Avast!- 4 Home Edition wykrył , proszę o sprawdzenie loga z Combo…i żeby było ciekawiej…to w trakcie gdy Combo jeszcze pracował…avast znowu wysłał komunikat o wykryciu trojana, którego umiesciłam w kwarantanie.Z góry dziękuję za pomoc, a oto log z Combo :
ComboFix 07-12-19.7 - HA 2007-12-19 23:23:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.161 [GMT 1:00]
Running from: C:\Documents and Settings\HA\Pulpit\ComboFix\ComboFix.exe
Command switches used :: C:\Documents and Settings\HA\Pulpit\ComboFix\CFScript.txt
* Created a new restore point
FILE
C:\116.tmp
C:\118.tmp
C:\DOCUME~1\HA\USTAWI~1\Temp\winlogon.exe
C:\WINDOWS\system32\drivers\ntosnh.sys
C:\WINDOWS\system32\drivers\ntoss.sys
C:\WINDOWS\system32\ldr.exe
C:\WINDOWS\system32\w32sys3.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\116.tmp
C:\118.tmp
C:\DOCUME~1\HA\USTAWI~1\Temp\winlogon.exe
C:\WINDOWS\system32\DefLib.sys
C:\WINDOWS\system32\drivers\ntosnh.sys
C:\WINDOWS\system32\drivers\ntoss.sys
C:\WINDOWS\system32\ldr.exe
C:\WINDOWS\system32\w32sys3.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NTOSNH.SYS
-------\ntosnh.sys
-------\ntoss.sys
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.
2007-12-19 21:36 .
2007-12-19 21:36 .
2007-12-18 11:43 . 2007-12-18 11:51
2007-12-17 19:59 . 2007-12-17 20:14
2007-12-17 11:13 . 2007-12-17 11:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-17 11:13 . 2007-12-17 11:13 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-15 09:31 . 2007-12-15 09:31
2007-12-12 18:08 . 2007-12-12 18:10 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-10 12:30 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe
2007-12-10 12:30 . 2007-02-10 15:40 20,480 --a------ C:\WINDOWS\FixCamera.exe
2007-12-10 12:29 . 2007-12-15 09:32
2007-12-10 12:29 . 2007-03-10 14:43 270,336 --a------ C:\WINDOWS\tsnpstd3.exe
2007-12-10 12:29 . 2007-02-09 14:13 172,032 --a------ C:\WINDOWS\system32\rsnpstd3.dll
2007-12-10 12:29 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\csnpstd3.dll
2007-12-10 12:14 . 2007-03-26 14:46 10,252,544 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys
2007-12-10 12:14 . 2006-09-19 09:07 827,392 --a------ C:\WINDOWS\vsnpstd3.exe
2007-12-10 12:14 . 2007-03-12 11:41 61,440 --a------ C:\WINDOWS\system32\vsnpstd3.dll
2007-12-10 12:14 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnpstd3.dll
2007-12-10 12:14 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snpstd3.ini
2007-12-10 12:14 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snpstd3.src
2007-11-19 17:39 . 2007-11-19 17:39
2007-11-19 17:35 . 2007-11-19 17:35
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 22:26 --------- d-----w C:\Documents and Settings\HA\Dane aplikacji\OpenOffice.org2
2007-12-18 21:08 --------- d-----r C:\Program Files\avast!4 Home Edition
2007-12-17 10:41 --------- d-----w C:\Program Files\HQ Codec
2007-12-12 17:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-12-10 11:29 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-19 16:46 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 02:03 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-16 21:04 --------- d-----w C:\Program Files\MSBuild
2007-11-16 21:04 --------- d-----w C:\Program Files\Microsoft Works
2007-11-16 21:01 --------- d-----w C:\Program Files\Przeglądarka migawek
2007-11-16 20:59 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-11-15 19:06 --------- d-----w C:\Program Files\jv16 PowerTools 1.3.0.195
2007-11-15 19:05 --------- d-----r C:\Program Files\Odkurzacz 10.2 Proffesinal
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 20:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink
2007-11-05 09:55 --------- d-----w C:\Documents and Settings\HA\Dane aplikacji\Skype
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1998-04-30 13:56 129,024 ----a-w C:\Program Files\UNWISE.EXE
2006-03-03 22:23 56 --sh–r C:\WINDOWS\system32\00239428C1.sys
2006-08-30 05:49 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2007-12-19_21.35.31.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-19 22:26:29 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44]
“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz 10.2 Proffesinal\Odkurzacz\odk_mcd.exe” [2006-08-02 22:46]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24]
“Firewall auto setup”=“C:\DOCUME~1\HA\USTAWI~1\Temp\winlogon.exe” []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NVRaidService”=“C:\WINDOWS\system32\nvraidservice.exe” [2004-06-11 04:15]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-12 21:05]
“TkBellExe”=“realsched.exe” []
“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 17:35]
“LXCCCATS”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll” [2005-07-20 14:44]
“lxccmon.exe”=“C:\Program Files\Lexmark 3300 Series\lxccmon.exe” [2005-07-21 01:17]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 03:10]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-15 18:01]
“avast!”=“C:\PROGRA~1\AVAST!~1\ashDisp.exe” [2007-12-04 14:00]
“PowerDVD”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe” [2004-01-07 18:10]
“WinampAgent”=“C:\Program Files\Winamp\Aktualizacja\Winamp\winampa.exe” [2007-05-14 23:22]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47]
“FixCamera”=“C:\WINDOWS\FixCamera.exe” [2007-02-10 15:40]
“tsnpstd3”=“C:\WINDOWS\tsnpstd3.exe” [2007-03-10 14:43]
“combofix”=“C:\WINDOWS\system32\cmd.exe” [2004-08-03 23:44]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44]
C:\Documents and Settings\HA\Menu Start\Programy\Autostart\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“ose”=3 (0x3)
“odserv”=3 (0x3)
“Microsoft Office Groove Audit Service”=3 (0x3)
“lxcc_device”=3 (0x3)
“Adobe LM Service”=3 (0x3)
R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2006-03-11 16:32]
R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 11:58]
S3 WNUSCTLH;NEC 606 CONTROL Driver;C:\WINDOWS\system32\DRIVERS\WNUSCTLH.SYS [2002-04-18 02:00]
S3 WNUSENUH;NEC 606 ENUMERATION Driver;C:\WINDOWS\system32\DRIVERS\WNUSENUH.SYS [2002-04-18 02:00]
S3 WNUSMDMH;NEC 606 Modem Driver;C:\WINDOWS\system32\DRIVERS\WNUSMDMH.sys [2002-07-12 02:00]
S3 WNUSOBXH;NEC 606 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\WNUSOBXH.sys [2002-09-12 02:00]
S3 WNUSTACH;NEC 606 Command Port Driver;C:\WINDOWS\system32\DRIVERS\WNUSTACH.sys [2002-04-18 02:00]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 23:26:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-19 23:27:45 - machine was rebooted
C:\ComboFix2.txt … 2007-12-19 21:36
.
2007-12-12 17:10:37 — E O F —