Witam mam “mały” problem ostatnio miałem virusa ,wykrył go kasperski i usunał.Ale pozostałości zostały tzn. nie mogę zainstalować sterowników do napędów.Fakt że nie jestem w tym zbyt biegły.Mam je na płytach ale co z tego z koro nie mogę ich odtworzyć.Będę bardzo wdzięczny za pomoc. z góry wielkie dzieki
Co się dokładniej dzieje?
Daj logi z HiJacka i Silenthuntera w dziale bezpieczeństwo
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:40:26, on 2007-10-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BufferZone\CLNTSVC.EXE C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE C:\Program Files\BufferZone\BZRPCSS.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Motherboard Monitor 5\MBM5.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/webhp?sourceid=navclient&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsj4FB.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file) O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [602PC SUITE PDF Saver] “C:\Program Files\Common Files\soft602\pdfSaver.exe” O4 - HKLM…\Run: [smartDefrag] “C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe” /startup O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [pdfSaver3] “C:\Program Files\PDF\pdfSaver\pdfSaver3.exe” O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download all links using BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol … _en_dl.cab O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\CLNTSVC.EXE O23 - Service: BufferZone DCOM Helper (BZDcomLaunch) - Unknown owner - C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE O23 - Service: BufferZone RPC Helper (BZRpcSs) - Unknown owner - C:\Program Files\BufferZone\BZRPCSS.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: GVAFVFC - Google - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - (no file) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe – End of file - 8038 bytes
// Poprawiłem Twój post - dodałem tagi quote.
Kaka’
Kaka2
(Kaka_117827603)
27 Październik 2007 15:36
#4
Błażej , spokojnie, temat się przeniesie.
polopolo1991 , nie polecam bawić się w moderatora, źle to się może skończyć…
“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “pdfSaver3” = ““C:\Program Files\PDF\pdfSaver\pdfSaver3.exe”” [“Tracker Software Products Ltd.”] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “602PC SUITE PDF Saver” = ““C:\Program Files\Common Files\soft602\pdfSaver.exe”” [null data] “SmartDefrag” = ““C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe” /startup” [null data] “NvMediaCenter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS] “LClock” = “C:\Program Files\LClock\LClock.exe” [null data] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {26E45419-7205-4fac-BBFE-174BC7337A79}(Default) = (no title provided) -> {HKLM…CLSID} = “ads_optimizer” \InProcServer32(Default) = “C:\WINDOWS\system32\nsj4FB.dll” [empty string] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “D:\BitComet\tools\BitCometBHO.dll” [“BitComet”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Notifier BHO” \InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{AD392E40-428C-459F-961E-9B147782D099}” = “UltraISO” -> {HKLM…CLSID} = “UIContextMenu Class” \InProcServer32(Default) = “D:\UltraISO\isoshell.dll” [“EZB Systems, Inc.”] “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” = “PowerISO” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] “{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}” = “SxBzUnknownOverlay” -> {HKLM…CLSID} = “SxUnknownOverlay” \InProcServer32(Default) = “C:\WINDOWS\system32\RlShellExt.dll” [empty string] “{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}” = “SxBzForbiddenOverlay” -> {HKLM…CLSID} = “SxForbiddenOverlay” \InProcServer32(Default) = “C:\WINDOWS\system32\RlShellExt.dll” [empty string] “{F594B094-8768-4632-8143-12852EBBD688}” = “SxBzConfidentialOverlay” -> {HKLM…CLSID} = “SxConfidentialOverlay” \InProcServer32(Default) = “C:\WINDOWS\system32\RlShellExt.dll” [empty string] “{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}” = “SxBzBufferZoneOverlay” -> {HKLM…CLSID} = “SxBufferZoneOverlay” \InProcServer32(Default) = “C:\WINDOWS\system32\RlShellExt.dll” [empty string] “{E2958773-ACDB-4553-A069-A1EEB4AFBA0F}” = “BufferZone context menu” -> {HKLM…CLSID} = “BufferZone context menu” \InProcServer32(Default) = “C:\WINDOWS\system32\RlShellExt.dll” [empty