Prosze o pomoc. AVASt cojakis czas krzyczy ze mam trojana o nazwie kavos. Zrobilem nawet format dysku... i nie wiem. AVASt dalej krzyczy przy kazdym uruchomieniu kompa
combofix log
- Kod: Zaznacz wszystko
ComboFix 09-02-19.01 - Administrator 2009-02-20 22:03:58.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1523 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090220-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.
2009-02-20 21:55 . 2009-02-20 21:55 <DIR> d-------- c:\program files\Yahoo!
2009-02-20 21:55 . 2009-02-20 21:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-20 21:55 . 2009-02-20 21:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-02-20 21:54 . 2009-02-20 21:55 <DIR> d-------- c:\program files\CCleaner
2009-02-20 21:27 . 2009-02-20 21:27 <DIR> d-------- c:\windows\system32\Lang
2009-02-20 21:27 . 2009-02-20 21:27 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-02-20 21:27 . 2009-02-20 21:27 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-02-20 21:09 . 2009-02-20 21:09 <DIR> d-------- c:\program files\ATI Technologies
2009-02-20 20:45 . 2008-04-14 00:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2009-02-20 20:44 . 2009-02-20 20:45 <DIR> d-------- c:\windows\system32\RTCOM
2009-02-20 20:44 . 2009-02-20 20:44 <DIR> d-------- c:\program files\Realtek
2009-02-20 10:46 . 2009-02-20 21:09 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-02-20 10:46 . 2009-02-20 21:10 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-02-20 10:46 . 2009-02-20 10:46 <DIR> d-------- c:\program files\Atheros
2009-02-20 10:44 . 2009-02-20 11:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-20 10:44 . 2009-02-20 11:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue
2009-02-20 10:11 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-02-18 23:06 . 2009-02-18 23:06 <DIR> d---s---- c:\windows\system32\Microsoft
2009-02-18 23:06 . 2009-02-18 23:06 <DIR> d--hs---- c:\documents and settings\LocalService
2009-02-18 23:06 . 2009-02-20 21:55 <DIR> d-------- c:\documents and settings\Administrator
2009-02-18 23:05 . 2009-02-20 11:03 <DIR> d--hs---- c:\documents and settings\NetworkService
2009-02-18 23:05 . 2009-02-18 23:05 8,192 --a------ c:\windows\REGLOCS.OLD
2009-02-18 23:03 . 2008-04-14 04:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-02-18 23:02 . 2009-02-18 23:02 <DIR> d-------- c:\windows\system32\xircom
2009-02-18 23:02 . 2009-02-18 23:02 <DIR> d-------- c:\program files\microsoft frontpage
2009-02-18 23:01 . 2009-02-18 23:01 316,640 --a------ c:\windows\WMSysPr9.prx
2009-02-18 23:01 . 2009-02-18 23:01 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-02-18 23:01 . 2009-02-18 23:01 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-02-18 23:01 . 2009-02-20 21:35 2,626 --a------ c:\windows\system32\CONFIG.NT
2009-02-18 23:01 . 2009-02-18 23:01 0 --a------ c:\windows\control.ini
2009-02-18 23:00 . 2009-02-18 23:00 <DIR> d---s---- c:\windows\Downloaded Program Files
2009-02-18 23:00 . 2009-02-18 23:00 <DIR> d--hs---- c:\documents and settings\All Users\DRM
2009-02-18 23:00 . 2008-04-14 04:00 4,399,505 --a--c--- c:\windows\system32\dllcache\nls302en.lex
2009-02-18 23:00 . 2009-02-18 23:00 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-18 23:00 . 2009-02-18 23:00 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-18 23:00 . 2009-02-18 23:00 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-18 23:00 . 2009-02-18 23:00 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-18 23:00 . 2009-02-18 23:00 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-18 23:00 . 2009-02-18 23:00 749 -rah----- c:\windows\system32\cdplayer.exe.manifest
2009-02-18 23:00 . 2009-02-18 23:00 488 -rah----- c:\windows\system32\WindowsLogon.manifest
2009-02-18 23:00 . 2009-02-18 23:00 488 -rah----- c:\windows\system32\logonui.exe.manifest
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 04:44 315,392 ----a-w c:\windows\HideWin.exe
2009-02-20 18:46 21,275 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-18 22:15 --------- d-----w c:\program files\Alwil Software
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-03-25 335961]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-18 20560]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ATI_HOTKEY_POLLER
*NewlyCreated* - CLR_OPTIMIZATION_V2.0.50727_32
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 22:04:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-20 22:05:31
ComboFix-quarantined-files.txt 2009-02-21 06:05:29
ComboFix2.txt 2009-02-21 05:41:28
Pre-Run: 37,146,734,592 bytes free
Post-Run: 37,137,313,792 bytes free
94
hijack
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:45 PM, on 2/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--
End of file - 3232 bytes
oraz skasuj folder C:\
