Avast wykryl trojany prosze o sprawdzenie loga z Combo

Dla specjalistów Bezpieczeństwo
#1

Avast!- 4 Home Edition wykrył , proszę o sprawdzenie loga z Combo…i żeby było ciekawiej…to w trakcie gdy Combo jeszcze pracował…avast znowu wysłał komunikat o wykryciu trojana, którego umiesciłam w kwarantanie.Z góry dziękuję za pomoc, a oto log z Combo :

ComboFix 07-12-19.7 - HA 2007-12-19 23:23:15.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.161 [GMT 1:00]

Running from: C:\Documents and Settings\HA\Pulpit\ComboFix\ComboFix.exe

Command switches used :: C:\Documents and Settings\HA\Pulpit\ComboFix\CFScript.txt

* Created a new restore point

FILE

C:\116.tmp

C:\118.tmp

C:\DOCUME~1\HA\USTAWI~1\Temp\winlogon.exe

C:\WINDOWS\system32\drivers\ntosnh.sys

C:\WINDOWS\system32\drivers\ntoss.sys

C:\WINDOWS\system32\ldr.exe

C:\WINDOWS\system32\w32sys3.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\116.tmp

C:\118.tmp

C:\DOCUME~1\HA\USTAWI~1\Temp\winlogon.exe

C:\WINDOWS\system32\DefLib.sys

C:\WINDOWS\system32\drivers\ntosnh.sys

C:\WINDOWS\system32\drivers\ntoss.sys

C:\WINDOWS\system32\ldr.exe

C:\WINDOWS\system32\w32sys3.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_NTOSNH.SYS

-------\ntosnh.sys

-------\ntoss.sys

((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))

.

2007-12-19 21:36 .

2007-12-19 21:36 .

2007-12-18 11:43 . 2007-12-18 11:51

2007-12-17 19:59 . 2007-12-17 20:14

2007-12-17 11:13 . 2007-12-17 11:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-17 11:13 . 2007-12-17 11:13 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-15 09:31 . 2007-12-15 09:31

2007-12-12 18:08 . 2007-12-12 18:10 1,393 --a------ C:\WINDOWS\imsins.BAK

2007-12-10 12:30 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe

2007-12-10 12:30 . 2007-02-10 15:40 20,480 --a------ C:\WINDOWS\FixCamera.exe

2007-12-10 12:29 . 2007-12-15 09:32

2007-12-10 12:29 . 2007-03-10 14:43 270,336 --a------ C:\WINDOWS\tsnpstd3.exe

2007-12-10 12:29 . 2007-02-09 14:13 172,032 --a------ C:\WINDOWS\system32\rsnpstd3.dll

2007-12-10 12:29 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\csnpstd3.dll

2007-12-10 12:14 . 2007-03-26 14:46 10,252,544 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys

2007-12-10 12:14 . 2006-09-19 09:07 827,392 --a------ C:\WINDOWS\vsnpstd3.exe

2007-12-10 12:14 . 2007-03-12 11:41 61,440 --a------ C:\WINDOWS\system32\vsnpstd3.dll

2007-12-10 12:14 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnpstd3.dll

2007-12-10 12:14 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snpstd3.ini

2007-12-10 12:14 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snpstd3.src

2007-11-19 17:39 . 2007-11-19 17:39

2007-11-19 17:35 . 2007-11-19 17:35

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-19 22:26 --------- d-----w C:\Documents and Settings\HA\Dane aplikacji\OpenOffice.org2

2007-12-18 21:08 --------- d-----r C:\Program Files\avast!4 Home Edition

2007-12-17 10:41 --------- d-----w C:\Program Files\HQ Codec

2007-12-12 17:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2007-12-10 11:29 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-11-19 16:46 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-18 02:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-11-16 21:04 --------- d-----w C:\Program Files\MSBuild

2007-11-16 21:04 --------- d-----w C:\Program Files\Microsoft Works

2007-11-16 21:01 --------- d-----w C:\Program Files\Przeglądarka migawek

2007-11-16 20:59 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2007-11-15 19:06 --------- d-----w C:\Program Files\jv16 PowerTools 1.3.0.195

2007-11-15 19:05 --------- d-----r C:\Program Files\Odkurzacz 10.2 Proffesinal

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-12 20:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink

2007-11-05 09:55 --------- d-----w C:\Documents and Settings\HA\Dane aplikacji\Skype

2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

1998-04-30 13:56 129,024 ----a-w C:\Program Files\UNWISE.EXE

2006-03-03 22:23 56 --sh–r C:\WINDOWS\system32\00239428C1.sys

2006-08-30 05:49 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( snapshot@2007-12-19_21.35.31.56 )))))))))))))))))))))))))))))))))))))))))

.

  • 2007-12-19 22:26:29 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44]

“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz 10.2 Proffesinal\Odkurzacz\odk_mcd.exe” [2006-08-02 22:46]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24]

“Firewall auto setup”=“C:\DOCUME~1\HA\USTAWI~1\Temp\winlogon.exe” []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NVRaidService”=“C:\WINDOWS\system32\nvraidservice.exe” [2004-06-11 04:15]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-12 21:05]

“TkBellExe”=“realsched.exe” []

“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 17:35]

“LXCCCATS”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll” [2005-07-20 14:44]

“lxccmon.exe”=“C:\Program Files\Lexmark 3300 Series\lxccmon.exe” [2005-07-21 01:17]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 03:10]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-15 18:01]

“avast!”=“C:\PROGRA~1\AVAST!~1\ashDisp.exe” [2007-12-04 14:00]

“PowerDVD”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe” [2004-01-07 18:10]

“WinampAgent”=“C:\Program Files\Winamp\Aktualizacja\Winamp\winampa.exe” [2007-05-14 23:22]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47]

“FixCamera”=“C:\WINDOWS\FixCamera.exe” [2007-02-10 15:40]

“tsnpstd3”=“C:\WINDOWS\tsnpstd3.exe” [2007-03-10 14:43]

“combofix”=“C:\WINDOWS\system32\cmd.exe” [2004-08-03 23:44]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44]

C:\Documents and Settings\HA\Menu Start\Programy\Autostart\

OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“ose”=3 (0x3)

“odserv”=3 (0x3)

“Microsoft Office Groove Audit Service”=3 (0x3)

“lxcc_device”=3 (0x3)

“Adobe LM Service”=3 (0x3)

R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2006-03-11 16:32]

R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 11:58]

S3 WNUSCTLH;NEC 606 CONTROL Driver;C:\WINDOWS\system32\DRIVERS\WNUSCTLH.SYS [2002-04-18 02:00]

S3 WNUSENUH;NEC 606 ENUMERATION Driver;C:\WINDOWS\system32\DRIVERS\WNUSENUH.SYS [2002-04-18 02:00]

S3 WNUSMDMH;NEC 606 Modem Driver;C:\WINDOWS\system32\DRIVERS\WNUSMDMH.sys [2002-07-12 02:00]

S3 WNUSOBXH;NEC 606 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\WNUSOBXH.sys [2002-09-12 02:00]

S3 WNUSTACH;NEC 606 Command Port Driver;C:\WINDOWS\system32\DRIVERS\WNUSTACH.sys [2002-04-18 02:00]

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-19 23:26:58

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-19 23:27:45 - machine was rebooted

C:\ComboFix2.txt … 2007-12-19 21:36

.

2007-12-12 17:10:37 — E O F —

#2

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222