string] “{0561EC90-CE54-4f0c-9C55-E226110A740C}” = “Haali Column Provider” -> {HKLM…CLSID} = “Haali Column Provider” \InProcServer32(Default) = “C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll” [null data] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {0561EC90-CE54-4f0c-9C55-E226110A740C}(Default) = “Haali Column Provider” -> {HKLM…CLSID} = “Haali Column Provider” \InProcServer32(Default) = “C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll” [null data] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Album602Menu(Default) = “{3894E110-F827-11D4-A0C5-00A024384E3A}” -> {HKLM…CLSID} = “602Album Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\soft602\aShell.dll” [“Software602 Inc.”] DAP_Menu(Default) = “{BED4C38B-F765-45AC-8C56-613F76BBF43E}” -> {HKLM…CLSID} = “DAPMenuShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL” [“Speedbit Ltd.”] DAP_ShredMenu(Default) = “{BED4C38B-F765-45AC-8C56-613F76BBF43E}” -> {HKLM…CLSID} = “DAPMenuShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL” [“Speedbit Ltd.”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ DAP_ShredMenu(Default) = “{BED4C38B-F765-45AC-8C56-613F76BBF43E}” -> {HKLM…CLSID} = “DAPMenuShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL” [“Speedbit Ltd.”] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}” -> {HKLM…CLSID} = “UIContextMenu Class” \InProcServer32(Default) = “D:\UltraISO\isoshell.dll” [“EZB Systems, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “C:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}” -> {HKLM…CLSID} = “UIContextMenu Class” \InProcServer32(Default) = “D:\UltraISO\isoshell.dll” [“EZB Systems, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ BufferZone context menu(Default) = “{E2958773-ACDB-4553-A069-A1EEB4AFBA0F}” -> {HKLM…CLSID} = “BufferZone context menu” \InProcServer32(Default) = “C:\WINDOWS\system32\RlShellExt.dll” [empty string] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “LinkResolveIgnoreLinkInfo” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoResolveSearch” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\A\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “A” & “All Users” startup folders: --------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “NETGEAR WPN111 Smart Wizard” -> shortcut to: “C:\Program Files\NETGEAR\WPN111\wpn111.exe” [“NETGEAR”] Enabled Scheduled Tasks: ------------------------ “1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart” [file not found] “RegistrySmart Scheduled Scan” -> launches: “C:\Program Files\RegistrySmart\RegistrySmart.exe scheduled” [file not found] “SmartDefrag” -> launches: “C:\Program Files\IObit\IObit SmartDefrag\schedule.exe “C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe”” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 08, 38 %SystemRoot%\system32\mswsock.dll [MS], 09 - 11, 14 - 37 %SystemRoot%\system32\rsvpsp.dll [MS], 12 - 13 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] “{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}” = (no title provided) -> {HKLM…CLSID} = “StylerToolBar” \InProcServer32(Default) = “C:\Program Files\Styler\TB\StylerTB.dll” [“StyleFantasist”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll ,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BufferZone DCOM Helper, BZDcomLaunch, “C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE” [null data] BufferZone RPC Helper, BZRpcSs, “C:\Program Files\BufferZone\BZRPCSS.EXE” [null data] BufferZone Service, BufferZoneSvc, “C:\Program Files\BufferZone\CLNTSVC.EXE” [empty string] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] ProtexisLicensing, ProtexisLicensing, “C:\WINDOWS\system32\PSIService.exe” [null data] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\system32\UAService7.exe” [“Sony DADC Austria AG.”] Usługa Pomocnik IPv6, 6to4, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\6to4svc.dll” [MS]} Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ““C:\Program Files\Windows Media Player\WMPNetwk.exe”” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ PDF-XChange\Driver = “C:\WINDOWS\system32\pxc25pm.dll” [“Tracker Software”] ---------- (launch time: 2007-10-27 16:54:42) <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 19 seconds. ---------- (total run time: 56 seconds)
// Poprawiłem Twój post - dodałem tagi quote.
Kaka’
Złączono Posta : 27.10.2007 (Sob) 17:46
Ja za laik jestem
Złączono Posta: 27.10.2007 (Sob) 17:47 Złączono Posta: 27.10.2007 (Sob) 17:59 silent runner czy silenthunter bo zgłupiałem :? Złączono Posta: 27.10.2007 (Sob) 18:32 ComboFix 07-10-26.4 - A 2007-10-27 18:20:04.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.572 [GMT 2:00] Running from: D:\base\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\nsj4FB.dll . ((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))) . 2007-10-27 18:09 2007-10-27 16:52 2007-10-27 16:14 2007-10-25 11:11 2007-10-25 11:10 2007-10-23 12:18 2007-10-23 12:15 2007-10-22 13:16 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-10-22 13:16 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-10-22 13:16 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-14 08:11 2007-10-14 08:11 2007-10-13 12:25 2007-10-12 12:24 185,824 --a------ C:\WINDOWS\system32\afe6.sys 2007-10-12 12:19 185,824 --a------ C:\WINDOWS\system32\dcb1F.sys 2007-10-11 13:05 2007-10-11 11:01 2007-10-10 15:53 582,656 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-09 17:57 2007-10-09 17:38 2007-10-09 16:23 2007-10-08 16:35 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys 2007-10-08 16:35 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys 2007-10-08 11:00 2007-10-04 08:42 2007-10-04 08:42 2007-10-03 13:04 4,096 --a------ C:\WINDOWS\d3dx.dat 2007-10-03 13:01 2007-10-03 11:51 2007-10-03 09:43 2007-10-03 08:13 2007-10-03 00:11 2007-10-02 21:29 2007-10-02 15:28 2007-10-02 15:28 2007-10-02 15:28 2007-10-02 15:28 2007-10-02 15:28 2007-10-02 15:28 2007-10-02 15:28 2007-10-01 20:18 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-01 19:36 2007-10-01 19:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-10-01 18:50 2007-10-01 17:29 2007-10-01 17:03 2007-09-27 21:12 17 --a------ C:\WINDOWS\popcinfo.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-27 08:59 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-10-25 09:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-25 08:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-10-25 08:16 --------- d-----w C:\Program Files\Winamp 2007-10-24 14:57 79,877 ----a-w C:\WINDOWS\system32\adssite-remove.exe 2007-10-22 10:41 --------- d-----w C:\Program Files\VisualTooltip 2007-10-22 10:35 --------- d-----w C:\Program Files\Odkurzacz 2007-10-12 10:58 --------- d-----w C:\Documents and Settings\A\Dane aplikacji\LimeWire 2007-10-08 15:28 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-02 14:09 504,832 ----a-w C:\WINDOWS\system32\winlogon.exe 2007-10-02 14:06 --------- d-----w C:\Program Files\lg_fwupdate 2007-10-01 17:05 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe 2007-09-27 19:23 --------- d-----w C:\Program Files\Share_Accelerator_MM 2007-09-25 16:56 --------- d-----w C:\Documents and Settings\A\Dane aplikacji\n-Track Studio5 2007-09-22 05:05 122,880 ----a-w C:\WINDOWS\system32\UAService7.exe 2007-09-20 21:21 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-09-20 20:08 --------- d-----w C:\Program Files\Burn4Free 2007-09-20 16:39 --------- d-----w C:\Program Files\Common Files\Real 2007-09-20 16:11 --------- d-----w C:\Program Files\Zapu 2007-09-20 16:11 --------- d-----w C:\Documents and Settings\A\Dane aplikacji\Bioshock 2007-09-20 16:10 --------- d-----w C:\Program Files\3wPlayer 2007-09-20 16:10 --------- d-----w C:\Documents and Settings\A\Dane aplikacji\GetRightToGo 2007-09-20 16:09 --------- d-----w C:\Program Files\Jeskola Buzz 2007-09-20 16:09 --------- d-----w C:\Program Files\Buzz 2007-09-19 00:44 --------- d-----w C:\Program Files\Power Tab Software 2007-09-18 07:46 --------- d-----w C:\Program Files\Tacmi 2007-09-18 07:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nabocorp 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-20 06:40 52,736 ----a-w C:\WINDOWS\ipuninst.exe 2007-08-07 11:14 24,576 ----a-w C:\WINDOWS\MadUnInst.exe 2007-08-06 13:20 679,936 ----a-w C:\WINDOWS\system32\libeay32.dll 2007-08-06 13:20 147,456 ----a-w C:\WINDOWS\system32\ssleay32.dll 2007-07-31 17:19 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-05-22 18:03 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RTHDCPL”=“RTHDCPL.EXE” [2006-07-21 10:56 C:\WINDOWS\RTHDCPL.exe] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 12:22] “602PC SUITE PDF