CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo dwa ciezkie trojanypomocy!!!!!!!!!

dwa ciezkie trojanypomocy!!!!!!!!!

Witam mam na partycji C dwa trojany o łącznej wielkość 800mb rozszerzenie sys cyli plik systemowy i gdy chce je usunąc jest brak dostepu, programy tez ich nie daja im rady pomocy

Odpowiedzi: 4

nokissq:
anti trojan wykrywa : pagefile.sys i hiberfil.sys

Czyli plik stronnicowania i hibernacji

Wylacz przywracanie

Zakoncz proces:
WinCtlAdAlt.exe

Ponaprawiaj wpisy:
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: (no name) – SOFTWARE – (no file)
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL
O2 – BHO: (no name) – {81D66134–ADC3–4C6D–B0A9–03D4EE35B849} – (no file)
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [Windows ControlAd] C:Program FilesWindows ControlAdWinCtlAd.exe
O4 – HKLM..Run: [WebRebates0] C:Program FilesWeb_RebatesWebRebates0.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra button: Net2Phone – {4B30061A–5B39–11D3–80F8–0090276F843F} – C:DOCUME~1vbUSTAWI~1TempWZS2.tmpNet2fone.exe (file missing)
O9 – Extra 'Tools' menuitem: Net2Phone – {4B30061A–5B39–11D3–80F8–0090276F843F} – C:DOCUME~1vbUSTAWI~1TempWZS2.tmpNet2fone.exe (file missing)
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=580b654524d68b23906b34a03fd33a9de69f5f922a0754ee16944 2922e3e48cbd7605b04e0917847f89efa8e422ece1a819f5daf93 28:5db0f34c35fd827de7642452ea30b3de

Nie musze pisac ze katalogi tez leca do kosza

04 – HKLM..Run: [Wstats32 driver] Wstats32.exe >> http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=40583

Update; Co Ci wykrywa te trojany ??
Bobi
Dodano
14.12.2004 22:25:58
anti trojan wykrywa : pagefile.sys i hiberfil.sys

Logfile of HijackThis v1.98.2
Scan saved at 20:24:08, on 2004–12–14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAVPersonalAVGUARD.EXE
C:PROGRA~1GrisoftAVG6avgserv.exe
C:Program FilesAVPersonalAVWUPSRV.EXE
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32RunDll32.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:PROGRA~1PANICW~1POP–UP~1dpps2.exe
C:PROGRA~1PESTPA~1PPControl.exe
C:PROGRA~1PESTPA~1PPMemCheck.exe
C:WINDOWSSystem32 undll32.exe
C:PROGRA~1PESTPA~1CookiePatrol.exe
C:Program FilesGrisoftAVG6avgcc32.exe
C:Program FilesJavaj2re1.4.2_05injusched.exe
C:Program FilesAVPersonalAVGNT.EXE
C:Program FilesWindows ControlAdWinCtlAd.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGadu–GaduGadu–Gadugg.exe
C:Program FilesWindows ControlAdWinCtlAdAlt.exe
C:Program FileseDonkey2000edonkey2000.exe
C:Program FilesNetCaptorNetCaptor.exe
D:ProgramyWinZipwinzip32.exe
D:ProgramyHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSPCHEALTHHELPCTRSystempanelslank.htm
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: (no name) – SOFTWARE – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL
O2 – BHO: (no name) – {81D66134–ADC3–4C6D–B0A9–03D4EE35B849} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 – HKLM..Run: [C–Media Mixer] C:Program FilesPCI Audio ApplicationsBinAudioRack.exe /MixerStartup
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 – HKLM..Run: [Wstats32 driver] Wstats32.exe
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [Pop–Up Stopper] "C:PROGRA~1PANICW~1POP–UP~1dpps2.exe"
O4 – HKLM..Run: [PestPatrol Control Center] C:PROGRA~1PESTPA~1PPControl.exe
O4 – HKLM..Run: [PPMemCheck] C:PROGRA~1PESTPA~1PPMemCheck.exe
O4 – HKLM..Run: [CookiePatrol] C:PROGRA~1PESTPA~1CookiePatrol.exe
O4 – HKLM..Run: [AVG_CC] C:Program FilesGrisoftAVG6avgcc32.exe /startup
O4 – HKLM..Run: [eDonkey2000] "C:Program FileseDonkey2000eDonkey2000.exe" –t
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [AVGCtrl] C:Program FilesAVPersonalAVGNT.EXE /min
O4 – HKLM..Run: [Windows ControlAd] C:Program FilesWindows ControlAdWinCtlAd.exe
O4 – HKLM..Run: [WebRebates0] C:Program FilesWeb_RebatesWebRebates0.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–GaduGadu–Gadugg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:Microsoft OfficeOffice10OSA.EXE
O8 – Extra context menu item: Download with GetRight – C:Program FilesGetRightGRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 – Extra context menu item: Open with GetRight Browser – C:Program FilesGetRightGRbrowse.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra button: Net2Phone – {4B30061A–5B39–11D3–80F8–0090276F843F} – C:DOCUME~1vbUSTAWI~1TempWZS2.tmpNet2fone.exe (file missing)
O9 – Extra 'Tools' menuitem: Net2Phone – {4B30061A–5B39–11D3–80F8–0090276F843F} – C:DOCUME~1vbUSTAWI~1TempWZS2.tmpNet2fone.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengerMSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengerMSMSGS.EXE
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=580b654524d68b23906b34a03fd33a9de69f5f922a0754ee16944 2922e3e48cbd7605b04e0917847f89efa8e422ece1a819f5daf93 28:5db0f34c35fd827de7642452ea30b3de
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {5F874A6F–8B34–433D–BA4B–47AC91C0567F} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 – DPF: {C5E28B9D–0A68–4B50–94E9–E8F6B4697514} (NsvPlayX Control) – http://www.tv.poloniaonline.us/nsvplayx_vp3_mp3.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
nokissq
Dodano
14.12.2004 22:11:41
Ten plik to nie przypadkiem Pagefile.sys :?: :wink:
To plik stronnicowania,z trojanami nie ma on nic wspólnego.
Jeźeli inny podaj nazwę lub log HJT.
MarcinX
Dodano
14.12.2004 21:47:18
skan av jakims porządnym ,pokarz log HJT, a sam niewiem spytaj sie fachowców 8) ja Ci tak radze tak jak napisałem
BlackZone
Dodano
14.12.2004 21:21:45
nokissq
Dodano:
14.12.2004 21:17:39
Komentarzy:
4
Strona 1 / 1