Proszę o sprawdzenie logów

system · 31 Październik 2007 15:46

Siema ostatnio do mojego kompa wkradły się dwa wirusy Zone alarm odrazu je wykrył i 1 usunął,ale 2 już nie jeszcze 2 wirusy wykrył program ArcaMicroScan

log z tego programu:

C:\Program Files\CheckPoint\ZAForceField\Plugins\icslta.dll <- Heur.RoundKick : Kasowanie

C:\System Volume Information_restore{3BDE6106-8A64-432F-93B0-2CBCB56CB15E}\RP27\A0009017.dll <- Heur.RoundKick : Kasowanie

więc niewiem czy niemam przypadkiem następnych,więc daje loga do sprawdzenia:

http://www.hijackthis.de/#anl

Złączono Posta : 31.10.2007 (Sro) 16:47

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:45:12, on 2007-10-31

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\soundman.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

C:\Program Files\cFosSpeed\spd.exe

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\Program Files\Winamp\winamp.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM…\Run: [soundMan] soundman.exe

O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

O4 - HKLM…\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min

O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa … wflash.cab

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

–

End of file - 5368 bytes

Złączono Posta : 31.10.2007 (Sro) 16:50

już sobie poradziłem proszę o zamknięcie tematu

Złączono Posta : 31.10.2007 (Sro) 17:25

proszę o sprawdzenie loga z Combofix:

ComboFix 07-10-29.1** - baldys 2007-10-31 17:13:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.559 [GMT 1:00]

Running from: C:\Documents and Settings\baldys\Pulpit\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\nvrssk.dll

C:\WINDOWS\system32\nvrssl.dll

.

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))

.

2007-10-31 17:13 51,200 --a–c— C:\WINDOWS\NirCmd.exe

2007-10-31 16:26 706,512 -ra–c— C:\WINDOWS\system32\drivers\cfosspeed.sys

2007-10-31 16:20

2007-10-31 16:20 281,552 --a–c— C:\WINDOWS\system32\cfosspeed.dll

2007-10-30 22:23

2007-10-30 15:08

2007-10-30 14:59

2007-10-30 14:26

2007-10-29 22:32

2007-10-29 22:31

2007-10-29 19:34

2007-10-29 19:34 29,704 --a–c— C:\WINDOWS\system32\uxtuneup.dll

2007-10-29 15:41

2007-10-29 15:38

2007-10-29 14:45

2007-10-29 06:58

2007-10-29 06:56

2007-10-29 06:56 162,304 --a–c— C:\WINDOWS\system32\ztvunrar36.dll

2007-10-29 06:56 153,088 --a–c— C:\WINDOWS\system32\UNRAR3.dll

2007-10-29 06:56 77,312 --a–c— C:\WINDOWS\system32\ztvunace26.dll

2007-10-29 06:56 75,264 --a–c— C:\WINDOWS\system32\unacev2.dll

2007-10-29 06:56 69,632 --a–c— C:\WINDOWS\system32\ztvcabinet.dll

2007-10-28 20:30

2007-10-27 19:41 25,992 --a–c— C:\WINDOWS\system32\pgdfgsvc.exe

2007-10-27 15:06 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2007-10-27 15:03

2007-10-27 13:26

2007-10-27 10:31

2007-10-27 10:10

2007-10-26 21:58

2007-10-26 21:36 769,068 --a–c— C:\WINDOWS\system32\RPUpdates.zip

2007-10-26 20:32

2007-10-26 15:25

2007-10-26 06:08

2007-10-26 05:57 6,058,496 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-26 05:57 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-10-26 05:57 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-26 05:57 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-26 05:57 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-26 05:57 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2007-10-26 05:57 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-10-26 05:57 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-26 05:23 221,184 --a–c— C:\WINDOWS\system32\wmpns.dll

2007-10-25 20:57

2007-10-25 20:54

2007-10-25 20:51

2007-10-25 20:50

2007-10-25 20:29 0 --a–c— C:\WINDOWS\nsreg.dat

2007-10-25 20:23

2007-10-25 20:23 265,143 --a–c— C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2007-10-25 20:23 217,088 -----c— C:\WINDOWS\alcupd.exe

2007-10-25 20:23 151,552 -----c— C:\WINDOWS\alcrmv.exe

2007-10-25 20:23 124,416 -----c— C:\WINDOWS\soundman.exe

2007-10-25 20:21

2007-10-25 20:21 306,688 --a–c— C:\WINDOWS\IsUninst.exe

2007-10-25 20:21 6,144 -ra–c— C:\WINDOWS\system32\drivers\viaidexp.sys

2007-10-25 20:21 3,082 --a–c— C:\WINDOWS\system32\drivers\VIAPFD.SYS

2007-10-25 20:19

2007-10-25 20:17

2007-10-25 20:17 22,752 --a–c— C:\WINDOWS\system32\spupdsvc.exe

2007-10-25 20:15

2007-10-25 20:15 376 --a–c— C:\WINDOWS\mozregistry.dat

2007-10-25 20:11

2007-10-25 20:09

2007-10-25 20:07

2007-10-25 20:05

2007-10-25 20:04

2007-10-25 20:03

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-31 16:20 3,489,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-10-31 16:16 47,732 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2007-10-25 21:09 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier

2007-10-25 20:56 --------- dc----w C:\Program Files\AusLogics Disk Defrag

2007-10-25 20:25 --------- dc----w C:\Documents and Settings\baldys\Dane aplikacji\MailFrontier

2007-10-25 20:15 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2007-10-25 20:10 --------- dc----w C:\Program Files\Odkurzacz

2007-10-25 20:01 --------- dc----w C:\Program Files\Java

2007-10-25 18:57 --------- dc----w C:\Program Files\Usługi online

2007-09-06 14:14 75,248 -c–a-w C:\WINDOWS\zllsputility.exe

2007-09-06 14:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll

2007-08-21 06:18 683,520 -c–a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-21 00:26 81,920 -c–a-w C:\WINDOWS\system32\dpl100.dll

2007-08-21 00:26 196,608 -c–a-w C:\WINDOWS\system32\dtu100.dll

2007-08-15 22:33 524,288 -c–a-w C:\WINDOWS\system32\DivXsm.exe

2007-08-15 22:33 3,596,288 -c–a-w C:\WINDOWS\system32\qt-dx331.dll

2007-08-15 22:33 200,704 -c–a-w C:\WINDOWS\system32\ssldivx.dll

2007-08-15 22:33 129,784 -c----w C:\WINDOWS\system32\pxafs.dll

2007-08-15 22:33 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe

2007-08-15 22:33 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe

2007-08-15 22:33 1,044,480 -c–a-w C:\WINDOWS\system32\libdivx.dll

2007-08-15 22:31 593,920 -c–a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-08-15 22:31 57,344 -c–a-w C:\WINDOWS\system32\dpv11.dll

2007-08-15 22:31 53,248 -c–a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-08-15 22:31 344,064 -c–a-w C:\WINDOWS\system32\dpus11.dll

2007-08-15 22:31 294,912 -c–a-w C:\WINDOWS\system32\dpu11.dll

2007-08-15 22:31 294,912 -c–a-w C:\WINDOWS\system32\dpu10.dll

2007-08-15 22:30 12,288 -c–a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-07-30 17:19 92,504 -c–a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 17:19 549,720 -c–a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 17:19 203,096 -c–a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 17:18 33,624 -c–a-w C:\WINDOWS\system32\wups.dll

2007-07-19 22:57 267,112 -c–a-w C:\WINDOWS\system32\xactengine2_9.dll

2007-07-19 22:54 18,280 -c–a-w C:\WINDOWS\system32\x3daudio1_2.dll

2007-07-19 16:14 444,776 -c–a-w C:\WINDOWS\system32\d3dx10_35.dll

2007-07-19 16:14 3,727,720 -c–a-w C:\WINDOWS\system32\d3dx9_35.dll

2007-07-19 16:14 1,358,192 -c–a-w C:\WINDOWS\system32\D3DCompiler_35.dll

2007-07-09 13:11 584,192 -c–a-w C:\WINDOWS\system32\rpcrt4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” [2001-10-15 13:30]

“NvCplDaemon”=“NvQTwk” []

“SoundMan”=“soundman.exe” [2001-05-29 10:02 C:\WINDOWS\soundman.exe]

“ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-09-06 15:14]

“Flashget”=“C:\Program Files\FlashGet\FlashGet.exe” [2007-09-25 09:10]

“TrojanScanner”=“C:\Program Files\Trojan Remover\Trjscan.exe” [2007-10-26 12:33]

“cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2007-10-29 18:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 15:46]

“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 09:02]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:20:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=NVDESK32.DLL

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs

S1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the ‘Scheduled Tasks’ folder

“2007-10-29 18:35:05 C:\WINDOWS\Tasks\1-Click Maintenance.job”

C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

.

**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-31 17:20:16

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-10-31 17:22:54 - machine was rebooted

.

— E O F —

Gutek · 1 Listopad 2007 10:43

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

usuń wpisy HJT

Pobierz program SDFix