Witam
Mam problem z komputerem. Wydaje on co ok. 15 minut dźwięk. Jest to dźwięk o nazwie Gwiazdka, sygnalizujący błąd jakiegoś programu. Podejrzewam trojana. Proszę o przejrzenie logów z programów SDFix i ComboBox i HijackThis. Logi podałem w takiej kolejności w jakiej były odpalane programy.
SDFix: Version 1.97
Run by kli on 2007-08-11 at 16:47
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\kli\USTAWI~1\Temp\axsC7.tmp - Deleted
C:\DOCUME~1\kli\USTAWI~1\Temp\hdyEF.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Gry\\Battlefield 2\\BF2.exe"="C:\\Gry\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\pendrive\PocketCache Trial Version\BackupRestoreBus.dll
C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll
C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\VisualStudio\7.1\vs000223.tmp
C:\Documents and Settings\kli\Moje dokumenty\Piotrka\Ergonomia\~WRL2667.tmp
C:\Internet\Piotrka\Moje dokumenty\Dynamika maszyn\~WRL1579.tmp
C:\StaryDysk\Documents and Settings\All Users\Dane aplikacji\Microsoft\VisualStudio\7.1\vs000223.tmp
Finished
ComboFix 07-08-09.3 - "kli" 2007-08-11 17:56:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.590 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))
2007-08-11 17:55 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 16:44
[code] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:36:31, on 2007-08-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\wincmd\WINCMD32.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r O4 - HKLM…\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM…\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [SDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Armed Assault Drivers Auto Removal (pr2agmlb) (pr2agmlb) - Bohemia Interactive - C:\WINDOWS\system32\pr2agmlb.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe – End of file - 7121 bytes
Jakiś program zmodyfikował też mi Zone Alarm i ten się już nie uruchamia. Myślałem że to trojan svcipa.exe (znalazłem taki w koszu) i próbowałem się stosować do wskazówek znalezionych w jednym z wątków, ale SDFix zgłasza brak dostępu, zaś jv16PowerTools nie czyści rejestru. Proszę o pomoc. Boję się podłączać komputer do internetu.