Menedzer Zadan, Edycja Rejestru

[pawelw111]

Witam, mam powazny problem z komputerem. Juz 3 raz format zrobilem, tym razem zainstalowalem xp 64, ale ciagle mam trojana, ktory blokuje mi dostep m.in. do menedzeru zadan i edycji rejestru. Nie wiem dlaczego tak sie dzieje, bo robie format, nie lacze sie z internetem a juz mam trojana, ktory mi w/w blokuje. Co zrobic?

 

Pozdrawiam

[pawelw111]

Logi z HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:44:42 PM, on 11/19/2008Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)Boot mode: NormalRunning processes:C:\WINDOWS\SysWOW64\CTsvcCDA.exeC:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exeC:\Program Files (x86)\VDOTool\TBPanel.exeC:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\autoclk.exeC:\WINDOWS\autoclk.exeC:\Program Files (x86)\foobar2000\foobar2000.exeC:\Program Files (x86)\Gadu-Gadu\gg.exeC:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files (x86)\AutoPatcher\autopatcher.exeC:\WINDOWS\system32\cmd.exeC:\Program Files (x86)\AutoPatcher\modules\AddOns\shockwave\Shockwave_Installer_Slim.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeF2 - REG:system.ini: UserInit=userinitO4 - HKLM\..\Run: [GEST] cQEO4 - HKLM\..\Run: [TBPanel] "C:\Program Files (x86)\VDOTool\TBPanel.exe" /AO4 - HKLM\..\Run: [CTSysVol] "C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /rO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [autoclk] autoclk.exeO4 - HKLM\..\Run: [adiras] adiras.exeO4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{4AE3A~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{4AE3A~1\reboot.ini  -l0x9O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NIDO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files (x86)\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')O4 - Global Startup: DSLMON.lnk = ?O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{619C164C-69CF-4E79-9A34-D54567E7A320}: NameServer = 194.204.159.1 217.98.63.164O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exeO23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)--End of file - 5012 bytes

[Kolobos]

Daj log z combofix.

[pawelw111]

Ale niestety combofix nie obsługuje 64 xp :/

[Kolobos]

W hjt usun tylko:

F2 - REG:system.ini: UserInit=userinit

O4 - HKLM\..\Run: [GEST] cQE

 

Zrob tez skan przy pomocy Dr.Web CureIt oraz AVPTool i moze cos usuna.