Wštki
optimus9292 - Czw Sie 28, 2008 8:37 pm
Mam Trojana, umiejscawia się on w plikach z muzyką. Umieszczam log z freefixera ponieważ ani Combofix, ani Hajack nie chce działać. Norton nie może go usunąć,Proszę o pomoc
FreeFixer v0.27 log
http://www.freefixer.com/
Operating system: Windows Vista Service Pack 1
Log dated 2008-08-28 20:16
Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}, Adobe PDF Reader Link Helper, C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}, , C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}, Symantec Intrusion Prevention, C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}, SSVHelper Class, C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
{85F685C3-20D9-4943-95E4-EB4224056C3F}, Expressivo, C:\Program Files\ivo\Expressivo\IH_iexplore.dll
Internet Explorer toolbars
HKLM\..\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll(file is missing)
HKLM\..\Toolbar\{85F685C3-20D9-4943-95E4-EB4224056C3F} - Expressivo - C:\Program Files\ivo\Expressivo\IH_iexplore.dll
HKLM\..\Toolbar\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
Registry Startups (3 whitelisted)
HKLM\..\Run, LanguageShortcut = "C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe"
HKLM\..\Run, StartCCC = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
HKLM\..\Run, RtHDVCpl = RtHDVCpl.exe
HKLM\..\Run, SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\..\Run, ASUS Screen Saver Protector = C:\Windows\ASScrPro.exe
Error getting translation table with 'VerQueryValue' for the file 'C:\Windows\ASScrPro.exe'. System error message: Nie można znaleźć określonego typu zasobu w pliku obrazu.
HKLM\..\Run, ASUS Camera ScreenSaver = C:\Windows\ASScrProlog.exe
HKLM\..\Run, NeroFilterCheck = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
HKLM\..\Run, SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
HKLM\..\Run, Monitor = C:\Windows\PixArt\PAC207\Monitor.exe
HKLM\..\Run, ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKLM\..\Run, UnlockerAssistant = "C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKCU\..\Run, Gadu-Gadu = "C:\Program Files\Gadu-Gadu\gg.exe" /tray
HKCU\..\Run, Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKCU\..\Run, swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKCU\..\Run, BitTorrent DNA = "C:\Users\art\Program Files\DNA\btdna.exe"
HKCU\..\Run, DAEMON Tools Lite = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Processes (38 whitelisted)
C:\Windows\System32\Ati2evxx.exe
(file is missing)
OpenProcess failed while opening process # 1188 to get its full path. Process filename: audiodg.exe. System error message: Odmowa dostępu.
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\System32\PAStiSvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
Error getting translation table with 'VerQueryValue' for the file 'C:\Windows\ASScrPro.exe'. System error message: Nie można znaleźć określonego typu zasobu w pliku obrazu.
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\ivo\Expressivo\expressivo.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Program Files\FreeFixer\freefixer.exe
Application modules (46 whitelisted)
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\COMCTL32.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL
Services (62 whitelisted)
ASLDRService, ASLDR Service, c:\program files\atk hotkey\asldrsrv.exe
Ati External Event Utility, , c:\windows\system32\ati2evxx.exe
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, c:\program files\symantec\liveupdate\aluschedulersvc.exe
ccEvtMgr, Symantec Event Manager, c:\program files\common files\symantec shared\ccsvchst.exe
ccSetMgr, Symantec Settings Manager, c:\program files\common files\symantec shared\ccsvchst.exe
CLTNetCnService, Symantec Lic NetConnect service, c:\program files\common files\symantec shared\ccsvchst.exe
LightScribeService, LightScribeService Direct Disc Labeling Service, c:\program files\common files\lightscribe\lssrvc.exe
