CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Jakiś dziwny wirus

Jakiś dziwny wirus

Witam serdecznie,miałem zainstalowaną Pande Antywirus 2007 i po ściągnięciu jakiegoś pliku - program Antywirusowy momentalnie przestał działać i postanowiłem skanować także Pandą Online oraz Symantec i Mks ale i to nie dało skutku. Postanowiłem ponownie zaistalować Pandę Antywirus 2007 ale niestety instalacja się nie powiodła ponieważ podczas instalacji program nie może znaleść ścieżki do pliku Avciman.exe i dalsza instalacja się nie powiodła. Podam teraz państwu log HijackThis v2.0.2 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:33:24, on 2007-11-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [AVPDWIN] "C:\Program Files\Panda Software\Panda Demo\pandasft.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0DA17B3D-9DCE-40CF-88FC-EFB0CC39653E}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Panda Software Controller - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe (file missing) -- End of file - 3280 bytes Liczę na państwa pomoc za co Serdecznie Dziękuję z Góry(nie chcę formotować dysku). Pozdrawiam Krzychumag.

Odpowiedzi: 5

Witam serdecznie jakieś propozycje i pomoc w sprawie mego postu. Dodam jeszcze że jak chcę zainstalować Pande Antywirus 2007 to podczas instalacji mam zawsze następujący błąd Włóż dysk 1 zawierający plik Files\ Avciman.exe po tym komunikacie muszę przerwać instalacje i już nie mogę zainstalować Pandy.Jak chcę pobrać plik z http://www.pandasecurity.com/homeusers/support/card?id=23210&idIdioma=2&pagina=1 to pojawia się komunikat Nie mozna skopiować Uninstaller[1].Nie można odnależć określonego pliku sprawdz czy ścieżka i nazwa pliku są określone poprawnie.Dodam jeszcze jeszcze że usunąłem wszystko co program pokazał i przeskanowałem jeszcze raz programem Spy Sweeper with Antiwirus i teraz program pokazał że wszystko jest niby OK, ale niestety nadal nie mogę zainstalować Pandy 2007. Dam logo programu Silent Runners.vbs "Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "iKeyWorks" = "C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [file not found] "SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray" ["Webroot Software, Inc."] "a-squared" = ""C:\Program Files\a-squared Anti-Malware\a2guard.exe"" [file not found] "AVPDWIN" = ""C:\Program Files\Panda Software\Panda Demo\pandasft.exe"" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpoweramp Music Converter" -> {HKLM...CLSID} = "dMCIShell Class" \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpoweramp\dMCShell.dll" ["Illustrate"] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Anti-Malware Shell Extension" -> {HKLM...CLSID} = "a-squared Anti-Malware Shell Extension" \InProcServer32\(Default) = "C:\Program Files\a-squared Anti-Malware\a2contmenu.dll" ["Emsi Software GmbH"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."] HKLM\Software\Classes\PROTOCOLS\Filter<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] {FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpoweramp Column Handler" -> {HKLM...CLSID} = "dBpShell Class" \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpoweramp\dBShell.dll" ["Illustrate"] HKLM\Software\Classes\*\shellex\ContextMenuHandlersWinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlersWinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlersa-squared Anti-Malware Shell Extension\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {HKLM...CLSID} = "a-squared Anti-Malware Shell Extension" \InProcServer32\(Default) = "C:\Program Files\a-squared Anti-Malware\a2contmenu.dll" ["Emsi Software GmbH"] FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}" -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler" \InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"] SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlersa-squared Anti-Malware Shell Extension\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {HKLM...CLSID} = "a-squared Anti-Malware Shell Extension" \InProcServer32\(Default) = "C:\Program Files\a-squared Anti-Malware\a2contmenu.dll" ["Emsi Software GmbH"] SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoSecurityTab" = (REG_DWORD) hex:0x00000001 {Remove Security tab} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp" Enabled Scheduled Tasks: ------------------------ "wrSpySweeperTrialSweep" -> launches: "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /ScheduleSweep=wrSpySweeperTrialSweep" ["Webroot Software, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ a-squared Anti-Malware Service, a2AntiMalware, "C:\Program Files\a-squared Anti-Malware\a2service.exe" [null data] Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"" ["Webroot Software, Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}"UpperFilters" = <> "SSKBFD" ["Webroot Software Inc (www.webroot.com)"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\MonitorsHPLJ1018LM\Driver = "ZLhp1018.DLL" ["Zenographics, Inc."] ---------- (launch time: 2007-11-24 19:21:22) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 52 seconds. ---------- (total run time: 100 seconds) oraz programu ComboFix ComboFix 07-11-19.3 - Krzysztof 2007-11-24 19:31:25.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1620 [GMT 1:00] Running from: C:\Documents and Settings\Krzysztof\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\exefld C:\WINDOWS\exefld\143703.exe C:\WINDOWS\exefld\167296.exe C:\WINDOWS\exefld\19271062.exe C:\WINDOWS\system32\drivers\hidr.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA -------\srosa -------\LEGACY_SROSA -------\srosa ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))) . 2007-11-24 17:47 d-------- C:\Program Files\a-squared Anti-Malware 2007-11-24 16:55 d-------- C:\Program Files\Panda Software 2007-11-23 20:37 d-------- C:\Program Files\Webroot 2007-11-23 20:37 d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Webroot 2007-11-23 20:37 d-------- C:\Documents and Settings\Krzysztof\Dane aplikacji\Webroot 2007-11-23 20:37 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Webroot 2007-11-23 20:37 1,526,072 --a------ C:\WINDOWS\WRSetup.dll 2007-11-23 20:37 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-11-23 20:37 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-11-23 20:37 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-11-23 20:37 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys 2007-11-22 23:51 1,803 --a------ C:\WINDOWS\unins001.dat 2007-11-22 23:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-22 21:32 d-------- C:\Program Files\Trend Micro 2007-11-22 21:04 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-22 20:41 2,137,600 --a------ C:\WINDOWS\system32\ntoskrnl.exe 2007-11-22 15:41 d-------- C:\Program Files\BearShare Pro 2007-11-22 07:48 d-------- C:\Documents and Settings\Krzysztof\Dane aplikacji\dBpoweramp 2007-11-22 07:45 d-------- C:\Program Files\Illustrate 2007-11-22 07:45 d-------- C:\Documents and Settings\Krzysztof\Dane aplikacji\AccurateRip 2007-11-22 07:45 2,433,400 --a------ C:\WINDOWS\system32\SpoonUninstall.exe 2007-11-22 07:45 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp 2007-11-22 07:45 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp 2007-11-22 07:45 13,281 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat 2007-11-22 07:45 8,457 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat 2007-11-21 12:40 d-------- C:\Program Files\Common Files\eSellerate 2007-11-21 12:13 3,001 --a------ C:\WINDOWS\unins000.dat 2007-11-18 19:30 d-------- C:\Documents and Settings\Krzysztof\Dane aplikacji\ShredderChess 2007-11-16 19:57 d-------- C:\Program Files\SubEdit-Player 2007-11-14 23:10 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-14 14:11 d-------- C:\Program Files\Krzyľ˘wkomaniak 2007-11-14 13:40 d-------- C:\Program Files\MSXML 4.0 2007-11-13 16:41 307,200 --a------ C:\WINDOWS\IsUn0415.exe 2007-11-13 16:22 d-------- C:\Documents and Settings\Krzysztof\Dane aplikacji\Canon 2007-11-13 16:20 d-------- C:\Documents and Settings\Krzysztof\Dane aplikacji\Ahead 2007-11-13 16:15 d-------- C:\Program Files\Nero 2007-11-13 16:15 d-------- C:\Program Files\Common Files\Ahead 2007-11-13 16:15 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-11-13 16:03 d-------- C:\Documents and Settings\Krzysztof\Dane aplikacji\ABBYY 2007-11-13 16:00 d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2007-11-10 21:59 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-11-10 21:17 d-------- C:\Program Files\Winamp 2007-11-10 21:17 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-11-10 21:17 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-11-10 21:08 d-------- C:\Program Files\CCleaner 2007-11-10 20:32 d-------- C:\Documents and Settings\Krzysztof\Dane aplikacji\ChessBase 2007-11-10 20:31 d-------- C:\Program Files\Common Files\ChessBase 2007-11-10 20:29 d-------- C:\Program Files\ChessBase 2007-11-10 19:31 d-------- C:\Program Files\eMule0.48a 2007-11-10 19:11 d-------- C:\Program Files\Java 2007-11-10 19:11 d-------- C:\Program Files\Common Files\Java 2007-11-10 19:04 d-------- C:\Program Files\Gadu-Gadu 2007-11-10 19:04 d-------- C:\Documents and Settings\Krzysztof\Gadu-Gadu 2007-11-10 19:03 d-------- C:\Program Files\Common Files\Adobe 2007-11-10 18:46 d-------- C:\Documents and Settings\Krzysztof\Dane aplikacji\F-Secure 2007-11-10 18:42 d-------- C:\Documents and Settings\All Users\Dane aplikacji\F-Secure 2007-11-10 18:41 d-------- C:\Documents and Settings\All Users\Dane aplikacji\fssg 2007-11-10 18:39 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-11-10 18:39 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-11-10 18:39 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-11-10 18:08 129,254 --a------ C:\WINDOWS\system32\TZLog.log 2007-11-10 17:45 d-------- C:\Program Files\Opera 2007-11-10 17:39 d--h----- C:\WINDOWS\$hf_mig$ 2007-11-10 17:39 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-11-10 17:30 d--hs---- C:\Documents and Settings\Krzysztof\UserData 2007-11-10 17:18 d-------- C:\Program Files\Microsoft Works 2007-11-10 17:16 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-11-10 17:07 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-10 17:07 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-10 17:06 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-11-10 17:06 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-11-10 17:06 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-11-10 17:06 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-11-10 17:06 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-11-10 17:06 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2007-11-10 17:06 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-11-10 17:06 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-11-10 17:05 d--h----- C:\Program Files\CanonBJ 2007-11-10 17:04 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax 2007-11-10 17:04 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax 2007-11-10 17:04 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys 2007-11-10 17:04 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax 2007-11-10 17:04 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax 2007-11-10 17:04 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-11-10 17:04 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-11-10 17:04 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax 2007-11-10 17:04 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax 2007-11-10 17:04 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax 2007-11-10 17:03 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-11-10 17:03 495,616 --a------ C:\WINDOWS\system32\sblfx.dll 2007-11-10 17:03 256,512 --a------ C:\WINDOWS\system32\devcon32.dll 2007-11-10 17:03 241,664 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-11-10 17:03 233,472 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-11-10 17:03 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys 2007-11-10 17:03 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax 2007-11-10 17:03 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax 2007-11-10 17:03 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll 2007-11-10 17:03 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys 2007-11-10 17:03 36,864 --a------ C:\WINDOWS\system32\sfman32.dll 2007-11-10 17:03 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-22 19:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-14 13:13 --------- d-----w C:\Program Files\Krzyżówkomaniak 2007-11-10 15:49 --------- d-----w C:\Program Files\Thomson 2007-11-10 15:48 --------- d-----w C:\Program Files\Logitech 2007-11-10 15:48 --------- d-----w C:\Program Files\Common Files\Logitech 2007-11-10 15:47 --------- d-----w C:\Program Files\A4Tech 2007-11-10 15:44 --------- d-----w C:\Program Files\Creative 2007-11-10 15:34 --------- d-----w C:\Program Files\ATI Technologies 2007-11-10 15:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-10 15:25 --------- d-----w C:\Program Files\Realtek Sound Manager 2007-11-10 15:25 --------- d-----w C:\Program Files\Realtek AC97 2007-11-10 15:25 --------- d-----w C:\Program Files\AvRack 2007-11-10 15:21 --------- d-----w C:\Program Files\Intel 2007-11-10 15:12 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-10 15:11 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-11 21:37] "german.exe"="C:\WINDOWS\system32\wintems.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [] "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [] "AVPDWIN"="C:\Program Files\Panda Software\Panda Demo\pandasft.exe" [] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSecurityTab"= 1 (0x1) [color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys . Contents of the 'Scheduled Tasks' folder "2007-11-23 19:37:26 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job" - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe - A:. ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-24 19:34:28 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-24 19:35:05 - machine was rebooted . --- E O F --- Za wszelką pomoc Dziekuję z Góry. Pozdrawiam Krzychumag.
krzychumag
Dodano
24.11.2007 17:26:06
Bardzo cię przepraszam pomyliłem się chyba z tym wirusem a wirus jest jakiś nadal tylko nadal niewiem jaki "nie mogę ściągnąć" - nie jest to zbyt wiele informacji ;) - bo za każdym razem jak pobieram to mam błąd. Czy ktoś ma jakiś jeszcze pomysł co zrobić w tej sytuacj. Postanowiłem ściągnąć i zainstalować program Spy Sweeper i oto co pokazał [img]http://img91.imageshack.us/img91/7936/kkkhb9.jpg[/img] Pozdrawiam Krzychumag.
krzychumag
Dodano
23.11.2007 01:45:21
Skąd informacja o tym, że to jest Trj/Lozyt.A ?? Masz ten -> ABC123.PID plik w katalogu %temp% (wpisz sobie w start -> uruchom %temp% to przeniesie Cię do własciwego folderu od razu) ?? "nie mogę ściągnąć" - nie jest to zbyt wiele informacji ;)
Żółty
Dodano
23.11.2007 01:36:20
Dzięki Żółty za wszelką pomoc tak myślę że jes to wirus Trj/Lozyt.A. Postanowiłem jeszcze zainstalować program Anti Malware 2.0 i chciałem uaktualnić (niestety także się nie powiodło). Dodatkowo - ściągnij i użyj uninstallera Pandy linkowanego na stronie http://www.pandasecurity.com/homeusers/support/card?id=23210&idIdioma=2&pagina=1. Chciałem ten program ściągnąć ale również nie mogę. Pozdrawiam Krzychumag.
krzychumag
Dodano
23.11.2007 01:31:14
W logu nic nie widać. Masz zainstalowane jakieś demo Pandy [quote]O4 - HKLM\..\Run: [AVPDWIN] "C:\Program Files\Panda Software\Panda Demo\pandasft.exe"[/quote] ?? Jak tak to zdeinstaluj. Dodatkowo jakąś usługe Pandy masz [quote]O23 - Service: Panda Software Controller - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe (file missing)[/quote] Dodatkowo - ściągnij i użyj uninstallera Pandy linkowanego na stronie [url]http://www.pandasecurity.com/homeusers/support/card?id=23210&idIdioma=2&pagina=1[/url] Po tym spróbuj raz jeszcze zainstalować Pandę.
Żółty
Dodano
23.11.2007 01:02:07
krzychumag
Dodano:
23.11.2007 00:40:20
Komentarzy:
5
Strona 1 / 1