znów problemy - proszę o sprawdzenie loga

[andosek]

dzięki za zainteresowanie!! Jestem Ci ogromnie wdzięczna. Tylko pojawił się pewien problem Jak powinnam usunąć te pliki, żebym mogła je usunąć?? Przy próbie usuwania ręcznego pojawił się komunikat : "Nie można usunąć pliku. Odmowa dostępu. Sprawdź czy dysk nie jest zapełniony lub chroniony przed zapisem oraz czy nie jest aktualnie używany."
Spróbowałam nawet usunąć go przy pomocy programu Killbox (kumpel mówił, ze usuwa wszystko ) A tu zonk:(

[huber2t]

Wyczyść kwarantannę spod progamu Norton, czyli w progarmie norton wyczyść kwarantannę.

Albo zrób tak:

Pobierz Avenger

wklej do niego ten tekst:

Kod: Zaznacz wszystko

Files to delete:
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Shared\QBackup\{6968C973-F85C-4BA6-9132-2835AD79D49C}\{84F651E8-9F4D-4D4F-B440-F86180C7802D}.qbd
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Shared\QBackup\{A97664AB-5891-4815-9B03-6F967ADF2605}\{84CEE44E-7D7D-4DEA-B886-C542E43533D4}.qbd


kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

[andosek]

Najpierw usunęłam ta kwarantannę z Nortona, bo stwierdziłam, że to jest dla mnie prostsze do zrobienia.... wchodząc po kolei do tych plików, już ich nie znalazłam, ale jak zaczęłam skanować antyvirem znów wyszukał mi gdzieś tego trojana. Zastosowałam się więc do Twoich pozostałych rad. Poniżej log z avenger. Na tyle na ile znam angielski: nie ma już tych plików, bo nie odnalazł ścieżki tak?? Mam tylko nadzieję, że nic po drodze nie spieprzyłam

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Shared\QBackup\{6968C973-F85C-4BA6-9132-2835AD79D49C}\{84F651E8-9F4D-4D4F-B440-F86180C7802D}.qbd"
Deletion of file "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Shared\QBackup\{6968C973-F85C-4BA6-9132-2835AD79D49C}\{84F651E8-9F4D-4D4F-B440-F86180C7802D}.qbd" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Shared\QBackup\{A97664AB-5891-4815-9B03-6F967ADF2605}\{84CEE44E-7D7D-4DEA-B886-C542E43533D4}.qbd"
Deletion of file "C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Shared\QBackup\{A97664AB-5891-4815-9B03-6F967ADF2605}\{84CEE44E-7D7D-4DEA-B886-C542E43533D4}.qbd" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.

[huber2t]

avenger miał usunąć te pliki kture byli w kwarantanie, dobrze zrobiłaś, nie martw się, daj raport ze skanowania na forum

[andosek]

ok. dzięki za pocieszenie...mam nadzieję, ze mój laptop przeżyje te wszystkie moje kombinacje;) ale raport z czego?? przed momentem umieściłam Ci ten z C:\avenger.txt

[huber2t]

napisałeas ze przeskanowałas system antywirusem i masz trojany wiec prosze o log z tego skanowania

[andosek]

a więc tak: przeskanowałam wtedy, ale nie doczekałam do raportu( to było po tym jak usunęłam raport kwarantanny z Nortona), tylko przerwałam jak pojawił się znowu ten trojani usunęłam pliki z nim avengerem.
Teraz przeskanowałam jeszcze raz. Oto log: nadal gdzieś tam jest ten trojan



Avira AntiVir Personal
Report file date: 4 maja 2008 10:59

Scanning for 1248213 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Dodatek Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC299592040431

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-26 22:22:16
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-26 22:22:16
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-26 22:22:17
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-26 22:22:17
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 21:13:01
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 2008-04-22 22:22:18
ANTIVIR3.VDF : 7.0.3.243 276992 Bytes 2008-05-02 12:13:18
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-26 22:22:18
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 2008-05-02 12:15:59
AESCN.DLL : 8.1.0.15 119157 Bytes 2008-05-02 12:15:56
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-26 22:22:18
AEPACK.DLL : 8.1.1.4 364918 Bytes 2008-05-02 12:15:55
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-26 22:22:18
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 2008-05-02 12:15:51
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-26 22:22:18
AEGEN.DLL : 8.1.0.18 299381 Bytes 2008-04-26 22:22:18
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-26 22:22:18
AECORE.DLL : 8.1.0.27 168310 Bytes 2008-04-26 22:22:18
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-26 22:22:16
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-26 22:22:16
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-26 22:22:16
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-26 22:22:16
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-26 22:22:16
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-26 22:22:18
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-26 22:22:18
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-26 22:22:17
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-26 22:22:12
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-26 22:22:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 4 maja 2008 10:59

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'winamp.exe' - '1' Module(s) have been scanned
Scan process 'gg.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'neostradatp.exe' - '1' Module(s) have been scanned
Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'OrbTray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'CCSVCHST.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'pthosttr.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'asghost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'CCSVCHST.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
68 processes with 68 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '45' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Odkurzacz\Backup\{84CEE~1.QBD.fdb
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Odkurzacz\Backup\{84CEE~1.QBD.fdb
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[NOTE] The file was moved to '4851822f.qua'!
Begin scan in 'E:\' <HP_RECOVERY>


End of the scan: 4 maja 2008 11:53
Used time: 54:10 min

The scan has been done completely.

5341 Scanning directories
351455 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
351454 Files not concerned
7566 Archives were scanned
2 Warnings
1 Notes