przez msgarden 17 Lut 2009, 19:28
witam, mój antywirus znalazł ostatnio kilka trojanów. Zrobiłem skany combofixem i hijackthis. Co można z tym zrobić? Dzięki za pomoc
- Kod: Zaznacz wszystko
ComboFix 09-02-15.01 - Misia 2009-02-17 18:07:29.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.1.1045.18.765.301 [GMT 1:00]
Uruchomiony z: c:\users\Misia\Desktop\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AVG\AVG8\avgtoolbar.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-17 do 2009-02-17 )))))))))))))))))))))))))))))))
.
2009-02-15 18:37 . 2009-02-15 18:37 <DIR> d-------- c:\users\Misia\AppData\Roaming\BSplayer Pro
2009-02-15 18:37 . 2009-02-15 18:41 <DIR> d-------- c:\users\Misia\AppData\Roaming\BSplayer
2009-02-15 18:37 . 2009-02-15 18:38 <DIR> d-------- c:\program files\BSplayer
2009-02-15 18:37 . 2009-02-15 18:38 <DIR> d-------- c:\program files\BS.Player ControlBar
2009-02-13 20:19 . 2009-02-15 17:33 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-13 20:12 . 2009-02-17 12:01 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-02-13 20:12 . 2009-02-13 20:12 325,128 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-02-13 20:12 . 2009-02-13 20:12 12,552 --a------ c:\windows\System32\drivers\avgrkx86.sys
2009-02-13 20:12 . 2009-02-13 20:12 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-02-13 20:11 . 2009-02-13 20:11 <DIR> d-------- c:\users\All Users\avg8
2009-02-13 20:11 . 2009-02-13 20:11 <DIR> d-------- c:\programdata\avg8
2009-02-13 20:11 . 2009-02-13 20:11 <DIR> d-------- c:\program files\AVG
2009-02-13 20:11 . 2009-02-13 20:11 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-02-13 18:29 . 2009-02-13 18:29 <DIR> d-------- c:\users\Misia\AppData\Roaming\ESET
2009-02-13 18:15 . 2009-02-13 20:19 <DIR> d-------- c:\users\Misia\AppData\Roaming\cogad
2009-02-13 18:14 . 2009-02-13 18:15 <DIR> d-------- c:\users\Misia\AppData\Roaming\_d64b5a7d31c02628f85db8fc2b9ac543
2009-02-13 18:14 . 2009-02-12 20:25 827,963 --a------ c:\users\Misia\AppData\Roaming\svchost.exe
2009-02-11 19:05 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 19:05 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-05 22:09 . 2009-02-05 22:09 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-05 22:09 . 2009-02-05 22:09 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-05 22:09 . 2009-02-05 22:09 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-05 22:09 . 2009-02-05 22:09 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-05 22:09 . 2009-02-05 22:09 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-05 22:09 . 2009-02-05 22:09 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-05 22:09 . 2009-02-05 22:09 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-05 22:09 . 2009-02-05 22:09 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-01 01:18 . 2009-02-01 01:18 <DIR> d-------- c:\program files\TVAnts
2009-01-24 22:08 . 2009-01-24 22:08 <DIR> d-------- c:\users\Misia\AppData\Roaming\RayV
2009-01-24 19:31 . 2009-01-24 19:31 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 17:03 --------- d-----w c:\users\Misia\AppData\Roaming\uTorrent
2009-02-15 17:43 --------- d-----w c:\users\Misia\AppData\Roaming\Skype
2009-02-15 15:06 --------- d-----w c:\users\Misia\AppData\Roaming\skypePM
2009-02-13 17:37 --------- d-----w c:\program files\ESET
2009-02-13 17:27 --------- d-----w c:\programdata\ESET
2009-02-12 02:02 --------- d-----w c:\program files\Windows Mail
2009-02-05 21:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-13 16:20 --------- d-----w c:\users\Misia\AppData\Roaming\dvdcss
2009-01-01 00:25 --------- d-----w c:\program files\RegCure
2008-12-21 16:29 --------- d-----w c:\program files\Common Files\Nero
2008-12-21 16:28 --------- d-----w c:\programdata\Nero
2008-12-20 23:43 --------- d-----w c:\programdata\TVU Networks
2008-12-20 19:04 --------- d-----w c:\program files\CCleaner
2008-12-20 12:09 --------- d-----w c:\program files\JetAudio
2008-11-23 21:30 174 --sha-w c:\program files\desktop.ini
2008-11-23 21:02 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-23 21:02 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-23 20:15 47,560 ----a-w c:\windows\System32\SPReview.exe
2008-11-23 20:15 152,576 ----a-w c:\windows\System32\SPWizUI.dll
2008-11-01 20:16 2,828 --sha-w c:\users\All Users\KGyGaAvL.sys
2008-11-01 20:16 2,828 --sha-w c:\programdata\KGyGaAvL.sys
2008-11-01 20:15 8 --sh--r c:\users\All Users\CBFDB2303A.sys
2008-11-01 20:15 8 --sh--r c:\programdata\CBFDB2303A.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-28 815104]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-13 1601304]
"S3Trayp"="S3trayp.exe" [2006-12-15 c:\windows\System32\s3trayp.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5D0EFC87-8DFD-41D7-B484-B5EDA3AD50CE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E0BCA1B4-6C5F-4DE3-8CC0-BFA02BD780C3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{E313F939-0F87-4950-BBC8-C72E1EBF5466}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B7B8F047-1B5A-42EB-A4A1-DD11E4AC5821}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{892A3A51-5D27-4146-831C-1205D75134C6}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{601A7F1F-B7A5-4E72-8EA3-B21F72982946}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{BC840136-E30D-4A95-8C0F-41C6F236AE93}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{911EBC84-2907-464B-81E1-6CAD7A4ED075}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{13452879-47C1-48DE-94D7-DE9069280A7E}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{746E652A-AA74-4FC0-9254-FE0C76043C45}c:\\program files\\nero\\nero 9\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 9\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{E944AFF0-03E2-4AB8-8A99-D044134929EF}c:\\program files\\nero\\nero 9\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 9\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{025F496C-8C17-4F52-8EC1-2AEB9967191B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1C742825-B932-4565-BFC9-8C8B7E15FF71}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{3AA90834-0974-4FC7-A16C-8DCF159DF52E}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{525F3819-BE39-4AF2-ADCA-EA2B1C29E86F}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{34E4B0DA-438C-4804-9304-C65813A4D24B}c:\\program files\\rayv\\rayv\\rayv.exe"= UDP:c:\program files\rayv\rayv\rayv.exe:RayV
"UDP Query User{1FB52982-0D99-4566-9B80-599EAC976055}c:\\program files\\rayv\\rayv\\rayv.exe"= TCP:c:\program files\rayv\rayv\rayv.exe:RayV
"{D6627AF6-46A7-4BD4-811F-91B0E50B05E9}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{68EE57A5-2074-4A72-9A66-4E6507DD5354}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{6CC4DBE3-37C3-42C7-9D84-DB3B36DD9A1B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B4A02D8E-5B03-4D69-8B0E-7DD53153081A}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2009-02-13 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-02-13 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-13 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-13 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-13 298264]
R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKModeDX32.sys [2008-10-29 815616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Zawartość folderu 'Zaplanowane zadania'
2009-02-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 10:20]
2009-02-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 10:20]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.com/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {7A398FAE-CF5B-4E4B-88B3-2BCC04EE8CBD} = 217.30.129.149 217.30.137.200
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\users\Misia\AppData\Roaming\Mozilla\Firefox\Profiles\tqcikhkj.default\
FF - prefs.js: browser.startup.homepage - http://www.google.com
Liczba przeniesionych plik˘w: 1.
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\users\Misia\AppData\Roaming\Mozilla\Firefox\Profiles\tqcikhkj.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 18:11:32
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-02-17 18:13:42
ComboFix-quarantined-files.txt 2009-02-17 17:13:38
Przed: 12˙033˙273˙856 bajt˘w wolnych
Po: 11,799,060,480 bajt˘w wolnych
155 --- E O F --- 2009-02-17 08:42:50
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:23, on 2009-02-17
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\s3trayp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Misia\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - Startup: Połącz z — skrót.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A398FAE-CF5B-4E4B-88B3-2BCC04EE8CBD}: NameServer = 217.30.129.149 217.30.137.200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 4539 bytes
Ostatnio edytowany przez
MaTi 17 Lut 2009, 19:38, edytowano w sumie 3 razy
Powód: Logi w tagi code!
oraz skasuj folder C:\
