norton007
Wdrażany
Liczba postów: 31
|
RE: Czy Win32/Agent to jest Trojan?
Wydaje mi sie że jest to gdzieś w Windows --> System32 a dalej nie wiem gdzie. Dzisiaj zauwazylem ze jest nie tylko Trojan.Win32/Agent ale też Trojan.Win32/Vundo i Trojan.Win32/Gen
Log z HijackThis może ktoś się zna na tym 
Kod:
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 15: 05: 27, on 2011-09-29
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C: \windows\system32\taskhost.exe
C: \windows\system32\Dwm.exe
C: \Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C: \Windows\System32\hkcmd.exe
C: \Program Files\Conexant\SAII\SmartAudio.exe
C: \Program Files\Lenovo\Energy Management\utility.exe
C: \windows\system32\igfxsrvc.exe
C: \Program Files\Lenovo\Energy Management\Energy Management.exe
C: \Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C: \Program Files\Windows Sidebar\sidebar.exe
C: \Program Files\20Dollars2Surf\20dollars2surf.exe
C: \Program Files\Lenovo\Bluetooth Software\BTTray.exe
C: \Program Files\Fujitsu Siemens\WinManager\WinManager.exe
C: \Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C: \windows\explorer.exe
C: \Program Files\Mozilla Firefox\firefox.exe
C: \Program Files\Mozilla Firefox\plugin-container.exe
C: \Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C: \windows\system32\NOTEPAD.EXE
C: \windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //www.gazeta.pl/0,0.html?p=108
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C: \Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pageshotsbho - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - (no file)
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C: \Program Files\Norton AntiVirus\Engine\19.1.1.3\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C: \Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C: \Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C: \Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [IAAnotif] C: \Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C: \windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SmartAudio] C: \Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C: \Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C: \Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [EnergyUtility] C: \Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C: \Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C: \Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [FortKnoxPersonalFirewall] "C: \Program Files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C: \Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C: \Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 4] C: \Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [Sidebar] C: \Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C: \Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C: \Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - Global Startup: 20Dollars2Surf.lnk = C: \Program Files\20Dollars2Surf\20dollars2surf.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinManager.lnk = C: \Program Files\Fujitsu Siemens\WinManager\WinManager.exe
O9 - Extra button: @C: \Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C: \Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C: \Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C: \Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c: \program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c: \program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C: \Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: FortKnox Personal Firewall (fortknox) - NETGATE Technologies s.r.o. - C: \Program Files\NETGATE\FortKnox Personal Firewall\FortKnox.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C: \Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IGRS - Lenovo Group Limited - C: \Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C: \Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C: \Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C: \Program Files\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C: \windows\system32\SAsrv.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C: \Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (http: //pietschsoft.com) - C: \Program Files\Virtual Router\VirtualRouterService.exe
--
End of file - 7075 bytes
(Ten post był ostatnio modyfikowany: 29.09.2011 14:07 przez norton007.)
29.09.2011 13:58
|
Post: #11
