Ok, I've got the trace. The result is not so nice for you as I;ve discovered, taht your system is infected by a fake antivirus malware.
You should clean up your system first... Symantec does not a good job here.
Code: Select all
109485 23:56:02,1143247 salamand.exe 4284 CreateFile C:\Program Files\Altap Salamander\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109486 23:56:02,1144055 salamand.exe 4284 QueryNameInformationFile C:\Windows\System32 SUCCESS Name: \Windows\System32
109487 23:56:02,1144359 salamand.exe 4284 QueryNameInformationFile C:\Windows\System32 SUCCESS Name: \Windows\System32
109488 23:56:02,1145159 salamand.exe 4284 QueryNameInformationFile C:\Windows\System32 SUCCESS Name: \Windows\System32
109489 23:56:02,1145480 salamand.exe 4284 QueryNameInformationFile C:\Windows\System32 SUCCESS Name: \Windows\System32
109490 23:56:02,1145839 salamand.exe 4284 QueryNameInformationFile C:\Windows\System32 SUCCESS Name: \Windows\System32
109491 23:56:02,1146436 salamand.exe 4284 CreateFile C:\Windows\System32\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109492 23:56:02,1147956 salamand.exe 4284 CreateFile C:\Windows\system32\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109493 23:56:02,1149411 salamand.exe 4284 CreateFile C:\Windows\system\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109494 23:56:02,1151339 salamand.exe 4284 CreateFile C:\Windows\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109495 23:56:02,1153230 salamand.exe 4284 CreateFile C:\Windows\system32\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109496 23:56:02,1155115 salamand.exe 4284 CreateFile C:\Windows\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109497 23:56:02,1156886 salamand.exe 4284 CreateFile C:\Windows\System32\Wbem\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109498 23:56:02,1158612 salamand.exe 4284 CreateFile C:\Program Files\WIDCOMM\Bluetooth Software\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109499 23:56:02,1160381 salamand.exe 4284 CreateFile C:\Program Files\Citrix\system32\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109500 23:56:02,1162290 salamand.exe 4284 CreateFile C:\Program Files\Aastra\Solidus eCare\Applications\Bin\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109501 23:56:02,1164298 salamand.exe 4284 CreateFile C:\Program Files\Common Files\EricssonShare\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109502 23:56:02,1165791 salamand.exe 4284 CreateFile C:\Program Files\Common Files\EricssonShare\NextCCShare\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109503 23:56:02,1167238 salamand.exe 4284 CreateFile C:\Program Files\Aastra\Solidus eCare\ScriptManager\Bin\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109504 23:56:02,1168625 salamand.exe 4284 CreateFile C:\Program Files\Aastra\Solidus eCare\ScriptManager\Bin\ThirdParty\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109505 23:56:02,1169976 salamand.exe 4284 CreateFile C:\NDI\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109506 23:56:02,1171391 salamand.exe 4284 CreateFile C:\Windows\system32\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109507 23:56:02,1172729 salamand.exe 4284 CreateFile C:\Windows\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109508 23:56:02,1174293 salamand.exe 4284 CreateFile C:\Windows\System32\Wbem\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109509 23:56:02,1175687 salamand.exe 4284 CreateFile C:\Program Files\WIDCOMM\Bluetooth Software\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109510 23:56:02,1176990 salamand.exe 4284 CreateFile C:\Program Files\Citrix\system32\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109511 23:56:02,1178435 salamand.exe 4284 CreateFile C:\Program Files\Aastra\Solidus eCare\Applications\Bin\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109512 23:56:02,1179809 salamand.exe 4284 CreateFile C:\Program Files\Common Files\EricssonShare\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109513 23:56:02,1181157 salamand.exe 4284 CreateFile C:\Program Files\Common Files\EricssonShare\NextCCShare\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109514 23:56:02,1182657 salamand.exe 4284 CreateFile C:\Program Files\Aastra\Solidus eCare\ScriptManager\Bin\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109515 23:56:02,1184209 salamand.exe 4284 CreateFile C:\Program Files\Aastra\Solidus eCare\ScriptManager\Bin\ThirdParty\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109516 23:56:02,1185558 salamand.exe 4284 CreateFile C:\NDI\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109517 23:56:02,1186710 salamand.exe 4284 CreateFile C:\windows\system32\cmd.exe\ \K.exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
109518 23:56:02,1188301 salamand.exe 4284 CreateFile C:\Program Files\Altap Salamander\ \K "\".exe PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
There are only TWO places where Salamander is searching and invoking the cmd.exe
Both fail attmpts fail with PATH NOT FOUND.
Problem is, that the malware is modifying the path so it is allways started as a main executable and then it runs the desired application as its parameter. In case of Salamander this fails as Salamander starts the cmd directly and not using explorers API.
So, clean up your system AND I recommend to change all your passwords. Mail, websites, this forum, everything.
Oh an there is one more thing. Your registry does not contain the following registry key:
Copy and paste this to a text file, rename it to cmd.reg and import it to your system. (dont forget to enable the displaying of file extension so you don't end with cmd.reg.txt)