Lekkie zaniepokojenie raportem ze skanu


(Viliae) #1

Witam

Zrobiłem dziś skan antywirusowy (program Avira - AntiVir PE) i w raporcie mam zapisane pliki, których nie można było otworzyć. Moje pytanie: Czy mam się czym niepokoić (póki co nic się nie dzieje)? Martwi mnie to, że jest ich tak dużo.

AntiVir PersonalEdition Classic

Report file date: 22 czerwca 2006 15:08


Scanning for 411472 virus strains and unwanted programs.


Licensed to: AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Dodatek Service Pack 2) [5.1.2600]

Username: Paweł

Computer name: DOM


Version informations:

AVSCAN.EXE : 7.0.0.42 557096 2006-06-18 20:02:10

AVSCAN.DLL : 7.0.0.42 53288 2006-06-18 20:02:10

LUKE.DLL : 7.0.0.42 118824 2006-06-18 20:02:12

LUKERES.DLL : 7.0.0.42 25640 2006-06-18 20:02:12

ANTIVIR0.VDF : 6.35.0.1 7371264 2006-06-18 20:02:09

ANTIVIR1.VDF : 6.35.0.5 2048 2006-06-18 20:02:09

ANTIVIR2.VDF : 6.35.0.62 208384 2006-06-18 20:02:09

ANTIVIR3.VDF : 6.35.0.66 13824 2006-06-18 20:02:09

AVEWIN32.DLL : 7.1.0.15 1536512 2006-06-18 20:02:09

AVPREF.DLL : 7.0.0.1 49192 2006-06-18 20:02:09

AVREP.DLL : 6.35.0.47 679976 2006-06-18 20:02:09

AVRPBASE.DLL : 7.0.0.0 2162728 2006-06-18 20:02:09

AVPACK32.DLL : 7.1.0.1 335912 2006-06-18 20:02:09

AVREG.DLL : 6.31.0.90 27688 2006-06-18 20:02:09

NETNT.DLL : 6.32.0.0 6696 2006-06-18 20:02:12

NETNW.DLL : 6.32.0.0 9768 2006-06-18 20:02:13

RCIMAGE.DLL : 7.0.0.71 1642536 2006-06-18 20:02:16

RCTEXT.DLL : 7.0.0.75 77864 2006-06-18 20:02:16


Configuration settings for the scan:

Jobname: '%s'.................: Local Hard Disks

Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp

Boot sectors..................: C,D,E

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 2

Scan archives.................: 1

Recursion depth...............: 30

Smart extensions..............: 1

Skipped archive types.........: 1000,1001,1002,1003,1004,

Macro heuristic...............: 1

File heuristic................: 3

Primary action................: 1

Secondary action..............: 0


Start of the scan: 22 czerwca 2006 15:08



The scan over running processes will be started

22 Processes was scanned


Start scanning boot sectors:


Boot sector 'C:\'

      [NOTE] No virus was found!

Boot sector 'D:\'

      [NOTE] No virus was found!

Boot sector 'E:\'

      [NOTE] No virus was found!


Starting to scan the registry.

The registry was scanned ( 7 files ).



Starting the file scan:


C:\hiberfil.sys

      [WARNING] The file could not be opened!

C:\pagefile.sys

      [WARNING] The file could not be opened!

C:\Documents and Settings\LocalService\NTUSER.DAT

      [WARNING] The file could not be opened!

C:\Documents and Settings\LocalService\ntuser.dat.LOG

      [WARNING] The file could not be opened!

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat

      [WARNING] The file could not be opened!

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG

      [WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\NTUSER.DAT

      [WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

      [WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat

      [WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG

      [WARNING] The file could not be opened!

C:\Documents and Settings\Paweł\NTUSER.DAT

      [WARNING] The file could not be opened!

C:\Documents and Settings\Paweł\NTUSER.DAT.LOG

      [WARNING] The file could not be opened!

C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat

      [WARNING] The file could not be opened!

C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG

      [WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default

      [WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

      [WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

      [WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

      [WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

      [WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

      [WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software

      [WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

      [WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system

      [WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

      [WARNING] The file could not be opened!



End of the scan: 22 czerwca 2006 15:39

Used time: 30:40 min


The scan has been done completely.


   2018 Scanning directories

 148217 Files were scanned

      0 viruses and/or unwanted programs was found

      0 files were deleted

      0 files were repaired

      0 files were moved to quarantine

      0 files were renamed

   1387 Archives were scanned

     24 Warnings

      0 Notes

(Bbieniol) #2

Dla pewności wrzuć zestaw logów (Hijack + Silent - opis tutaj --> http://forum.dobreprogramy.pl/viewtopic.php?t=36654) :slight_smile:


(Grzesiek1) #3

No pewnie że nie ma się czym martwić przecież to są pliki rejstru i są cały czas w użyciu dlatego nie można ich przeskanować

Złączono Posta : 22.06.2006 (Czw) 16:33

Aha jeszcze plik hibarnacji i plik wymiany ale to też nie ma sie co przejmować

8)


(Viliae) #4

To znowu ja. Mimo iż Grzesiek rozwiał trochę moje wątpliwości to i tak wklejam logi:

HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 16:42:02, on 2006-06-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programy\Konnekt\konnekt.exe

C:\Programy\OUTPOS~1.0\outpost.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Programy\Opera\Opera.exe

C:\Programy\freeCommander2005\freeCommander.exe

C:\Programy\FREEDO~1\fdm.exe

E:\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Outpost Firewall] C:\Programy\OUTPOS~1.0\outpost.exe /waitservice

O4 - HKCU\..\Run: [Konnekt] "C:\Programy\Konnekt\konnekt.exe" /autostart

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\Programy\OUTPOS~1.0\outpost.exe

Silent Runners EDIT: przepraszam nastąpiła pomyłka z pośpiechu :zawstydzony:


(Bbieniol) #5

Hijack się zgadza i jest czysty

Ale co ma znaczyć ten "rzekomy" log z Silenta? Przecież wkleiłeś dwa logi z Hijacka - opis Silenta masz pod opisem Hijacka :slight_smile: