Trojan-nie mogę znaleźć


(Gutek) #1

Pobierz program SDFix

-


(Martix) #2

Chyba się usunęło bo jest napisane, że znalazł tego robaka no i nie ma już tego skanowania poczty.THX.

SDFix: Version 1.107


Run by DOM on 2007-10-09 at 16:45


Microsoft Windows XP [Wersja 5.1.2600]


Running From: C:\SDFix


Safe Mode:

Checking Services: 


Name:

FCI

SysLibrary


ImagePath:

C:\WINDOWS\System32\svchost.exe:ext.exe 

\??\C:\WINDOWS\System32\DefLib.sys 


FCI - Deleted

SysLibrary - Deleted




Restoring Windows Registry Values

Restoring Windows Default Hosts File


Rebooting...



Normal Mode:

Checking Files: 


Trojan Files Found:


C:\DOCUME~1\DOM\USTAWI~1\Temp\winlogon.exe - Deleted

C:\WINDOWS\system32\DefLib.sys - Deleted




Removing Temp Files...


ADS Check:


C:\WINDOWS

No streams found. 


C:\WINDOWS\system32

No streams found. 


C:\WINDOWS\system32\svchost.exe

  : ADS Found!


svchost.exe: deleted 51712 bytes in 1 streams.


Checking for remaining Streams


C:\WINDOWS\system32\svchost.exe

No streams found.


C:\WINDOWS\system32\ntoskrnl.exe

No streams found.




                                 Final Check:


Remaining Services:

------------------





Authorized Application Key Export:


Remaining Files:

---------------


File Backups: - C:\SDFix\backups\backups.zip


Files with Hidden Attributes:


Sat 10 Dec 2005 180,224 A..H. --- "C:\NVIDIA\Win2KXP\81.98\nvudisp.exe"

Sat 10 Dec 2005 116,880 A..H. --- "C:\NVIDIA\Win2KXP\81.98\setup.exe"

Sun 19 Aug 2007 500 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti2.tmp"


Finished!

(Gutek) #3

Teraz daj log z ComboFix


(Kanczyn) #4

Oto mój Report.txt

SDFix: Version 1.186

Run by Administrator on 2008-05-28 at 13:56

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Checking Services :

Name :

ksnhtr

Path :

\??\C:\WINDOWS\system32\ksnhtr.sys

ksnhtr - Deleted

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\ksnhtr.sys - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-28 14:03:05

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]

"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"

"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

"DisplayName"="Alcohol 120% (Trial Version)"

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"

"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

"D:\Gry\THU 2\Tony Hawks Underground 2\Tony Hawks Underground 2\Game\THUG2.exe"="D:\Gry\THU 2\Tony Hawks Underground 2\Tony Hawks Underground 2\Game\THUG2.exe:*:Enabled:THUG2"

"D:\Gry\Worms 4 Mayhem demo\worms_mayhem_demo\Worms 4 Mayhem Demo.exe"="D:\Gry\Worms 4 Mayhem demo\worms_mayhem_demo\Worms 4 Mayhem Demo.exe:*:Enabled:Worms 4 Mayhem Demo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Finished!

Proszę o sprawdzenie go :slight_smile: Dzięki :smiley: