Wodzu666 utworzono 17 maja 2012 utworzono 17 maja 2012 Witam Mam problem z wymienionym w temacie wirusem, program antywirusowy wykrywa robaka ale najwidoczniej nie umie sobie z nim poradzić. Zamieszczam logi z GMERa i HiJackThis (OTL ma jakis error podczas skanowania :<) HiJackThis: [spoiler]Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:25:21, on 2012-05-17 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\AVG Secure Search\vprot.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe C:\WINDOWS\explorer.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Wodzu\Moje dokumenty\Pobieranie\bx9sdr3v.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.gazeta.pl/0,0.html?p=128"]http://www.gazeta.pl/0,0.html?p=128[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Wodzu\Dane aplikacji\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- End of file - 5454 bytes [/spoiler] GMER [spoiler]GMER 1.0.15.15641 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2012-05-17 21:18:27 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 Hitachi_HDT725040VLAT80 rev.V5COA4EA Running: bx9sdr3v.exe; Driver: C:\DOCUME~1\Wodzu\USTAWI~1\Temp\fglcquoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xEC1EB004] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xEC1EB0D4] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEC1EAD76] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEC1EAE1E] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEC1EAEBA] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEC1EAF56] Code \??\C:\DOCUME~1\Wodzu\USTAWI~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2520 80501D48 5 Bytes [04, B0, 1E, EC, D4] .text ntkrnlpa.exe!ZwCallbackReturn + 2526 80501D4E 2 Bytes [1E, EC] {PUSH DS; IN AL, DX } .text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xF6F15000, 0x1C5D38, 0xE8000020] init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF6DF7900] ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ? C:\DOCUME~1\Wodzu\USTAWI~1\Temp\catchme.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[844] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[844] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[844] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[844] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0122C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3752] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 0145E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3752] kernel32.dll!MapViewOfFile 7C80B995 5 Bytes JMP 0145E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3752] GDI32.dll!CreateDIBSection 77F19E09 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[3752] GDI32.dll!CreateDIBSection 77F19E09 5 Bytes JMP 0145E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) ---- EOF - GMER 1.0.15 ----[/spoiler]
Gość komentarz 18 maja 2012 komentarz 18 maja 2012 [quote](OTL ma jakis error podczas skanowania :<)[/quote] Wykonaj skan OTL w trybie awaryjnym Windows.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.