 20:18 . 2008-12-25 20:18   <DIR>   d--------   c:\program files\Avira
2008-12-25 20:18 . 2008-12-25 20:18   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Avira
2008-12-23 18:32 . 2008-12-23 18:32   <DIR>   d--------   c:\documents and settings\Wojtas\Dane aplikacji\Gadu-Gadu
2008-12-23 12:48 . 2008-12-23 12:48   <DIR>   d--------   c:\program files\Real
2008-12-23 12:48 . 2008-12-23 12:48   <DIR>   d--------   c:\program files\Common Files\xing shared
2008-12-23 12:48 . 2008-12-23 12:48   <DIR>   d--------   c:\program files\Common Files\Real
2008-12-23 12:05 . 2008-12-23 16:46   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2008-12-23 12:05 . 2008-12-23 20:51   <DIR>   d--------   c:\program files\ALLPlayer
2008-12-22 12:00 . 2008-12-23 18:32   <DIR>   d--------   c:\program files\Gadu-Gadu
2008-12-22 12:00 . 2008-12-22 12:00   <DIR>   d--------   c:\documents and settings\Wojtas\Gadu-Gadu
2008-12-20 14:51 . 2008-12-20 14:51   <DIR>   d--------   c:\program files\LucasArts
2008-12-18 23:54 . 2008-12-18 23:54   4,608   --ahs----   c:\windows\Thumbs.db
2008-12-14 15:09 . 2008-12-18 23:54   5,120   --ahs----   c:\windows\system32\Thumbs.db
2008-12-12 19:03 . 2008-12-12 19:03   <DIR>   d--------   c:\program files\Nuclear Coffee
2008-12-08 17:18 . 2008-12-08 17:18   <DIR>   d--------   c:\program files\Opera
2008-12-07 17:56 . 2008-12-07 17:56   <DIR>   d--------   c:\documents and settings\Wojtas\.gstreamer-0.10
2008-12-06 21:10 . 2008-12-06 21:10   <DIR>   d--------   c:\windows\system32\LogFiles
2008-12-03 21:20 . 2008-12-03 21:20   <DIR>   d--------   c:\windows\system32\QuickTime
2008-12-03 21:20 . 2008-03-12 02:37   107,864   --a------   c:\windows\system32\tsccvid.dll
2008-12-03 21:19 . 2008-12-03 21:19   <DIR>   d--------   c:\program files\TechSmith
2008-12-03 21:19 . 2008-12-03 21:19   <DIR>   d--------   c:\program files\Common Files\TechSmith Shared
2008-12-03 21:19 . 2008-12-03 21:19   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\TechSmith
2008-12-03 13:17 . 2008-04-16 04:05   101,587   --a------   c:\windows\Keygen.exe
2008-12-03 12:59 . 2008-12-03 12:59   <DIR>   d--------   c:\program files\bobyte

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 10:01   ---------   d-----w   c:\program files\Damian Pasternak
2008-12-25 20:40   ---------   d-----w   c:\program files\Testy gimnazjalne 2005
2008-12-25 20:40   ---------   d-----w   c:\program files\Snosh
2008-12-25 20:37   ---------   d-----w   c:\program files\Magic Swf2Avi 2008
2008-12-25 20:37   ---------   d-----w   c:\program files\Gimnazjum klasa 2 - Chemia
2008-12-25 20:34   ---------   d-----w   c:\program files\SlySoft
2008-12-25 20:33   ---------   d-----w   c:\program files\Winamp
2008-12-25 20:33   ---------   d-----w   c:\program files\Alice DVD to iPod PSP 3GP PPC H264 MP4 Converter
2008-12-22 10:59   ---------   d-----w   c:\program files\Nowe Gadu-Gadu
2008-12-20 23:18   ---------   d-----w   c:\program files\hp deskjet 5550 series
2008-12-20 14:05   ---------   d-----w   c:\program files\MagicISO
2008-12-20 13:51   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-17 19:07   ---------   d-----w   c:\documents and settings\Wojtas\Dane aplikacji\Nowe Gadu-Gadu
2008-11-25 15:46   ---------   d-----w   c:\documents and settings\Wojtas\Dane aplikacji\Capcom
2008-11-25 15:45   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2008-11-25 15:13   ---------   d-----w   c:\program files\Capcom
2008-11-18 02:34   ---------   d-----w   c:\program files\Just Cause
2008-11-11 11:34   ---------   d-----w   c:\program files\Ad Muncher
2008-11-11 08:53   ---------   d-----w   c:\program files\Internet Download Manager
2008-11-11 08:53   ---------   d-----w   c:\documents and settings\Wojtas\Dane aplikacji\IDM
2008-11-10 20:59   ---------   d-----w   c:\program files\ASCII
2008-11-10 20:48   ---------   d-----w   c:\documents and settings\Wojtas\Dane aplikacji\DMCache
2008-11-06 21:05   43,520   ----a-w   c:\windows\system32\CmdLineExt03.dll
2008-11-06 20:54   ---------   d-----w   c:\program files\THQ
2008-11-06 20:45   ---------   d-----w   c:\program files\DAEMON Tools Toolbar
2008-11-06 20:45   ---------   d-----w   c:\program files\DAEMON Tools Lite
2008-11-06 20:41   717,296   ----a-w   c:\windows\system32\drivers\sptd.sys
2008-11-06 20:41   ---------   d-----w   c:\documents and settings\Wojtas\Dane aplikacji\DAEMON Tools
2008-11-05 15:47   ---------   d-----w   c:\program files\PQDVD
2008-10-30 17:30   ---------   d-----w   c:\program files\SystemRequirementsLab
2008-10-29 14:24   ---------   d-----w   c:\program files\Audacity
2008-10-27 09:04   70,992   ----a-w   c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04   514,384   ----a-w   c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04   235,856   ----a-w   c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04   23,376   ----a-w   c:\windows\system32\X3DAudio1_5.dll
2008-10-10 03:52   452,440   ----a-w   c:\windows\system32\d3dx10_40.dll
2008-10-10 03:52   4,379,984   ----a-w   c:\windows\system32\D3DX9_40.dll
2008-10-10 03:52   2,036,576   ----a-w   c:\windows\system32\D3DCompiler_40.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-09-12 340136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2007-11-03 779776]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-23 185872]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-08-21 16:45 888832 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"<NO NAME>"= :Windows Service


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c92e880-bafe-11dd-bc9c-00304f5174cb}]
\Shell\AutoRun\command - E:\e8kj.exe
\Shell\explore\Command - E:\e8kj.exe
\Shell\open\Command - E:\e8kj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5827dd1d-cc52-11dd-bced-00304f5174cb}]
\Shell\AutoRun\command - E:\2w.cmd
\Shell\explore\Command - E:\2w.cmd
\Shell\open\Command - E:\2w.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594140c6-790c-11dd-bba1-806d6172696f}]
\Shell\AutoRun\command - I:\iqosrtk.bat
\Shell\explore\Command - I:\iqosrtk.bat
\Shell\open\Command - I:\iqosrtk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cbb49e2-8bfa-11dd-bbcf-00304f5174cb}]
\Shell\AutoRun\command - E:\2w.cmd
\Shell\explore\Command - E:\2w.cmd
\Shell\open\Command - E:\2w.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7053e410-d222-11dd-bd08-00304f5174cb}]
\Shell\AutoRun\command - E:\e8kj.exe
\Shell\explore\Command - E:\e8kj.exe
\Shell\open\Command - E:\e8kj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d956eaaa-9aca-11dd-bc10-00304f5174cb}]
\Shell\AutoRun\command - I:\e8kj.exe
\Shell\explore\Command - I:\e8kj.exe
\Shell\open\Command - I:\e8kj.exe

*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\Winamp Toolbar\winamptb.dll
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: {{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
FF - ProfilePath - c:\documents and settings\Wojtas\Dane aplikacji\Mozilla\Firefox\Profiles\qj83bga2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Wojtas\Dane aplikacji\Mozilla\Firefox\Profiles\qj83bga2.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 11:30:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-26 11:30:57
ComboFix-quarantined-files.txt  2008-12-26 10:30:55

Przed: 2 016 514 048 bajtów wolnych
Po: 4,317,315,072 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

187

[djarta]

Gdzie log z SDFixa? W logu widać tylko jakiegoś trojana, którego ściągnełeś z jakimś Keygenem i w rejestrze infekcje na penie.

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
c:\windows\Keygen.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c92e880-bafe-11dd-bc9c-00304f5174cb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5827dd1d-cc52-11dd-bced-00304f5174cb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594140c6-790c-11dd-bba1-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cbb49e2-8bfa-11dd-bbcf-00304f5174cb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7053e410-d222-11dd-bd08-00304f5174cb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d956eaaa-9aca-11dd-bc10-00304f5174cb}]


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.



==============
K.