LiveUpdate Notice, LiveUpdate Notice, c:\program files\common files\symantec shared\ccsvchst.exe
MDM, Machine Debug Manager, c:\program files\common files\microsoft shared\vs7debug\mdm.exe
ProtexisLicensing, ProtexisLicensing, c:\windows\system32\psiservice.exe
RichVideo, Cyberlink RichVideo Service(CRVS), c:\program files\cyberlink\shared files\richvideo.exe
spmgr, spmgr, c:\program files\asus\nb probe\spm\spmgr.exe
STI Simulator, STI Simulator, c:\windows\system32\pastisvc.exe
Drivers (40 whitelisted)
AtiPcie, ATI PCI Express (3GIO) Filter, C:\Windows\system32\drivers\atipcie.sys
CO_Mon, CO_Mon, c:\windows\system32\drivers\co_mon.sys
crcdisk, Crcdisk Filter Driver, C:\Windows\system32\drivers\crcdisk.sys
eeCtrl, Symantec Eraser Control driver, c:\program files\common files\symantec shared\eengine\eectrl.sys
ghaio, ghaio, c:\program files\asus\nb probe\spm\ghaio.sys
IDSvix86, Symantec Intrusion Prevention Driver, c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20080827.001\idsvix86.sys
Parvdm, , C:\Windows\system32\drivers\parvdm.sys
PxHelp20, , C:\Windows\system32\drivers\pxhelp20.sys
rimsptsk, , C:\Windows\system32\drivers\rimsptsk.sys
SPBBCDrv, SPBBCDrv, c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys
sptd, , C:\Windows\system32\drivers\sptd.sys
An error occurred when trying to open the file for reading.
Filename: 'C:\Windows\system32\drivers\sptd.sys'.
Current Working Directory: 'C:\Program Files\FreeFixer\'.
System error message: Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
C++ exception: ios_base::failbit set
SRTSPX, SRTSPX, C:\Windows\system32\drivers\srtspx.sys
SymIM, Symantec Network Security Intermediate Filter Driver, C:\Windows\system32\drivers\symimv.sys
SYMTDI, SYMTDI, C:\Windows\system32\drivers\symtdi.sys
UnlockerDriver5, , c:\program files\unlocker\unlockerdriver5.sys
Jeżeli ten log nie wystarczy to może popróbuje jeszcze z innymi progamami??Jaki program antywirusowy polecacie??
huber2t - Czw Sie 28, 2008 8:46 pm
Spróbuj podczas pobierania zapisać nie pod nazwą ComboFix.exe tylko z kreską pomiędzy:
Combo-Fix.exe
W czasie pobierania i skanowania combofixem zamknij wszelkie programy ochronne (Antywirusa, zaporę)
Jak nie podziała to uruchamiasz w awaryjnym
optimus9292 - Pią Sie 29, 2008 4:30 pm
Z tym ComboFixem to nie wyszło ale udało mi się zrobić log z Hijacka
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:02, on 2008-08-29
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\mks_vir_2007\bin\mksregmon.exe
C:\Program Files\mks_vir_2007\bin\mks_mail.exe
C:\Program Files\mks_vir_2007\bin\mkstray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe
O4 - HKLM\..\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe
O4 - HKLM\..\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe
O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe
O23 - Service: mksupdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe
O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 6463 bytes
huber2t - Pią Sie 29, 2008 5:32 pm
fix w hijackthis
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
optimus9292 - Pią Sie 29, 2008 6:06 pm
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
Nie idzie tego wykasować, wyskakuje komunikat żeby wyłączyć jakieś aplikacje Windowsa czy coś mniej więcej takiego, a sdfix nie chodzi chociaż robię tak jak każesz, i nie jeden raz go już używałem tyle że na Xp a teraz mam Viste nie wiem czy to dlatego
huber2t - Pią Sie 29, 2008 6:31 pm
No trudno wykonaj to:
usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.
Przeczyść komputer Ccleanerem
Wykonaj optymalizację autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
Dr.WEB CureIt!
optimus9292 - Nie Sie 31, 2008 11:20 am
Dobra dzięki za pomoc, ale nic tego właśnie zabieram się za format, mam zainfekowane wszystkie pliki z muzyką, Trojan.Downloader.WMA a ani Norton, ani Kaspersky sobie z tym nie radzi
huber2t - Nie Sie 31, 2008 11:42 am
No niestety w takich przypadkach nic innego nie pozostaje