Saver”=“C:\Program Files\Common Files\soft602\pdfSaver.exe” [2005-11-14 08:21] “SmartDefrag”=“C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe” [2007-07-27 21:39] “NvMediaCenter”=“NvMCTray.dll” [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll] “LClock”=“C:\Program Files\LClock\LClock.exe” [2004-09-20 01:27] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-10-22 13:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00] “pdfSaver3”=“C:\Program Files\PDF\pdfSaver\pdfSaver3.exe” [2004-05-19 14:29] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-08-03 19:08] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26] NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2007-05-12 11:27:52] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveSearch”=1 (0x1) R0 ndisrd;ndisrd;C:\WINDOWS\system32\drivers\ndisrd.sys R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys R1 ISODrive;ISO DVD/CD-ROM Device Driver;??\D:\UltraISO\drivers\ISODrive.sys R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;??\C:\WINDOWS\system32\DNINDIS5.SYS R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys S3 afe6;afe6;??\C:\WINDOWS\system32\afe6.sys S3 dcb1F;dcb1F;??\C:\WINDOWS\system32\dcb1F.sys . Contents of the ‘Scheduled Tasks’ folder “2007-10-26 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe “2007-10-08 01:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job” - C:\Program Files\RegistrySmart\RegistrySmart.exe “2007-10-27 16:23:01 C:\WINDOWS\Tasks\SmartDefrag.job” - C:\Program Files\IObit\IObit SmartDefrag\schedule.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-27 18:23:09 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-27 18:23:32 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-10-02 14:02 C:\ComboFix2.txt … 2007-10-02 15:19 C:\ComboFix3.txt … 2007-10-02 15:31 . — E O F —
Złączono Posta : 27.10.2007 (Sob) 18:56
Problem sie zaczoł gdy po odpaleniu kompa pojawilsię komunikat że nie można odnależć modułu (nie jestem pewien pisowni)rotate.dll. Potem bardzo zamulił wiec go potraktowałem Combofixem.Odmulił ale zgubił sterowniki do wszystkich napędów[kod(39)].za cholerkę nie mogę ich zainstalować.
Mam je na płycie ale co z tego…
jessica
(jessica)
27 Październik 2007 19:42
#6
*rotate* to składnik jednej z infekcji, część tej infekcji jeszcze widać w logu ComboFixa.
Wklej do Notatnika :
File::
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\afe6.sys
C:\WINDOWS\system32\dcb1F.sys
Driver::
afe6
dcb1F
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
jessi
jessica
(jessica)
28 Październik 2007 08:07
#8
Nie napisałeś, czy sytuacja się poprawiła?
Co jest w tym powyższym folderze?
Prawdopodobnie jakieś pliki multimedialne.
Trochę mnie niepokoi ten powyższy wpis - dlaczego “winlogon.exe” pojawił się w logu?
Czyżby wtedy coś się do niego “przykleiło”?
Na wszelki wypadek użyj -->SDFix
Uwaga: Da się go uruchomić tylko w Trybie Awaryjnym .
Pokaż Report.txt znajdujący się w folderze SDFix.
Instrukcja obsługi: Dwuklik na SDFix.exe, program wypakuje się na C:\SDFix (standardowo) Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed startem Windowsa) Wejdź do folderu z SDFix, dwuklik na plik RunThis.bat Wciśnij Y, nastąpi proces usuwania. Kiedy usuwanie się ukończy, wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera. Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania. Kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie. Pokaż Report.txt znajdujący się w folderze SDFix.
Zajrzyj tu -->http://www.cdrinfo.pl/cdr/artykuly/aspi/aspi.php .
To chyba ma związek z Twoim problemem.
jessi
SDFix: Version 1.112
Run by Administrator on 2007-10-28 at 09:34
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting…
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files…
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“D:\BitComet\BitComet.exe”=“D:\BitComet\BitComet.exe:*:Enabled:BitComet”
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
Files with Hidden Attributes:
Sat 6 Oct 2007 88 …SHR — “C:\WINDOWS\system32\458B9DE923.sys”
Sat 6 Oct 2007 900 A.SH. — “C:\WINDOWS\system32\KGyGaAvL.sys”
Thu 17 May 2007 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak”
Tue 23 Oct 2007 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp”
Finished!
jessica
(jessica)
28 Październik 2007 09:02
#10
SDFix niczego nie wykrył.
Tak więc Twój problem raczej nie ma żadnego związku z wirusami.
jessi
Złączono Posta : 28.10.2007 (Nie) 12:16
Sorki nie zauważyłem pytania znalazłem tam to: 793CFFC9A72F431D9C742E9…C:\WINDOWS\addins 793CFFC9A72F431D9C742E9…C:\WINDOWS\addins\793CFF… po otwarciu : WiseCustomCalla1.dll WiseCustomCalla2.dll WiseCustomCalla.dll wiseData po otwarciu ostatniego takie “coś”: [Property] ^Disk^Prompt=[ProductName] [1] ^Primary^Volume^Space^Remaining=0 ^Primary^Volume^Space^Required=0 ^Primary^Volume^Space^Available=0 ^Out^Of^No^Rb^Disk^Space=0 ^Out^Of^Disk^Space=0 ^Upgrade^Code={ED8E3CFF-D8FD-4F2D-BA28-D10721422C43} ^Install^Mode=Complete ^Costing^Complete=1 ^Product^Code={793CFFC9-A72F-431D-9C74-2E9361E67D04} ^Buffer^Zone=C:\Documents and Settings\All Users\Menu Start\Programy\BufferZone\ ^Product^Name=BufferZone ^Product^Version=2.50.42 ^Manufacturer=Trustware ^Reinstall^File^Older^Version=o ^Reinstall^Repair=r ^Error^Dialog=ErrorDialog ^Secure^Custom^Properties=INSTALLDIR;BZRELEASE;BZINIT;BZVERTYPE;BZVERSION;BZSERVER;BZPIDKEY;UPGRADINGPRODUCTCODE ^Accept=No ^C^H^K_^W^E^B=1 ^B^Z^C^O^M^P3=. ^Product^I^D=12345 ^Product^Language=1033 ^Application^Users=AllUsers ^Reinstall^File^Version=o ^P^I^D^Template=12345<###- %%%%%%%>@@@@@ ^B^Z^C^O^M^P=. ^P^A^L^M^U^S^E^R^S=0 ^Wise^Init^Lang^Default=English,1033 ^Wise^Init^Suffix=Wizard… ^B^Z^I^N^I^T=SECUREDEMULE.EXE ^B^Z^P^I^D^C^H^E^C^K=FALSE _^Wise^Dialog^Title^Font^Default={\MS_Sans_Serif_81} ^A^L^L^U^S^E^R^S=1 ^Wise^Init^Prefix=Initializing _^Wise^Dialog^Font^Default={\MS_Sans_Serif_80} ^Regsvr32=[systemFolder]\regsvr32.exe ^Maintenance^Mode=Modify ^Eyal^File^Exists=-1 ^A^P^P^S_^T^E^S^T=1 ^Wise^C^R^L^F= _^Wise^Dialog^Suffix=Setup ^B^Z^V^E^R^S^I^O^N=2.50-42 ^Wise^Init^Admin^Error=You must have administrator rights to run this installation. Please login as an administrator and re-run this installation. ^B^Z^R^E^L^E^A^S^E=BufferZone for P2P ^A^R^P^U^R^L^I^N^F^O^A^B^O^U^T=www.trustware.com ^Wise^Init^Space^Error=Could not create temporary file, not enough free temporary disk space. Please free up disk space and rerun this installation. _^Wise^Debug^Mode=0 ^Default^U^I^Font=Arial10 ^I^N^S^T^A^L^L^L^E^V^E^L=3 ^Action90=http://www.trustware.com/products.php ^S^H^O^R^T^C^U^T^P^A^T^H=msiexec.exe ^A^R^P^N^O^M^O^D^I^F^Y=1 ^Msi^Hidden^Properties=WISE_SQL_CONN_STR ^Action5=BufferZoneBufferZone protection is being removed. The virtual files were left in C:\Virtual for your convenience.0 ^Action10=BufferZone upgradeBufferZone has been upgraded to a new version. ^B^Z^C^O^M^P2=. ^Eyal^Upgrade^Avoid^Reboot=0 ^B^Z^C^O^M^P1=. ^Wise^Init^Exist^Error=%s Version %s is already installed. You must uninstall the existing version before installing %s Version %s. Do you want to uninstall the existing version of %s? ^B^Z^C^O^M^P4=. ^B^Z^P^I^D^Template=<^^^^-^^^^-^^^^-^^^^> ^B^Z^A^I^D=100 ^B^Z^S^E^R^V^E^R=. ^B^Z^C^O^M^P5=. ^B^Z^V^E^R^T^Y^P^E=4 ^B^Z^C^O^M^P6=. ^W^I^S^E^D^E^L^A^Y^E^D^R^E^B^O^O^T=1 ^Release^Name=Professional ^T^A^R^G^E^T^D^I^R=E:\ ^Profiles^Folder=C:\WINDOWS\ ^Send^To^Folder=C:\Documents and Settings\Administrator\SendTo\ ^Windows^Folder=C:\WINDOWS\ ^Temp^Folder=C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\ ^Start^Menu^Folder=C:\Documents and Settings\All Users\Menu Start\ ^Program^Menu^Folder=C:\Documents and Settings\All Users\Menu Start\Programy\ ^Common^App^Data^Folder=C:\Documents and Settings\All Users\Dane aplikacji\ ^My^Pictures^Folder=C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy\ ^Startup^Folder=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ ^Program^Files^Folder=C:\Program Files\ ^I^N^S^T^A^L^L^D^I^R3=C:\Program Files\ ^Desktop^Folder=C:\Documents and Settings\All Users\Pulpit\ ^Product^Name1=C:\Documents and Settings\All Users\Menu Start\Programy[ProductName]\ ^Fonts^Folder=C:\WINDOWS\Fonts\ ^Program_^Files=C:\Program Files\Program Files\ ^W^W^W^R^O^O^T=E:\ ^System16^Folder=C:\WINDOWS\system\ ^System^Folder=C:\WINDOWS\system32\ ^I^N^S^T^A^L^L^D^I^R8=C:\Program Files\Program Files\BufferZone\ ^Recent^Folder=C:\Documents and Settings\Administrator\Recent\ ^I^N^S^T^A^L^L^D^I^R4=C:\Program Files[installDir]\ ^G^A^C=E:\ ^Net^Hood^Folder=C:\Documents and Settings\Administrator\NetHood\ ^Template^Folder=C:\Documents and Settings\All Users\Szablony\ ^Win^Sx^S=C:\WINDOWS\ ^I^N^S^T^A^L^L^D^I^R=C:\Program Files\BufferZone\ ^Program_^Files6=C:\Program Files\Program Files\BufferZone\Program Files\ ^Product^Name17=C:\Program Files\Program Files\BufferZone\Program Files[ProductName]\ ^Favorites^Folder=C:\Documents and Settings\Administrator\Ulubione\ ^Personal^Folder=C:\Documents and Settings\Administrator\Moje dokumenty\ ^Common^Files^Folder=C:\Program Files\Common Files\ drivers=C:\WINDOWS\system32\drivers\ ^Local^App^Data^Folder=C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ ^Admin^Tools^Folder=C:\Documents and Settings\All Users\Menu Start\Programy\Narzędzia administracyjne\ ^App^Data^Folder=C:\Documents and Settings\Administrator\Dane aplikacji\ ^Print^Hood^Folder=C:\Documents and Settings\Administrator\PrintHood\ ^U^S^E^R^N^A^M^E=A ^Installed=2007/08/06 15:22:44 ^A^R^P^I^N^S^T^A^L^L^L^O^C^A^T^I^O^N=C:\Program Files\BufferZone\ ^R^O^O^T^D^R^I^V^E=E:\ ^A^C^T^I^O^N=INSTALL ^Preselected=1 ^U^I^Level=3 ^Original^Database=C:\WINDOWS\Installer\7b21c2.msi ^D^A^T^A^B^A^S^E=C:\WINDOWS\Installer\7b21c2.msi ^Privileged=1 ^Redirected^Dll^Support=2 ^Msi^Win32^Assembly^Support=5.1.2600.3019 ^Msi^Net^Assembly^Support=2.0.50727.42 ^Date=2007-10-27 ^Time=18:09:26 ^T^T^C^Support=1 ^Color^Bits=32 ^Text^Height=16 ^Border^Side=1 ^Border^Top=1 ^Caption^Height=19 ^Screen^Y=600 ^Screen^X=800 ^System^Language^I^D=1045 ^Computer^Name=MAC ^User^Language^I^D=1045 ^User^S^I^D=S-1-5-21-842925246-1220945662-725345543-500 ^Logon^User=Administrator ^Admin^User=1 ^Virtual^Memory=2372 ^Physical^Memory=1023 ^Intel=6 ^Shell^Advt^Support=1 ^O^L^E^Advt^Support=1 ^G^P^T^Support=1 ^Remote^Admin^T^S=1 ^Windows^Volume=C:\ ^Msi^N^T^Suite^Personal=1 ^Msi^N^T^Product^Type=1 ^Service^Pack^Level^Minor=0 ^Service^Pack^Level=2 ^Windows^Build=2600 ^Version^N^T=501 ^Version^Msi=3.01 ^Version^Database=200 ^P^R^O^D^U^C^T^L^A^N^G^U^A^G^E=1033 ^C^L^I^E^N^T^P^R^O^C^E^S^S^I^D=256 ^C^L^I^E^N^T^U^I^L^E^V^E^L=2 ^C^U^R^R^E^N^T^D^I^R^E^C^T^O^R^Y=C:\Documents and Settings\Administrator ^R^E^M^O^V^E=ALL ^Product^To^Be^Registered=1 ^Product^State=5 ^Package^Code={0461F2D2-447D-4DFB-8618-52D7E06D47C3} The new version will start upon next restart.0 [Directory] BufferZone=C:\Documents and Settings\All Users\Menu Start\Programy\BufferZone\ TARGETDIR=E:\ ProfilesFolder=C:\WINDOWS\ SendToFolder=C:\Documents and Settings\Administrator\SendTo\ WindowsFolder=C:\WINDOWS\ TempFolder=C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\ StartMenuFolder=C:\Documents and Settings\All Users\Menu Start\ ProgramMenuFolder=C:\Documents and Settings\All Users\Menu Start\Programy\ CommonAppDataFolder=C:\Documents and Settings\All Users\Dane aplikacji\ MyPicturesFolder=C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy\ StartupFolder=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ ProgramFilesFolder=C:\Program Files\ INSTALLDIR3=C:\Program Files\ DesktopFolder=C:\Documents and Settings\All Users\Pulpit\ ProductName1=C:\Documents and Settings\All Users\Menu Start\Programy[ProductName]\ FontsFolder=C:\WINDOWS\Fonts\ Program_Files=C:\Program Files\Program Files\ WWWROOT=E:\ System16Folder=C:\WINDOWS\system\ SystemFolder=C:\WINDOWS\system32\ INSTALLDIR8=C:\Program Files\Program Files\BufferZone\ RecentFolder=C:\Documents and Settings\Administrator\Recent\ INSTALLDIR4=C:\Program Files[installDir]\ GAC=E:\ NetHoodFolder=C:\Documents and Settings\Administrator\NetHood\ TemplateFolder=C:\Documents and Settings\All Users\Szablony\ WinSxS=C:\WINDOWS\ INSTALLDIR=C:\Program Files\BufferZone\ Program_Files6=C:\Program Files\Program Files\BufferZone\Program Files\ ProductName17=C:\Program Files\Program Files\BufferZone\Program Files[ProductName]\ FavoritesFolder=C:\Documents and Settings\Administrator\Ulubione\ PersonalFolder=C:\Documents and Settings\Administrator\Moje dokumenty\ CommonFilesFolder=C:\Program Files\Common Files\ drivers=C:\WINDOWS\system32\drivers\ LocalAppDataFolder=C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ AdminToolsFolder=C:\Documents and Settings\All Users\Menu Start\Programy\Narzędzia administracyjne\ AppDataFolder=C:\Documents and Settings\Administrator\Dane aplikacji\ PrintHoodFolder=C:\Documents and Settings\Administrator\PrintHood\
Złączono Posta : 28.10.2007 (Nie) 12:18
jessica
(jessica)
29 Październik 2007 10:56
#12
Ten folder raczej jest OK.
jessi