Re: czy to na prawdę Trojan?

FasolTrigger · 11 Grudzień 2007 21:20

Witam panowie, mam ten sam problem. Chcialem wejsc na dysk D i nagle problem, avast mi krzyczy, ze mam wlasnie tego trojana. Jak wylacze avast, moge ejsc na dysk, al chyba nie tedy droga. Prosze bardzo o pomoc.

A jak wy to widzicie ??

Gutek · 11 Grudzień 2007 21:32

Daj log z ComboFix

FasolTrigger · 11 Grudzień 2007 21:39

Prosze.

ComboFix 07-12-12.3 - Fasol 2007-12-11 22:34:47.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.365 [GMT 1:00] Running from: C:\Documents and Settings\Fasol\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))) . 2007-12-11 21:22 . 2007-12-11 21:26 2007-12-11 21:21 . 2007-12-11 21:21 2007-12-11 07:48 . 2007-12-11 07:48 2007-11-26 22:18 . 2007-11-26 22:19 2007-11-26 22:18 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm 2007-11-26 22:18 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2007-11-20 00:16 . 2007-11-20 00:16 2007-11-20 00:16 . 2007-11-23 21:56 2007-11-20 00:16 . 2007-11-20 00:16 2007-11-19 22:57 . 2007-09-17 20:25 514,432 --a------ C:\WINDOWS\system32\drivers\L6PODLV.sys 2007-11-19 22:57 . 2007-09-17 20:22 118,784 --a------ C:\WINDOWS\system32\l6podlv.dll 2007-11-19 22:43 . 2007-11-19 22:57 2007-11-18 19:29 . 2007-11-18 19:29 455 --a------ C:\WINDOWS\QIII.INI 2007-11-18 19:28 . 2007-11-18 19:29 2007-11-13 12:10 . 2007-12-10 23:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-13 12:10 . 2007-11-13 12:10 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-13 10:55 . 2007-11-13 10:56 2007-11-12 12:05 . 2007-11-26 22:09 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-11 20:16 --------- d-----w C:\Documents and Settings\Fasol\Dane aplikacji\Skype 2007-12-04 16:40 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-11-29 16:55 19,672 ----a-w C:\Documents and Settings\Fasol\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-11-06 15:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Drumsite 2007-11-04 19:16 --------- d-----w C:\Program Files\DivX 2007-11-03 19:42 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-31 17:11 --------- d-----w C:\Documents and Settings\Fasol\Dane aplikacji\BitTorrent 2007-10-31 16:39 --------- d-----w C:\Documents and Settings\Fasol\Dane aplikacji\GetRightToGo 2007-10-29 12:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-10-13 11:31 --------- d-----w C:\Program Files\Acoustica Beatcraft 2005-11-11 15:59 56 --sh–r C:\WINDOWS\system32\57AC34B90E.sys 2005-11-11 15:59 10,022 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Microsoft Windows Updata”=“scvhost.exe” [] “MSN7 Startup”=“msn7.exe” [] “LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe” [2006-03-30 16:21] “LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-06-08 13:44] “Skype”=“D:\Skype\Phone\Skype.exe” [2006-04-13 11:25] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-09-03 14:18] “Steam”=“D:\gry\Steam\Steam.exe” [] “DAEMON Tools”=“D:\DAEMON Tools\daemon.exe” [2007-08-29 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2002-06-14 10:21 C:\WINDOWS\SOUNDMAN.EXE] “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-03 23:44 C:\WINDOWS\system32\bthprops.cpl] “SmcService”=“C:\PROGRA~1\Sygate\SPF\smc.exe” [2003-10-21 15:36] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2005-11-26 14:27] “LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [2005-07-19 16:32] “LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-06-08 14:24] “LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-06-08 14:14] “avast!”=“D:\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] “NWEReboot”="" [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” [2006-11-09 15:07] “Logitech Utility”=“Logi_MwX.Exe” [2003-11-07 10:50 C:\WINDOWS\LOGI_MWX.EXE] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-03 23:44] “Microsoft Windows Updata”=“scvhost.exe” [] “MSN7 Startup”=“msn7.exe” [] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-03-30 16:21:29] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys S3 XDva007;XDva007;??\C:\WINDOWS\system32\XDva007.sys *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-12 22:36:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes …

Tak jak bylo tak wklejam, plz help Moze chcesz moje gg, zeby nam sie latwiej komunikowalo ?

Gutek · 11 Grudzień 2007 21:48

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

FasolTrigger · 11 Grudzień 2007 22:03

Usunalem folder na Q na dysku c, robie loga. Zaraz g ozapodam. Pytanko, coz logiem ktory robilem przed usunieciem tego folderu, dac go, one sie podmenia ? WYlaczy avasta podczas pracy combo ?

EDIT:

ComboFix 07-12-12.3 - Fasol 2007-12-12 23:01:52.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.447 [GMT 1:00] Running from: C:\Documents and Settings\Fasol\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))) . 2007-12-11 21:22 . 2007-12-11 21:26 2007-12-11 07:48 . 2007-12-11 07:48 2007-11-26 22:18 . 2007-11-26 22:19 2007-11-26 22:18 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm 2007-11-26 22:18 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2007-11-20 00:16 . 2007-11-20 00:16 2007-11-20 00:16 . 2007-11-23 21:56 2007-11-20 00:16 . 2007-11-20 00:16 2007-11-19 22:57 . 2007-09-17 20:25 514,432 --a------ C:\WINDOWS\system32\drivers\L6PODLV.sys 2007-11-19 22:57 . 2007-09-17 20:22 118,784 --a------ C:\WINDOWS\system32\l6podlv.dll 2007-11-19 22:43 . 2007-11-19 22:57 2007-11-18 19:29 . 2007-11-18 19:29 455 --a------ C:\WINDOWS\QIII.INI 2007-11-18 19:28 . 2007-11-18 19:29 2007-11-13 12:10 . 2007-12-10 23:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-13 12:10 . 2007-11-13 12:10 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-13 10:55 . 2007-11-13 10:56 2007-11-12 12:05 . 2007-12-12 23:00 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-12 21:58 --------- d-----w C:\Documents and Settings\Fasol\Dane aplikacji\Skype 2007-12-04 16:40 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-11-29 16:55 19,672 ----a-w C:\Documents and Settings\Fasol\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-11-06 15:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Drumsite 2007-11-04 19:16 --------- d-----w C:\Program Files\DivX 2007-11-03 19:42 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-31 17:11 --------- d-----w C:\Documents and Settings\Fasol\Dane aplikacji\BitTorrent 2007-10-31 16:39 --------- d-----w C:\Documents and Settings\Fasol\Dane aplikacji\GetRightToGo 2007-10-29 12:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-10-13 11:31 --------- d-----w C:\Program Files\Acoustica Beatcraft 2005-11-11 15:59 56 --sh–r C:\WINDOWS\system32\57AC34B90E.sys 2005-11-11 15:59 10,022 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe” [2006-03-30 16:21] “LogitechSoftwareUpdate”=“C:\Program Files\Logitech\Video\ManifestEngine.exe” [2005-06-08 13:44] “Skype”=“D:\Skype\Phone\Skype.exe” [2006-04-13 11:25] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-09-03 14:18] “Steam”=“D:\gry\Steam\Steam.exe” [] “DAEMON Tools”=“D:\DAEMON Tools\daemon.exe” [2007-08-29 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2002-06-14 10:21 C:\WINDOWS\SOUNDMAN.EXE] “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-03 23:44 C:\WINDOWS\system32\bthprops.cpl] “SmcService”=“C:\PROGRA~1\Sygate\SPF\smc.exe” [2003-10-21 15:36] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2005-11-26 14:27] “LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [2005-07-19 16:32] “LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2005-06-08 14:24] “LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2005-06-08 14:14] “avast!”=“D:\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” [2006-11-09 15:07] “Logitech Utility”=“Logi_MwX.Exe” [2003-11-07 10:50 C:\WINDOWS\LOGI_MWX.EXE] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-03 23:44] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-03-30 16:21:29] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys S3 XDva007;XDva007;??\C:\WINDOWS\system32\XDva007.sys *Newly Created Service* - HTTPFILTER .

Prosze o to log.

FasolTrigger · 11 Grudzień 2007 22:17

Sory, ze post pod postem, ale moze nie zauwazyles ze zrobilem edita. Nawet przy wlaczony avascie moge wejsc na d. Chyba pomoglo, aczkolwiek prosilbym o odp. Teraz niestety musze isc spac, nie moge dluzej czekac, a widze ze nie jestes online, chyba, ze modom nie pokazuje Jutro odwiedze stronke. Pozdrawiam i dzieki za pomoc ! Malo takich ludzi

Gutek · 12 Grudzień 2007 22:49

Skan AVG Anti-Spyware 7.5 po update

Optymalizacja XP: viewtopic.php?t=76580

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools