Skocz do zawartości


tablety.pl
Zdjęcie
- - - - -

Wirusy i mocno spowolniona praca komputera!




  • Zaloguj się, aby dodać odpowiedź
12 odpowiedzi w tym temacie

#1 Bercikoz

Bercikoz

    First Rank

  • Użytkownicy
  • 8 postów

Napisano 28 01 2011 - 13:28

Witam! Mam problem a mianowicie Avast wykryl mi 19 wirusów różnego typu, oraz zauważylem ze kiedy wlacze komputer to musze odczekac conajmniej 15 minut zanim sie odmuli i bede mogl cos na nim zrobic. Prosze o pomoc. Zalaczam log OTL.

Załączone pliki

  • Załączony plik  OTL.Txt   1,9 MB   164 Ilość pobrań
  • Załączony plik  Extras.Txt   45,32 KB   195 Ilość pobrań


#2 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5762 postów
  • Płeć:Mężczyzna

Napisano 28 01 2011 - 13:46

Widać ślady po infekcji "facebookowej", oraz po infekcji pendrivowej.

[2011-01-28 10:14:20 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2011-01-28 10:14:20 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011-01-28 10:14:19 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys
[2011-01-28 10:14:19 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2011-01-28 10:14:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys.bak
[2011-01-28 10:14:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2011-01-28 10:14:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys


Tych plików nie powinno być, choć Microsoft przygotował dla nich miejsce w Systemie.

1) Ściągnij -->Avenger.
wklej do niego ten tekst:
Files to delete:
C:\WINDOWS\System32\drivers\lbrtfdc.sys
C:\WINDOWS\System32\dllcache\lbrtfdc.sys
C:\WINDOWS\System32\drivers\i2omgmt.sys
C:\WINDOWS\System32\dllcache\i2omgmt.sys
C:\WINDOWS\System32\drivers\Changer.sys.bak
C:\WINDOWS\System32\drivers\changer.sys
C:\WINDOWS\System32\dllcache\changer.sys

Kliknij w "Execute" i zatwierdź restart komputera.
Zrestartuj komputer.
Daj Raport z Avengera z C:\avenger.txt.

2) Daj log z TDSSKiller >http://searchengines...15

3) >http://searchengines...67
W tym linku odszukaj USBFix
Kliknij w nim na przycisk "DELETION".
Daj raport z tego narzędzia.

4) Uruchom OTL i w dolne białe pole wklej to:

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\JA\Pulpit\facebook-pic000934519.exe"=-

:Files
C:\Program Files\DAEMON Tools Toolbar
RECYCLER /alldrives
C:\Documents and Settings\JA\Pulpit\facebook-pic000934519.exe
c:\windows\nvsvc32.exe

:OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKCU..\Run: [AQQ] File not found
O4 - HKCU..\Run: [NVIDIA driver monitor] File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\JA\Dane aplikacji\juzjf.exe) - File not found
O33 - MountPoints2\{f33db99e-8df8-11df-8039-00241dff1672}\Shell\AutoRun\command - "" = affi8l.exe
O33 - MountPoints2\{f33db99e-8df8-11df-8039-00241dff1672}\Shell\open\Command - "" = affi8l.exe
[2010-10-16 07:49:33 | 000,000,000 | -HSD | C] -- C:\found.000

:Commands
[emptytemp]

Kliknij w Wykonaj Script. Zapisz raport, który się pokaże.
Pokaż nowy log OTL.txt oraz raport z usuwania.
.

#3 Bercikoz

Bercikoz

    First Rank

  • Użytkownicy
  • 8 postów

Napisano 28 01 2011 - 15:02

Oto wszystkie raporty jakie mi sie pojawily, jezeli czegos brakuje jeszcze to prosze mi napisac i wytlumaczyc jak do tego dojsc :P sorry ze tak dlugo to trwalo ale jak juz pisalem wyzej komputer przy kazdym restarcie strasznie 'muli' i przez 15 minut nie da rady nic zrobic, jezeli mozna cos z tym zrobic to prosze o odpowiedz. :/

PS. nie moge dodac tego pliku z OTL z tego co sie usunelo wiec tutaj wkleje to co sie pojawilo.

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\JA\Pulpit\facebook-pic000934519.exe deleted successfully.
========== FILES ==========
C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\RECYCLER folder moved successfully.
D:\RECYCLER folder moved successfully.
E:\RECYCLER folder moved successfully.
File\Folder C:\Documents and Settings\JA\Pulpit\facebook-pic000934519.exe not found.
File\Folder c:\windows\nvsvc32.exe not found.
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AQQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\JA\Dane aplikacji\juzjf.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f33db99e-8df8-11df-8039-00241dff1672}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f33db99e-8df8-11df-8039-00241dff1672}\ not found.
File affi8l.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f33db99e-8df8-11df-8039-00241dff1672}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f33db99e-8df8-11df-8039-00241dff1672}\ not found.
File affi8l.exe not found.
C:\found.000\dir0000.chk\update folder moved successfully.
C:\found.000\dir0000.chk\SP3QFE folder moved successfully.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: JA
->Temp folder emptied: 297309565 bytes
->Temporary Internet Files folder emptied: 87169194 bytes
->Java cache emptied: 168495111 bytes
->FireFox cache emptied: 115012216 bytes
->Flash cache emptied: 56617 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 434 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352022 bytes
%systemroot%\System32 .tmp files removed: 1613396 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26610926 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 666,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 01282011_142141

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Załączone pliki



#4 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5762 postów
  • Płeć:Mężczyzna

Napisano 28 01 2011 - 15:37

UsbFix 7.022 | [Research]

Zaleciłem użycie USBFix z opcji DELETION (a nie "Research"), więc teraz użyj go właśnie z opcji DELETION.

TDSSKiller nic nie wykrył.

Kosmetyka:
Uruchom OTL i w dolne białe pole wklej to:
:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_US&apn_uid=A997A1BB-472E-4086-9436-17776FBC12D8&apn_ptnrs=PV&apn_sauid=20FC3EF5-1158-4107-8B3C-5900CCADBED6&apn_dtid=&q="
[2010-12-27 20:11:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\engine@conduit.com
[2010-10-29 17:48:43 | 000,000,000 | ---D | M] (Sopcast Ask Toolbar) -- C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com
[2011-01-27 18:02:54 | 000,002,558 | ---- | M] () -- C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\searchplugins\askcom.xml

:Commands
[emptytemp]

Kliknij w Wykonaj Script. Pokaż raport, który się pokaże.
.

#5 Bercikoz

Bercikoz

    First Rank

  • Użytkownicy
  • 8 postów

Napisano 28 01 2011 - 16:23

ah, sorry nie doczytalem ale juz mam to co trzeba, teraz na dodatek nie mam dzwieku wogole w komputerze... jezli da rade to naprawic to prosze o pomoc.


OTL:

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "http://websearch.ask...6&apn_dtid=&q=" removed from keyword.URL
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\engine@conduit.com folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-24-Jun-2010-14-50-49-GMT folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-21-Mar-2010-15-22-34-GMT folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-29-Oct-2010-16-48-40-GMT folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-19-Nov-2010-11-50-45-GMT folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\extensions\toolbar@ask.com folder moved successfully.
C:\Documents and Settings\JA\Dane aplikacji\Mozilla\Firefox\Profiles\lmbkza9p.default\searchplugins\askcom.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JA
->Temp folder emptied: 791539 bytes
->Temporary Internet Files folder emptied: 108105 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38498177 bytes
->Flash cache emptied: 667 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 01282011_160549

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Załączone pliki

  • Załączony plik  UsbFix.txt   3,26 KB   122 Ilość pobrań


#6 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5762 postów
  • Płeć:Mężczyzna

Napisano 28 01 2011 - 16:38

Teraz powinno być OK, tzn. czysto.

Avast wykryl mi 19 wirusów różnego typu

Czy nie było wśród nich jakiegoś wirusa zarażającego wszystkie pliki *.exe ?
Pytam, bo może ten brak dźwięku wynika z zarażogo *.exe.
.

#7 Bercikoz

Bercikoz

    First Rank

  • Użytkownicy
  • 8 postów

Napisano 28 01 2011 - 16:44

Kiedy probuje puscic muzyke na Winampie to mi wyskakuje jakis blad ze mam niepoprawny sterownik DirectSound, a po za tym to nadal jest problem z tym uruchamianiem komputera, kiedy sie wlaczy i probuje kliknac na ktoras z ikon to nic sie nie dzieje a jak najezdzam na pasek zadan to sie pojawia klepsydra i dopiero po jakis 15 minutach mozna pracowac na komputerze.

#8 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5762 postów
  • Płeć:Mężczyzna

Napisano 28 01 2011 - 16:59

Nie odpowiedziałeś na moje pytanie.
Czy teraz Antivirus coś wykrywa?
Muszę to wiedzieć, zanim oddam temat do dyspozycji Moderatorowi (przeniesie temat do innego działu).
.

#9 Bercikoz

Bercikoz

    First Rank

  • Użytkownicy
  • 8 postów

Napisano 28 01 2011 - 17:35

Avira wykryla mi 2 wirusy:
TR/Buzus.fift
TR/Dropper.Gen2

Dołącze raport ze skanu.



Avira AntiVir Personal
Report file date: 28 stycznia 2011 16:45

Scanning for 2433335 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Dodatek Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BADAJ-A5D2B202B

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 2010-12-13 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 2010-12-13 07:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 2010-04-01 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 2010-12-13 07:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2010-02-10 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 11:17:24
VBASE002.VDF : 7.11.0.1 2048 Bytes 2010-12-14 11:17:25
VBASE003.VDF : 7.11.0.2 2048 Bytes 2010-12-14 11:17:25
VBASE004.VDF : 7.11.0.3 2048 Bytes 2010-12-14 11:17:25
VBASE005.VDF : 7.11.0.4 2048 Bytes 2010-12-14 11:17:25
VBASE006.VDF : 7.11.0.5 2048 Bytes 2010-12-14 11:17:25
VBASE007.VDF : 7.11.0.6 2048 Bytes 2010-12-14 11:17:25
VBASE008.VDF : 7.11.0.7 2048 Bytes 2010-12-14 11:17:25
VBASE009.VDF : 7.11.0.8 2048 Bytes 2010-12-14 11:17:25
VBASE010.VDF : 7.11.0.9 2048 Bytes 2010-12-14 11:17:25
VBASE011.VDF : 7.11.0.10 2048 Bytes 2010-12-14 11:17:25
VBASE012.VDF : 7.11.0.11 2048 Bytes 2010-12-14 11:17:25
VBASE013.VDF : 7.11.0.52 128000 Bytes 2010-12-16 11:17:26
VBASE014.VDF : 7.11.0.91 226816 Bytes 2010-12-20 11:17:26
VBASE015.VDF : 7.11.0.122 136192 Bytes 2010-12-21 11:17:27
VBASE016.VDF : 7.11.0.156 122880 Bytes 2010-12-24 11:17:27
VBASE017.VDF : 7.11.0.185 146944 Bytes 2010-12-27 11:17:27
VBASE018.VDF : 7.11.0.228 132608 Bytes 2010-12-30 11:17:28
VBASE019.VDF : 7.11.1.5 148480 Bytes 2011-01-03 11:17:28
VBASE020.VDF : 7.11.1.37 156672 Bytes 2011-01-07 11:17:29
VBASE021.VDF : 7.11.1.65 140800 Bytes 2011-01-10 11:17:29
VBASE022.VDF : 7.11.1.87 225280 Bytes 2011-01-11 11:17:29
VBASE023.VDF : 7.11.1.124 125440 Bytes 2011-01-14 11:17:30
VBASE024.VDF : 7.11.1.155 132096 Bytes 2011-01-17 11:17:30
VBASE025.VDF : 7.11.1.189 451072 Bytes 2011-01-20 11:17:31
VBASE026.VDF : 7.11.1.230 138752 Bytes 2011-01-24 11:17:31
VBASE027.VDF : 7.11.2.12 164352 Bytes 2011-01-27 11:17:32
VBASE028.VDF : 7.11.2.13 2048 Bytes 2011-01-27 11:17:32
VBASE029.VDF : 7.11.2.14 2048 Bytes 2011-01-27 11:17:32
VBASE030.VDF : 7.11.2.15 2048 Bytes 2011-01-27 11:17:32
VBASE031.VDF : 7.11.2.21 40448 Bytes 2011-01-28 11:17:32
Engineversion : 8.2.4.150
AEVDF.DLL : 8.1.2.1 106868 Bytes 2010-12-13 07:39:51
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 2011-01-28 11:17:38
AESCN.DLL : 8.1.7.2 127349 Bytes 2010-12-13 07:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 2010-12-13 07:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 2010-12-13 07:39:50
AEPACK.DLL : 8.2.4.8 512374 Bytes 2011-01-28 11:17:37
AEOFFICE.DLL : 8.1.1.15 205178 Bytes 2011-01-28 11:17:36
AEHEUR.DLL : 8.1.2.68 3178870 Bytes 2011-01-28 11:17:36
AEHELP.DLL : 8.1.16.0 246136 Bytes 2010-12-13 07:39:42
AEGEN.DLL : 8.1.5.2 397683 Bytes 2011-01-28 11:17:34
AEEMU.DLL : 8.1.3.0 393589 Bytes 2010-12-13 07:39:42
AECORE.DLL : 8.1.19.2 196983 Bytes 2011-01-28 11:17:33
AEBB.DLL : 8.1.1.0 53618 Bytes 2010-12-13 07:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 2010-12-13 07:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 2010-12-13 07:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 2010-06-17 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 2010-12-13 07:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 2010-12-13 07:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 2010-12-13 07:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2010-12-13 07:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 2010-06-17 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 2010-12-13 07:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2010-06-17 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 2010-01-28 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 2010-12-13 07:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 28 stycznia 2011 16:45

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-2052111302-1454471165-1417001333-1003\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2052111302-1454471165-1417001333-1003\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '61' Module(s) have been scanned
Scan process 'wuauclt.exe' - '36' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '28' Module(s) have been scanned
Scan process 'RGSC.exe' - '103' Module(s) have been scanned
Scan process 'msmsgs.exe' - '41' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '49' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '40' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '18' Module(s) have been scanned
Scan process 'jusched.exe' - '20' Module(s) have been scanned
Scan process 'winampa.exe' - '19' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '30' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '35' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '18' Module(s) have been scanned
Scan process 'jqs.exe' - '81' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'Explorer.EXE' - '96' Module(s) have been scanned
Scan process 'sched.exe' - '45' Module(s) have been scanned
Scan process 'spoolsv.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '65' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '326' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\System Volume Information\_restore{8821D565-705C-4D29-8E90-07BD93DBF475}\RP259\A0057295.dll
[DETECTION] Is the TR/Dropper.Gen2 Trojan
C:\System Volume Information\_restore{8821D565-705C-4D29-8E90-07BD93DBF475}\RP259\A0057296.dll
[DETECTION] Is the TR/Buzus.fift Trojan
Begin scan in 'D:\'
Begin scan in 'E:\'

Beginning disinfection:
C:\System Volume Information\_restore{8821D565-705C-4D29-8E90-07BD93DBF475}\RP259\A0057296.dll
[DETECTION] Is the TR/Buzus.fift Trojan
[NOTE] The file was moved to the quarantine directory under the name '4ecb4bf6.qua'.
C:\System Volume Information\_restore{8821D565-705C-4D29-8E90-07BD93DBF475}\RP259\A0057295.dll
[DETECTION] Is the TR/Dropper.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '565c6451.qua'.


End of the scan: 28 stycznia 2011 17:30
Used time: 34:19 Minute(s)

The scan has been done completely.

6911 Scanned directories
293403 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
293401 Files not concerned
1801 Archives were scanned
0 Warnings
2 Notes
277957 Objects were scanned with rootkit scan
2 Hidden objects were found

#10 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5762 postów
  • Płeć:Mężczyzna

Napisano 28 01 2011 - 18:00

TR/Buzus.fift
TR/Dropper.Gen2

One nie zarażają *.exe.

Kiedy probuje puscic muzyke na Winampie to mi wyskakuje jakis blad ze mam niepoprawny sterownik DirectSound, a po za tym to nadal jest problem z tym uruchamianiem komputera, kiedy sie wlaczy i probuje kliknac na ktoras z ikon to nic sie nie dzieje a jak najezdzam na pasek zadan to sie pojawia klepsydra i dopiero po jakis 15 minutach mozna pracowac na komputerze.


W tej sytuacji Moderator przesunie temat do innego działu Forum.

.

#11 Bercikoz

Bercikoz

    First Rank

  • Użytkownicy
  • 8 postów

Napisano 28 01 2011 - 18:05

ja tylko napisalem co mi wykryla avira, ja sie nie znam na tym co zaraza jakie pliki itd. jezeli z tymi dwoma wirusami nie da sie nic zrobic lub sa nieszkodliwe to dziekuje za pomoc. :)

#12 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5762 postów
  • Płeć:Mężczyzna

Napisano 28 01 2011 - 18:16

jezeli z tymi dwoma wirusami nie da sie nic zrobic lub sa nieszkodliwe


Ja nie pisałem, że są nieszkodliwe; napisałem tylko, że one nie zarażają plików *.exe
A ponieważ Avira już je usunęła (a właściwie to były tylko ich kopie, bo w folderze "System Volume), to infekcji żadnej aktualnie nie masz.

W tej sytuacji Moderator przesunie temat do innego działu Forum.

To jest dalej aktualne.
.

#13 Bercikoz

Bercikoz

    First Rank

  • Użytkownicy
  • 8 postów

Napisano 28 01 2011 - 18:23

No wiec jeszcze raz dzieki za pomoc i pozdrawiam!!




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych