Skan antyvira i 2 ostrzezenia

Dla specjalistów Bezpieczeństwo
#1

Mam problem z kompem jak większość tutaj i proszę o pomoc bo ja w tych sprawach jestem zielony. :oops: :frowning:

Skanowałem kompa za pomoca Avira i wyszło mi cos takiego

AntiVir PersonalEdition Classic

Report file date: 6 listopada 2007 18:25

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Dodatek Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name:

Version information:

BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 2007-09-13 14:26:55

ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 2007-09-13 14:27:04

ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 2007-09-13 14:27:13

AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 2007-09-17 17:43:56

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:

Jobname…: Complete system scan

Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging…: low

Primary action…: interactive

Secondary action…: ignore

Scan master boot sector…: off

Scan boot sector…: on

Boot sectors…: E:,

Scan memory…: on

Process scan…: on

Scan registry…: on

Search for rootkits…: off

Scan all files…: Intelligent file selection

Scan archives…: on

Recursion depth…: 20

Smart extensions…: on

Macro heuristic…: on

File heuristic…: medium

Start of the scan: 6 listopada 2007 18:25

The scan of running processes will be started

Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘avnotify.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘avgnt.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘avguard.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘sched.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘firefox.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘MPAPI3s.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘wscntfy.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘alg.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘NMIndexStoreSvr.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘ServiceLayer.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘NMIndexingService.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘wdfmgr.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘StarWindServiceAE.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘BTNtService.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘BlueSoleil.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘NMBgMonitor.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘PcSync2.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘msmsgs.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘winampa.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘LaunchApplication.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘jusched.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘soundman.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘VTTrayp.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘VTTimer.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘spoolsv.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned

Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned

38 processes with 38 modules were scanned

Start scanning boot sectors:

Boot sector ‘C:’

[NOTE] No virus was found!

Boot sector ‘D:’

[NOTE] No virus was found!

Boot sector ‘E:’

[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( ‘29’ files ).

Starting the file scan:

Begin scan in ‘C:’

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in ‘D:’

Begin scan in ‘E:’

End of the scan: 6 listopada 2007 18:35

Used time: 10:18 min

The scan has been done completely.

2440 Scanning directories

79466 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

79466 Files not concerned

963 Archives were scanned

2 Warnings

1 Notes

wiec zrobiłem loga hijackthis i wygląda on tak

Scan saved at 19:13:35, on 2007-11-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O4 - HKLM…\Run: [VTTimer] VTTimer.exe

O4 - HKLM…\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [Orb] “C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_01] cmd.exe /c md “%USERPROFILE%\Ustawienia lokalne\Temp” (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_03] cmd.exe /c md “%SystemRoot%\System32\dllcache” (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_04] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-20…\RunOnce: [nlpo_01] cmd.exe /c md “%USERPROFILE%\Ustawienia lokalne\Temp” (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

End of file - 6632 bytes

czy może mi ktoś pomuc i doradzić co jest nie tak?? :frowning:

#2

mickey752900

Ważny komunikat dotyczący tytułowania tematów

Zapoznaj się ze wskazanym tematem, określającym zasady zakładania tematów w tym dziale, i popraw swój temat konkretnie go tytułując, przedstawiając problem oraz właściwie wklejając logi - obejmując je tagami

#3

Jak byś się wysilił i przeczytał raport z Aviry , to widział byś że

A logu jest okej.

Daj log z Combofix

Opis użycia ComboFix jest na tej stronie z linku.

Log może być długi, więc zapisz go sobie gdzieś, a potem wklej na http://wklej.org/, a tu daj tylko link.

#4

tak wiem ale to mnie martfi

Begin scan in ‘C:’

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

co to oznacza

#5

Nie masz google?

http://forum.idg.pl/index.php?showtopic=47221

#6

Szukasz dziury w całym. :slight_smile:

T o “warning” oznacza tylko, że plik nie może być przeskanowany.

Ale oba te pliki są prawidłowe i zostaw je w spokoju!

jessi

#7

ok.dzieki za rade teraz wiem o co chodzi :mrgreen: