Zdravím,
prosím o pomoc, nemohou se zbavit souboru Trojan.Win32.Agent.ha v souboru Winlogon. Používám firewall se zabudovaným antivirem a antispywarem v jednom Zone Alarm. Zatím si vždycky poradil, ale tohodle se nechce zbavit (asi to nebude tak jednoduché, jde o systémový soubor). Proskanoval jsem to prográmkem Hijackthis... Tady je log
Logfile of HijackThis v1.99.1
Scan saved at 21:58:29, on 29.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\ZoneLabs\vsmon.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINXP\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINXP\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINXP\system32\MsPMSPSv.exe
C:\WINXP\system32\wscntfy.exe
G:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
G:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINXP\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINXP\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
G:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
D:\Internet Download\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINXP\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2779462937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E000A6D3-34FD-4C09-81AE-AB75AA12A839}: NameServer = 194.228.41.65 194.228.41.113
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINXP\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\system32\CTsvcCDA.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINXP\system32\ZoneLabs\vsmon.exe
Problém s Trojan.Win32.Agent.ha
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Jestli se ten soubor winlogon.exe nachází v adresáři windows\system32\ tak ten patří k systému.
Během víkendu se objevila falešná pozitivní detekce od různých antivirů. Pro jistotu otestuj daný soubor na VirusTotall a dej sem výsledek.
Pak budeme vědět jestli se jedná o falešný poplach nebo ne. Podle označení to na něho vypadá.
Během víkendu se objevila falešná pozitivní detekce od různých antivirů. Pro jistotu otestuj daný soubor na VirusTotall a dej sem výsledek.
Pak budeme vědět jestli se jedná o falešný poplach nebo ne. Podle označení to na něho vypadá.
tak jsem to proskenoval na VirusTotal (moc šikovná stránka) a výsledek vypadá takto:
Antivirus Version Update Result
AhnLab-V3 2007.4.30.1 04.30.2007 no virus found
AntiVir 7.4.0.15 04.30.2007 no virus found
Authentium 4.93.8 04.30.2007 no virus found
Avast 4.7.981.0 04.30.2007 no virus found
AVG 7.5.0.467 05.01.2007 no virus found
BitDefender 7.2 05.01.2007 no virus found
CAT-QuickHeal 9.00 04.30.2007 no virus found
ClamAV devel-20070416 05.01.2007 no virus found
DrWeb 4.33 04.30.2007 no virus found
eSafe 7.0.15.0 04.30.2007 Win32.Agent.ha
eTrust-Vet 30.7.3608 05.01.2007 no virus found
Ewido 4.0 04.30.2007 no virus found
FileAdvisor 1 05.01.2007 No threat detected
Fortinet 2.85.0.0 05.01.2007 W32/Agent.HA!tr
F-Prot 4.3.2.48 04.30.2007 no virus found
F-Secure 6.70.13030.0 04.30.2007 no virus found
Ikarus T3.1.1.5 05.01.2007 Trojan.Win32.Agent.HA
Kaspersky 4.0.2.24 05.01.2007 no virus found
McAfee 5020 04.30.2007 no virus found
Microsoft 1.2405 05.01.2007 no virus found
NOD32v2 2232 05.01.2007 no virus found
Norman 5.80.02 04.30.2007 W32/Agent.BMVF
Panda 9.0.0.4 04.30.2007 no virus found
Prevx1 V2 05.01.2007 no virus found
Sophos 4.17.0 05.01.2007 no virus found
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 05.01.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.4 04.30.2007 no virus found
VirusBuster 4.3.7:9 04.30.2007 no virus found
Webwasher-Gateway 6.0.1 05.01.2007 no virus found
Antivirus Version Update Result
AhnLab-V3 2007.4.30.1 04.30.2007 no virus found
AntiVir 7.4.0.15 04.30.2007 no virus found
Authentium 4.93.8 04.30.2007 no virus found
Avast 4.7.981.0 04.30.2007 no virus found
AVG 7.5.0.467 05.01.2007 no virus found
BitDefender 7.2 05.01.2007 no virus found
CAT-QuickHeal 9.00 04.30.2007 no virus found
ClamAV devel-20070416 05.01.2007 no virus found
DrWeb 4.33 04.30.2007 no virus found
eSafe 7.0.15.0 04.30.2007 Win32.Agent.ha
eTrust-Vet 30.7.3608 05.01.2007 no virus found
Ewido 4.0 04.30.2007 no virus found
FileAdvisor 1 05.01.2007 No threat detected
Fortinet 2.85.0.0 05.01.2007 W32/Agent.HA!tr
F-Prot 4.3.2.48 04.30.2007 no virus found
F-Secure 6.70.13030.0 04.30.2007 no virus found
Ikarus T3.1.1.5 05.01.2007 Trojan.Win32.Agent.HA
Kaspersky 4.0.2.24 05.01.2007 no virus found
McAfee 5020 04.30.2007 no virus found
Microsoft 1.2405 05.01.2007 no virus found
NOD32v2 2232 05.01.2007 no virus found
Norman 5.80.02 04.30.2007 W32/Agent.BMVF
Panda 9.0.0.4 04.30.2007 no virus found
Prevx1 V2 05.01.2007 no virus found
Sophos 4.17.0 05.01.2007 no virus found
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 05.01.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.4 04.30.2007 no virus found
VirusBuster 4.3.7:9 04.30.2007 no virus found
Webwasher-Gateway 6.0.1 05.01.2007 no virus found
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů