dawidek11
(Dawidex11)
15 Październik 2007 00:46
#1
Witam ArcaMicroScan wykryl wirusa w c:/windows/explorer.exe worm.huhk.b zaden inny skaner mi tego niewykryl czy to jakis falszywy alarm …Podaje logi do sprawdzenia
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:34:41 AM, on 10/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe D:\Comodo\Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe D:\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe D:\Comodo\Firewall\CPF.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Webshots\Webshots.scr C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\ArcaMicroScan\arcamicroscan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\AveDesk 1.3\AVEDESK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” O4 - HKLM…\Run: [NvMediaCenter] “RunDLL32.exe” NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [COMODO Firewall Pro] “D:\Comodo\Firewall\CPF.exe” /background O4 - HKLM…\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM…\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM…\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKCU…\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe” O4 - HKCU…\Run: [AVEDESK] “C:\Program Files\AveDesk 1.3\AVEDESK.EXE” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O15 - Trusted Zone: http://arcaonline.arcabit.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Comodo\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Webroot\Spy Sweeper\SpySweeper.exe – End of file - 4888 bytes
“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “RocketDock” = ““C:\Program Files\RocketDock\RocketDock.exe”” [null data] “AVEDESK” = ““C:\Program Files\AveDesk 1.3\AVEDESK.EXE”” [" Andreas Verhoeven"] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = ““RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “AVP” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe”” [“Kaspersky Lab”] “NvMediaCenter” = ““RunDLL32.exe” NvMCTray.dll,NvTaskbarInit” [MS] “COMODO Firewall Pro” = ““D:\Comodo\Firewall\CPF.exe” /background” [“COMODO”] “FixCamera” = “C:\WINDOWS\FixCamera.exe” [empty string] “tsnpstd3” = “C:\WINDOWS\tsnpstd3.exe” [“SONIX”] “snpstd3” = “C:\WINDOWS\vsnpstd3.exe” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension” -> {HKLM…CLSID} = “Display Panning CPL Extension” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “D:\alkohol\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Web Anti-Virus statistics” -> {HKLM…CLSID} = “Web Anti-Virus statistics” \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll” [“Kaspersky Lab”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{611AD258-4138-4348-A534-9856FA6BA398}” = “IconPackager Icon Handler” -> {HKLM…CLSID} = “IPIconHandlerExt Class” \InProcServer32(Default) = “C:\Program Files\Stardock\Object Desktop\IconPackager\shellext.dll” [“Stardock.net , Inc”] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “Nokia Phone Browser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” = “Webroot Spy Sweeper Context Menu Integration” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “D:\Webroot\SPYSWE~1\SSCtxMnu.dll” [“Webroot Software, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRar\rarext.dll” [null data] “{2F5AC606-70CF-461C-BFE1-734234536262}” = “WindowBlinds CPL Extension” -> {HKLM…CLSID} = “DisplayCplExt Class” \InProcServer32(Default) = “C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll” [“Stardock.Net , Inc”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“GRISOFT s.r.o.”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “wbsys.dll” [“Stardock.Net , Inc”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”| [file not found]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”]|“SsiEfr.exe” [“Webroot Software Inc (http://www.webroot.com )”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”] <> WBSrv\DLLName = “C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll” [“Stardock”] <> WRNotifier\DLLName = “WRLogonNTF.dll” [“Webroot Software, Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll” [“Kaspersky Lab”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRar\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRar\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll” [“Kaspersky Lab”] SpySweeper(Default) = “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “D:\Webroot\SPYSWE~1\SSCtxMnu.dll” [“Webroot Software, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRar\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “D:\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ SpySweeper(Default) = “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “D:\Webroot\SPYSWE~1\SSCtxMnu.dll” [“Webroot Software, Inc.”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Albert\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Albert” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\Albert\Start Menu\Programs\Startup “Webshots” -> shortcut to: “C:\Program Files\Webshots\Launcher.exe /t” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Web Anti-Virus statistics” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll” [“Kaspersky Lab”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ “ButtonText” = “Web Anti-Virus statistics” Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“GRISOFT s.r.o.”] Comodo Application Agent, CmdAgent, “D:\Comodo\Firewall\cmdagent.exe” [“COMODO”] Kaspersky Anti-Virus 7.0, AVP, ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” -r” [“Kaspersky Lab”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] ProtexisLicensing, ProtexisLicensing, “C:\WINDOWS\system32\PSIService.exe” [null data] Webroot Spy Sweeper Engine, WebrootSpySweeperService, ““D:\Webroot\Spy Sweeper\SpySweeper.exe”” [“Webroot Software, Inc.”] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, “C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup” {“C:\WINDOWS\System32\WUDFSvc.dll” [MS]} Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class{4D36E96B-E325-11CE-BFC1-08002BE10318}\ “UpperFilters” = <> “SSKBFD” [“Webroot Software Inc (http://www.webroot.com )”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = “HpTcpMon.dll” [“Hewlett Packard”] PCL hpz3l054\Driver = “hpz3l054.dll” [“Hewlett-Packard Company”] ---------- (launch time: 2007-10-15 01:36:54) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 312 seconds, including 10 seconds for message boxes)
dzieki
Hokku
(Hokku)
15 Październik 2007 08:48
#2
Czasem lekarstwo jest gorsze od choroby… szczególnie wtedy, gdy choroba (dolegliwość) jest tylko urojona.
Programy ochronne nie są nieomylne i jest bardzo prawdopodobne, że ArcaMicroScan (uruchomiony ze strony internetowej) zgłosił fałszywy alarm albo na skutek błędnych definicji, albo na skutek konfliktu z innymi programami ochronnymi, które masz uruchomione na komputerze.
Jeśli chcesz sprawdzić co RÓŻNE silniki antywirusowe powiedzą o pojedynczym pliku, to
wejdź na stronę VirusTotal (w języku polskim):
http://www.virustotal.com/pl/
i tam wybierz Wyślij plik -> Przeglądaj…
a po wskazaniu pliku, który jest podejrzany, wybierz przycisk “Wyślij plik”.
Po chwili na tej samej stronie uzyskasz informacje o tym jak różne silniki antywirusowe wykrywają podejrzany plik. Analiza jest bezpłatna i nie wymaga rejestracji lub ściągania dodatkowego oprogramowania.
Na razie doradzam:
spokojne sprawdzenie systemu (np. jeśli to możliwe pełne skanowanie systemu w trybie bezpiecznym/awaryjnym)
wyłączenie usługi MS Machine Debug Manager (jeśli nie zajmujesz się debugowaniem skryptów)
okresowe (raz w tygodniu?) sprawdzanie antywirusem on-line (na czas skanowania znanymi skanerami antywirusowymi może być sensowne zamknięcie antywirusa Kasperskiego)
Ponieważ jednoczesna praca kilka programów ochronnych z tej samej kategorii może prowadzić do konfliktów, jeśli nie było infekcji a fałszywe alarmy nie ustaną to możesz rozważyć odinstalowanie jednego z nich, aby sprawdzić który powoduje konflikty.
dawidek11
(Dawidex11)
15 Październik 2007 09:54
#3
Dzieki tez tak mysle skanowalem na virustotal zaden ale nic niewykryl …moze to dlatego bo zaznaczylem najwiekszy poziom heurystyki .