pomocy/////wklejam logi

[Gość: haker:D]

Witam,

Sciagajac film z torrentow ściągnąłem przypuszczam jakiegos wirusa: awast nie
wykrywa, a jak jakis antywirus wykrywa to usuwa ale infekcja pozostaje, i
wirusy tworza się dalej.
Wklejam logi z pijacka i combo
wklej.org/id/b2bb290d55

wklej.org/id/2a61811f6c

[Gość: Kolobos]

W hijackthis usun:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O8 - Extra context menu item: &Search - kw.bar.need2find.com/KW/menusearch.html?p=KW
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O22 - SharedTaskScheduler: drays - {33b8d257-07f6-4c06-8605-94bc21728635} - C:\WINDOWS\System32\xedasn.dll (file missing)

Podlacz zainfekowany pendrive. Utworz na pulpicie plik CFScript.txt i wklej do niego:

File::
C:\WINDOWS\system32\trzAE.tmp
C:\x6.bat
D:\x6.bat
E:\autorun.inf
E:\x6.bat

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fd7383-1839-11dc-aa0d-00194b4d2120}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c34efc1c-c209-1471-96ba-000e50c9195e}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Server Runtime Process]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft (R) Windows Update Manager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msconfig38]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mysvcig38]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPD]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\secures23]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\u3y5uhnu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YUpdate]

Driver::
UpdateManager

Zapisz i przeciagnij go na ikone combofix.exe, po wykonaniu daj log z combofix + log z SDFix zrobiony w trybie awaryjnym.
Uzyj tez ATF cleaner i usun wszystko z ie temp, temp itd.
Zrob tez skan przy pomocy SuperAntiSpyware.