Problem z instalacja Kaspersky

matikaka1 · 14 Sierpień 2008 07:09

Witam, chce zainstalowac program Kaspersky AntiVirus 2008 i wyskakuje mi ze mam zainstalowany AVG 8 i mam go usunac… Problem w tym ze juz dawno go odinstalowalem… Co mam zrobic?? Prosze o pomoc

spandaupol · 14 Sierpień 2008 07:21

Może nie całkiem odinstalowałeś np został jakiś (driver, usługa) daj log z Combofix

SyntaxError · 14 Sierpień 2008 07:28

Wpisz w start->uruchom->regedit potem wyszukaj nazwe starego antyvira i usuwaj wpisy.

matikaka1 · 14 Sierpień 2008 07:36

ComboFix 08-08-13.02 - Ola 2008-08-14 9:33:07.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1624 [GMT 2:00]

Running from: C:\Documents and Settings\Ola\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))

.

2008-08-14 00:56 . 2008-08-14 01:15

2008-08-13 23:35 . 2008-08-13 23:35

2008-08-13 23:33 . 2008-08-13 23:33

2008-08-13 23:09 . 2008-08-13 23:09

2008-08-13 12:48 . 2008-08-13 12:48

2008-08-12 22:48 . 2008-08-12 22:48

2008-08-12 22:47 . 2008-08-12 22:47

2008-08-12 21:33 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-12 21:32 . 2008-08-12 21:33

2008-08-12 21:28 . 2008-08-12 21:28

2008-08-12 18:15 . 2008-08-12 18:15

2008-08-12 11:59 . 2008-08-12 11:59

2008-08-12 10:32 . 2008-08-12 18:08

2008-08-11 21:23 . 2008-08-11 21:23

2008-08-11 20:21 . 2008-08-11 20:21

2008-08-11 20:21 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll

2008-08-11 20:21 . 2001-09-20 05:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll

2008-08-11 20:21 . 2006-03-18 10:18 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys

2008-08-11 20:21 . 2006-07-26 07:25 247,808 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys

2008-08-11 20:21 . 2006-04-27 22:42 93,824 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys

2008-08-11 20:21 . 2003-08-20 11:36 65,536 -ra------ C:\WINDOWS\system32\a3d.dll

2008-08-11 20:21 . 2005-05-04 09:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll

2008-08-11 20:21 . 2006-07-10 15:42 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe

2008-08-11 20:21 . 2002-04-17 15:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe

2008-08-11 20:21 . 2006-02-07 07:54 24,064 -ra------ C:\WINDOWS\system32\PostProc.dll

2008-08-11 17:13 . 2008-04-23 09:20 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2008-08-11 17:13 . 2007-04-17 11:32 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-08-11 17:13 . 2007-03-08 07:11 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-08-11 17:13 . 2008-04-23 09:20 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-08-11 17:13 . 2008-04-23 09:20 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-08-11 17:13 . 2008-04-23 09:20 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2008-08-11 17:13 . 2008-04-23 09:20 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2008-08-11 17:13 . 2008-04-23 09:20 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-08-11 17:13 . 2008-04-22 09:39 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-08-11 16:46 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-08-11 16:46 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-11 16:24 . 2008-08-11 16:24 746 --a------ C:\SMax.log.bak

2008-08-11 16:19 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-08-11 16:19 . 2004-08-03 23:15 82,944 --a–c— C:\WINDOWS\system32\dllcache\wdmaud.sys

2008-08-11 16:19 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-08-11 16:19 . 2004-08-03 23:07 52,864 --a–c— C:\WINDOWS\system32\dllcache\dmusic.sys

2008-08-11 16:19 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-08-11 16:19 . 2004-08-03 23:07 6,400 --a–c— C:\WINDOWS\system32\dllcache\splitter.sys

2008-08-11 15:46 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-08-11 15:05 . 2008-08-11 15:05

2008-08-11 14:57 . 2008-08-13 17:38

2008-08-11 14:26 . 2004-10-27 15:21 61,952 --a------ C:\WINDOWS\system32\HdAShCut.exe

2008-08-11 14:26 . 2004-10-27 15:21 25,088 --a------ C:\WINDOWS\system32\HdAProp.dll

2008-08-11 14:26 . 2004-10-27 15:21 5,120 --a------ C:\WINDOWS\system32\HdAudRes.dll

2008-08-11 14:24 . 2004-10-27 15:21 145,920 --a------ C:\WINDOWS\system32\drivers\Hdaudio.sys

2008-08-11 14:24 . 2004-10-27 15:21 138,240 --a------ C:\WINDOWS\system32\drivers\Hdaudbus.sys

2008-08-11 12:57 . 2008-08-11 12:57

2008-08-11 12:56 . 2008-08-11 12:56

2008-08-11 12:56 . 2008-08-12 10:39

2008-08-11 12:18 . 2008-08-11 12:18

2008-08-11 12:12 . 2008-08-14 09:33 16,384 --a------ C:\Program Files\uik.dat

2008-08-11 12:11 . 2008-08-14 08:58 4 --a------ C:\Program Files\is.dat

2008-08-11 12:01 . 2008-08-11 12:01

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-14 07:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-08-14 07:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-08-13 14:38 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\GanymedeNet

2008-08-12 14:08 --------- d-----w C:\Program Files\Ganymede

2008-08-11 18:21 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-08-11 15:21 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-11 11:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy

2008-08-11 11:37 --------- d-----w C:\Program Files\Spybot - Search Destroy

2008-08-11 09:40 --------- d-----w C:\Program Files\WLAN

2008-08-11 09:39 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\AdobeUM

2008-08-11 09:38 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-11 09:29 --------- d-----w C:\Program Files\My Company Name

2008-08-11 09:23 --------- d-----w C:\Program Files\microsoft frontpage

2008-08-11 09:22 --------- d-----w C:\Program Files\Usługi online

2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-07-07 09:42 2156368]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-08-11 14:57 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22 7618560]

“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-07-21 05:04 847872]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]

“nwiz”=“nwiz.exe” [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]

“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2008-08-11 11:40:39 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\B2BPOKER\i4poker\jre\bin\javaw.exe”=

“C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Polish\setup.exe”=

R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]

*Newly Created Service* - AAVMKER4

*Newly Created Service* - ASWFSBLK

*Newly Created Service* - ASWMON2

*Newly Created Service* - ASWRDR

*Newly Created Service* - ASWSP

*Newly Created Service* - ASWTDI

*Newly Created Service* - AVAST!_ANTIVIRUS

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

------- Supplementary Scan -------

.

R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O16 -: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} - hxxp://download.gamedesire.com/g_bin/pl … 0_0_27.cab

C:\WINDOWS\Downloaded Program Files\Roulette.inf

C:\WINDOWS\Downloaded Program Files\Roulette.dll

O16 -: {41ACD49D-1974-791A-0981-AA9872721044} - hxxp://download.gamedesire.com/g_bin/pl … 0_0_35.cab

C:\WINDOWS\Downloaded Program Files\boards.inf

C:\WINDOWS\Downloaded Program Files\boards.dll

O16 -: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} - hxxp://download.gamedesire.com/g_bin/pl … 0_0_30.cab

C:\WINDOWS\Downloaded Program Files\Pirate.inf

C:\WINDOWS\Downloaded Program Files\Pirate.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-14 09:34:16

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-14 9:34:39

ComboFix-quarantined-files.txt 2008-08-14 07:34:37

Pre-Run: 32,515,239,936 bajtów wolnych

Post-Run: 32,731,942,912 bajtów wolnych

167 — E O F — 2008-08-11 22:24:22

matikaka1 · 14 Sierpień 2008 07:40

Skorzystalem z rady Syntax’a usunalem AVG lecz teraz mi wyskoczylo ze musze usunac ALWIL Software Avast 4.0. Gdy probuje to zrobic za pomoca regedit wyskakuje mi ze nie mozna usunac klucza.

spandaupol · 14 Sierpień 2008 07:49

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.

matikaka1 · 14 Sierpień 2008 07:55

ComboFix 08-08-13.02 - Ola 2008-08-14 9:51:35.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1583 [GMT 2:00]

Running from: C:\Documents and Settings\Ola\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Ola\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Dane aplikacji\Avg8

C:\Program Files\Alwil Software

C:\Program Files\Alwil Software\Avast4\Aavm4h.dll

C:\Program Files\Alwil Software\Avast4\AavmRpch.dll

C:\Program Files\Alwil Software\Avast4\AhResMai.dll

C:\Program Files\Alwil Software\Avast4\ahResMes.dll

C:\Program Files\Alwil Software\Avast4\AhResNS.dll

C:\Program Files\Alwil Software\Avast4\AhResOut.dll

C:\Program Files\Alwil Software\Avast4\ahResP2P.dll

C:\Program Files\Alwil Software\Avast4\AhResStd.dll

C:\Program Files\Alwil Software\Avast4\AhResWS.dll

C:\Program Files\Alwil Software\Avast4\ashBase.dll

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll

C:\Program Files\Alwil Software\Avast4\ashTask.dll

C:\Program Files\Alwil Software\Avast4\aswAux.dll

C:\Program Files\Alwil Software\Avast4\aswCmnB.dll

C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll

C:\Program Files\Alwil Software\Avast4\aswCmnS.dll

C:\Program Files\Alwil Software\Avast4\aswEngin.dll

C:\Program Files\Alwil Software\Avast4\aswIdle.dll

C:\Program Files\Alwil Software\Avast4\aswInteg.dll

C:\Program Files\Alwil Software\Avast4\aswRes.dll

C:\Program Files\Alwil Software\Avast4\aswRunDll.exe

C:\Program Files\Alwil Software\Avast4\aswScan.dll

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log

C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log

C:\Program Files\Alwil Software\Avast4\DATA\report\Osłona rezydentna.txt

C:\Program Files\Alwil Software\Avast4\POLISH\Base.dll

C:\Program Files\Alwil Software\Avast4\Setup\avast.setup

C:\Program Files\Alwil Software\Avast4\Setup\reboot.txt

C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll

C:\Program Files\Alwil Software\Avast4\Setup\setup.ini