Trojan BZub

tore0 · 31 Październik 2007 22:48

witam,

zainstalowałem firewalla i po pierwszym teście wykrył mi trojana

log z HJ:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:48:11, on 2007-11-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Winamp\winamp.exe C:\WINDOWS\explorer.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing) O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Outpost Firewall] “C:\Program Files\Agnitum\Outpost Firewall\outpost.exe” /waitservice O4 - HKLM…\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe – End of file - 5138 bytes

pzdr

matio · 31 Październik 2007 22:53

tym się nie przejmuj to zwykłe ciasteczka. Podaj lokalizację zawirusowanego pliku

tore0 · 31 Październik 2007 23:12

problem w tym, że mój firewall (outpost)nie pokazuje mi pliku

usunołem go z kwarantanny, ale jak sprwdzić czy nie ma wiecej tego typu tematów.

NOD go puścił więc nie jestem do końca przekonany czy przypadkiem coś jeszcze ciekawego siedzi

pzdr

vika_5 · 1 Listopad 2007 07:16

Używałeś może kiedyś combofix? Po użyciu combofix Outpost zawsze wykrywa wpis w rejestrze, który identyfikuje jako Trojan BZub. Jeśli używałeś combofixa to się nie przejmuj bo to fałszywy alarm outposta.

lazikar · 1 Listopad 2007 08:44

xD_ jak chcesz to sprawdzaj logi dokładnie

Gutek · 1 Listopad 2007 11:38

usuń wpisy HJT

Daj log z ComboFix

matio91 i vika_5 i xD_ ostatnie ostrzeżenie

http://forum.dobreprogramy.pl/viewtopic.php?t=66889

tore0 · 1 Listopad 2007 21:56

witam,

wpisy usunięte

log z combofix:

ComboFix 07-11-01.1** - Bart 2007-11-02 22:40:44.7 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.415 [GMT 1:00] Running from: D:\Z netu\Instalki\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))) . 2007-11-01 23:16 2007-11-01 22:36 2007-11-01 22:36 2007-11-01 22:14 2007-10-31 11:45 2007-10-31 11:40 2007-10-30 23:53 2007-10-30 23:53 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-30 22:30 2007-10-30 22:30 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe 2007-10-30 21:53 2007-10-30 21:50 2007-10-30 21:48 2007-10-28 11:39 2007-10-26 23:28 2007-10-25 20:17 2007-10-24 20:20 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-24 18:00 1,130,496 --------- C:\WINDOWS\NuNinst.exe 2007-10-24 18:00 501,376 --------- C:\WINDOWS\system32\drivers\bsudf.sys 2007-10-24 18:00 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe 2007-10-24 18:00 9,344 --------- C:\WINDOWS\system32\drivers\bsstor.sys 2007-10-19 22:07 2007-10-10 23:22 2007-10-10 23:14 2007-10-10 23:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-10-10 23:14 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-10-10 23:14 564,224 --a------ C:\WINDOWS\system32\x264vfw.dll 2007-10-10 23:14 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-10-10 23:14 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-10-10 23:14 163,840 --a------ C:\WINDOWS\system32\unrar.dll 2007-10-10 23:14 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-10-10 23:14 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-24 19:20 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-10-24 19:20 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-10-01 20:04 --------- d-----w C:\Program Files\Nero 2007-10-01 20:04 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-01 20:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-09-18 21:02 --------- d-----w C:\Program Files\3DO 2007-09-09 23:35 --------- d-----w C:\Program Files\Yahoo! 2007-09-09 23:35 --------- d-----w C:\Program Files\CCleaner 2007-09-09 23:34 --------- d-----w C:\Program Files\AusLogics Disk Defrag 2007-09-09 01:15 --------- d-----w C:\Program Files\intocartoonpro 2007-09-07 20:26 --------- d-----w C:\Program Files\Trend Micro 2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe 2007-09-02 18:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\vsosdk 2007-09-02 12:56 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-09-02 12:56 47,360 ----a-w C:\Documents and Settings\Bart\Dane aplikacji\pcouffin.sys 2007-09-02 12:56 --------- d-----w C:\Program Files\vso 2007-09-02 12:56 --------- d-----w C:\Documents and Settings\Bart\Dane aplikacji\Vso 2007-08-15 10:32 284 ----a-w C:\Documents and Settings\Bart\Dane aplikacji\ViewerApp.dat 2006-12-15 19:33 270,336 ------w C:\Program Files\C-Media 3D Audio 2003-01-12 11:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys 2007-07-10 18:06:08 23 --sha-w C:\WINDOWS\system32\acdcbfca4_r.dll . ((((((((((((((((((((((((((((( snapshot_2007-10-29_22.12.20,42 ))))))))))))))))))))))))))))))))))))))))) . - 2007-10-26 08:51:18 136,192 ----a-w C:\WINDOWS\catchme.exe + 2007-10-29 17:56:20 136,192 ----a-w C:\WINDOWS\catchme.exe + 2007-10-30 20:51:12 245,760 ----a-r C:\WINDOWS\Installer{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}_999EE20DFACF_477F_B426_543E7CD0E893.exe + 2007-10-30 20:51:12 25,214 ----a-r C:\WINDOWS\Installer{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}\FR.exe + 2007-10-30 20:49:10 45,056 ----a-r C:\WINDOWS\Installer{D1696920-9794-4BBC-8A30-7A88763DE5A2}_EC6A27F5A2A3_4401_BFD0_A09799DF7FC9.exe - 2002-04-18 07:45:00 32,768 ----a-r C:\WINDOWS\IPCSet.dll + 2002-04-18 14:45:00 32,768 ----a-w C:\WINDOWS\IPCSet.dll - 2002-06-18 16:52:06 45,056 ----a-r C:\WINDOWS\system32\Micdrv.dll + 2002-06-18 23:52:06 45,056 ----a-w C:\WINDOWS\system32\Micdrv.dll - 2007-07-11 23:42:14 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-10-30 23:12:34 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-07-11 23:42:14 79,188 ----a-w C:\WINDOWS\system32\perfc015.dat + 2007-10-30 23:12:34 79,188 ----a-w C:\WINDOWS\system32\perfc015.dat - 2007-07-11 23:42:14 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-10-30 23:12:34 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-07-11 23:42:14 457,678 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-10-30 23:12:34 457,678 ----a-w C:\WINDOWS\system32\perfh015.dat - 2007-07-22 17:39:28 279,552 ----a-w C:\WINDOWS\system32\swreg.exe + 2007-04-02 13:21:28 139,776 ----a-w C:\WINDOWS\system32\swreg.exe + 2006-12-01 21:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-01 21:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 21:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-01 23:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 23:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 23:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 23:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 23:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 23:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 23:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 23:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 23:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 23:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 23:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 23:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . – Snapshot reset to current date – . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-10-24 20:20] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-10-22 12:22] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 12:22] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-09 18:53] “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50] “Outpost Firewall”=“C:\Program Files\Agnitum\Outpost Firewall\outpost.exe” [2007-04-05 16:56] “OutpostFeedBack”=“C:\Program Files\Agnitum\Outpost Firewall\feedback.exe” [2007-06-28 13:18] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 22:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ForceClassicControlPanel”=1 (0x1) “NoSharedDocuments”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “AQQ”=C:\PROGRA~1\Wapster\AQQ\AQQ.exe “TuneUp MemOptimizer”=“C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe” autostart “Odkurzacz-MCD”=C:\Program Files\Odkurzacz\odk_mcd.exe “swg”=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “PWRISOVM.EXE”=C:\Program Files\PowerISO\PWRISOVM.EXE “nwiz”=nwiz.exe /install “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions “NvCplDaemon”=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup “Onet.pl AutoUpdate”=C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe /tsr “NvMediaCenter”=“RUNDLL32.EXE” C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit “RTBatteryMeter”=C:\Program Files\GameDeviceDriver\RFPIcon.exe “InCD”=C:\Program Files\Ahead\InCD\InCD.exe R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys R1 SandBox;Outpost Firewall Sandbox Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS R1 VFILT;Outpost Firewall Kernel Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL S3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{083dc5dd-7e34-11dc-97c8-00301858375b}] \Shell\AutoRun\command - H:\USBNB.exe . Contents of the ‘Scheduled Tasks’ folder “2007-10-19 16:16:04 C:\WINDOWS\Tasks\1-Click Maintenance.job” . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-02 22:51:21 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-02 22:55:22 . — E O F —

pzdr

Gutek · 1 Listopad 2007 22:19

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Pobierz program SDFix

tore0 · 1 Listopad 2007 22:49

raport:

SDFix: Version 1.113 Run by Bart on 2007-11-02 at 23:40 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-02 23:45:31 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Tue 10 Jul 2007 23 A.SH. — “C:\WINDOWS\system32\acdcbfca4_r.dll” Wed 22 Dec 2004 76,568 …SHR — “C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe” Thu 13 Jan 2005 11,360 A.SHR — “C:\Program Files\Autodesk\Autodesk DWF Viewer_Setupx.dll” Finished!

były jakieś problemy SDfix informował o zblokowanych plikach, lecz nie mozna było ich odczytać.

pzdr

jessica · 2 Listopad 2007 23:00

Ale SDFix nic nie wykrył - czysto.

jessi

tore0 · 4 Listopad 2007 22:11

dzieki i pzdr