[antywirus] Problem z instalacją antywirusa
#1
Napisano 08 12 2007 - 19:18
Błąd podczas zapisu do pliku: C:\Program Files\ESET\ESET NOD32 Antivirus\ekm.exe. Sprawdź czy masz odpowiednie uprawnienia dostępu do tego folderu.
to samo dzieje sie przy instalacji programu Kaspersky.
W przypadku Avasta I MKS vir instalacja przebiega poprawnie ale po ponownym uruchomieniu komputera ikona na pulpicie wygląda tak i gdy próbuja uruchomić program wyświetla sie komunikat:
Brak skrótu. Element ashAvast.exe do którego odwołuje sie ten skrót został zmieniony lub przeniesiony i dlatego skrót ten nie ędzie działał poprawnie.
#2
Napisano 08 12 2007 - 20:14
Może trzeba zresetować uprawnienia do katalogu c:\Program Files przy okazji właczając dziedziczenie w dół ...
Przy okazji - jaki masz system ?
#3
Napisano 08 12 2007 - 21:22
#4
Napisano 08 12 2007 - 22:55
mam windowsa xp home edition 2002 sp2 i wszystko było dobrze dopuki nie odinstalowałem antywirusa Nortona 2006 i jego wszystkich składnikówA masz te uprawnienia odpowiednie ?
Może trzeba zresetować uprawnienia do katalogu c:\Program Files przy okazji właczając dziedziczenie w dół ...
Przy okazji - jaki masz system ?
nie robiłem tego jeszczeDaj log z HJT
#5
Napisano 08 12 2007 - 23:07
mam windowsa xp home edition 2002 sp2 i wszystko było dobrze dopuki nie odinstalowałem antywirusa Nortona 2006 i jego wszystkich składników
Stawiam na uprawnienia. Wystartuj system w trybie awaryjnym, zaloguj sie na konto administratora (lub inne z uprawnieniami administracyjnymi), klepnij prawym klawiszem na folder Program files i tam będzie zakładka Zabezpieczenia. Ustaw sobie, grupie Administratorzy i uzytkownikowi System pełne uprawnienia. Zatwierdź. Potem wejdź ponownie w to okno i tam jest przycisk Zaawansowane - kliknij go i w oknie, które się pojawi na zakładce Uprawnienia postaw ptaszka przy pozycji "Zmień wpisy uprawnienia na wszystkich obiekach podrzędnych ... " Zatwierdź. Wystartuj w trybie normalnym i próbuj ponownie.
nie robiłem tego jeszcze
Zajrzyj -> /index.php?showtopic=5072
#6
Napisano 09 12 2007 - 11:48
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:48, on 2007-12-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: (no name) - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - (no file) O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url="http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab"]http://www.kaspersky...can_unicode.cab[/url] O16 - DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} (AcqVPlayer Control) - [url="http://219.105.35.37/player/AcqVPlayerX_2_0_0_5.cab"]http://219.105.35.37...erX_2_0_0_5.cab[/url] O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [url="http://www.eset.eu/buxus/docs/OnlineScanner.cab"]http://www.eset.eu/b...lineScanner.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190719447421"]http://www.update.mi...b?1190719447421[/url] O16 - DPF: {9FF9F9C8-9E31-4311-8821-E22AF6B4E4CF} (AcqLPlayer Control) - [url="http://219.105.35.37/player/AcqLPlayerX_2_0_0_1.cab"]http://219.105.35.37...erX_2_0_0_1.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{D5AEB810-1886-4E1D-B846-F187EE229541}: NameServer = 10.0.0.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{E8299EBA-5B4A-4BCA-B16A-E62D2DA956D0}: NameServer = 213.241.79.37 83.238.255.76 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Użytkownik pawel315 edytował ten post 05 01 2013 - 17:57
#7
Napisano 09 12 2007 - 12:27
Po przeczyszczeniu logi - Hijacka i Combofixa pokaż.
#8
Napisano 09 12 2007 - 13:37
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45:46, on 2007-12-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url="http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab"]http://www.kaspersky...can_unicode.cab[/url] O16 - DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} (AcqVPlayer Control) - [url="http://219.105.35.37/player/AcqVPlayerX_2_0_0_5.cab"]http://219.105.35.37...erX_2_0_0_5.cab[/url] O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [url="http://www.eset.eu/buxus/docs/OnlineScanner.cab"]http://www.eset.eu/b...lineScanner.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190719447421"]http://www.update.mi...b?1190719447421[/url] O16 - DPF: {9FF9F9C8-9E31-4311-8821-E22AF6B4E4CF} (AcqLPlayer Control) - [url="http://219.105.35.37/player/AcqLPlayerX_2_0_0_1.cab"]http://219.105.35.37...erX_2_0_0_1.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{D5AEB810-1886-4E1D-B846-F187EE229541}: NameServer = 10.0.0.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5889 bytes ________________________________________________________________________________ ________________________________________________________________ ComboFix 07-12-09.1 - PC 2007-12-09 12:39:43.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.729 [GMT 1:00] Running from: C:\Documents and Settings\PC\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\hidr.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA -------\srosa ((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))) . 2007-12-09 12:32 . 2007-12-09 12:32 1,242 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-09 10:55 . 2007-12-09 10:55 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-08 15:49 . 2007-12-08 15:49 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-08 14:05 . 2007-12-08 14:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-08 14:05 . 2007-12-08 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2007-12-08 13:39 . 2007-12-08 13:59 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2007-12-08 13:35 . 2007-02-28 17:04 2,137,600 --a------ C:\WINDOWS\system32\ntoskrnl.exe 2007-12-08 13:35 . 2007-02-28 17:04 2,137,600 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2007-12-07 17:20 . 2007-12-07 17:20 <DIR> d-------- C:\Program Files\SGJ 2007-12-07 17:20 . 2006-03-03 11:02 1,680,896 --a------ C:\WINDOWS\system32\vcl100.bpl 2007-12-07 17:20 . 2006-03-03 11:02 843,264 --a------ C:\WINDOWS\system32\rtl100.bpl 2007-12-07 17:20 . 2007-12-07 17:20 27 --a------ C:\WINDOWS\XTweaker.INI 2007-12-06 22:26 . 2007-12-06 22:26 <DIR> d-------- C:\Program Files\Windows Defender 2007-12-06 13:34 . 2007-12-06 13:34 <DIR> d-------- C:\Program Files\Thomson 2007-12-06 12:54 . 2004-06-11 04:14 396,800 -ra------ C:\WINDOWS\system32\NvRaidWizard.dll 2007-12-06 12:54 . 2004-06-11 04:15 244,224 -ra------ C:\WINDOWS\system32\NvRaidMan.exe 2007-12-06 12:54 . 2004-06-18 07:57 172,032 -ra------ C:\WINDOWS\system32\nvuide.exe 2007-12-06 12:54 . 2004-06-11 04:15 83,968 -ra------ C:\WINDOWS\system32\nvraidservice.exe 2007-12-06 12:54 . 2004-06-11 04:14 74,240 -ra------ C:\WINDOWS\system32\NvRaidWizardEnu.dll 2007-12-06 12:54 . 2004-06-03 03:40 68,224 -ra------ C:\WINDOWS\system32\drivers\nvraid.sys 2007-12-06 12:54 . 2004-06-11 04:14 20,480 -ra------ C:\WINDOWS\system32\NvRaidEnu.dll 2007-12-06 12:54 . 2004-06-03 03:40 18,432 --a------ C:\WINDOWS\system32\nvraidco.dll 2007-12-06 12:54 . 2004-06-11 04:15 6,144 -ra------ C:\WINDOWS\system32\NvRaidSvEnu.dll 2007-12-06 12:54 . 2004-06-17 19:30 464 -ra------ C:\WINDOWS\system32\nvide.nvu 2007-12-06 12:53 . 2004-06-03 03:40 294,400 -ra------ C:\WINDOWS\system32\idecoi.dll 2007-12-06 12:53 . 2004-06-03 03:40 79,360 -ra------ C:\WINDOWS\system32\drivers\nvatabus.sys 2007-12-06 12:53 . 2005-06-20 14:42 77,824 -ra------ C:\WINDOWS\SET2C.tmp 2007-12-06 12:52 . 2007-12-06 12:52 <DIR> d-------- C:\Program Files\Realtek AC97 2007-12-06 12:52 . 2001-07-05 17:19 164 -r------- C:\WINDOWS\avrack.ini 2007-12-06 12:51 . 2007-12-06 12:51 <DIR> d-------- C:\Program Files\AMD 2007-12-06 12:51 . 2005-03-09 15:53 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys 2007-12-06 12:44 . 2007-12-06 12:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-06 12:26 . 2004-12-14 16:55 9,472 -ra------ C:\WINDOWS\system32\drivers\EIO.sys 2007-12-05 17:57 . 2007-12-08 16:05 139,296 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-05 17:57 . 2007-12-08 16:05 4,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-05 17:57 . 2007-12-08 16:05 3,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-05 17:57 . 2007-12-08 16:05 1,412 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-05 17:56 . 2007-12-05 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2007-12-05 17:36 . 2007-12-05 17:36 <DIR> d-------- C:\Program Files\Alwil Software 2007-12-04 17:53 . 2007-12-05 18:10 <DIR> d-------- C:\Program Files\WinPcap 2007-12-04 17:52 . 2007-12-07 19:48 <DIR> d-------- C:\Program Files\WMR11 2007-12-04 17:42 . 2007-12-04 17:43 <DIR> d-------- C:\Program Files\Play65 2007-12-04 17:30 . 2007-12-04 17:30 <DIR> d-------- C:\Program Files\BlueSprite 2007-12-04 17:30 . 2001-01-14 02:16 176,128 --a------ C:\WINDOWS\system32\lame_dshow.ax 2007-12-04 17:30 . 2003-02-03 01:45 106,496 --a------ C:\WINDOWS\system32\FileDump.ax 2007-12-04 17:30 . 2003-02-03 01:45 73,728 --a------ C:\WINDOWS\system32\wavdest.ax 2007-12-04 17:29 . 2007-12-04 17:29 <DIR> d-------- C:\Documents and Settings\PC\WINDOWS 2007-12-04 17:29 . 1998-10-01 15:22 299,520 --a------ C:\WINDOWS\uninst.exe 2007-12-03 11:21 . 2007-12-03 11:51 249,856 --------- C:\WINDOWS\Setup1.exe 2007-12-03 11:21 . 2007-12-03 11:51 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-12-02 22:17 . 2007-12-02 22:17 <DIR> d-------- C:\Program Files\MarBit 2007-11-27 14:39 . 2007-11-27 14:39 0 --ah----- C:\WINDOWS\83914241 2007-11-27 11:25 . 2007-11-27 11:25 <DIR> d-------- C:\WINDOWS\Sun 2007-11-27 11:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-27 11:23 . 2007-11-27 11:24 <DIR> d-------- C:\Program Files\Java 2007-11-27 11:20 . 2007-11-27 11:20 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-27 10:31 . 2007-11-27 10:31 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-11-25 21:57 . 2003-12-22 08:20 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-11-24 17:19 . 2004-12-11 18:00 13,866 --a------ C:\Program Files\data.dat 2007-11-24 16:02 . 2007-11-24 16:02 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-11-21 22:06 . 2007-11-21 22:07 <DIR> d-------- C:\Program Files\NewLive All Media To Mp3 Converter 2007-11-21 22:00 . 2003-05-12 20:25 503,808 --a------ C:\WINDOWS\system32\mpeg2dmx.ax 2007-11-21 22:00 . 2001-08-18 20:00 262,144 --a------ C:\WINDOWS\system32\mpg4ds32.axu 2007-11-21 22:00 . 2003-05-21 01:10 210,432 --a------ C:\WINDOWS\system32\mpgdec.ax 2007-11-21 22:00 . 2004-04-30 21:46 28,672 --a------ C:\WINDOWS\system32\t3odm.dll 2007-11-14 16:52 . 2007-11-14 16:52 <DIR> d-------- C:\Documents and Settings\PC\Dane aplikacji\Ashampoo Photo Commander 4 2007-11-14 16:43 . 2007-11-14 16:47 222 --a------ C:\WINDOWS\VOGEL.INI 2007-11-14 16:19 . 2007-11-14 16:19 804 --a------ C:\WINDOWS\unins001.dat 2007-11-10 22:21 . 2007-12-05 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec 2007-11-09 22:00 . 2007-11-09 22:00 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione 2007-11-09 17:37 . 2007-11-09 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2007-11-09 16:47 . 2007-11-09 16:47 <DIR> d-------- C:\Program Files\Common Files\PC Tools . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-08 21:20 --------- d-----w C:\Program Files\eMule 2007-12-06 12:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-06 11:52 --------- d-----w C:\Program Files\AvRack 2007-12-05 10:29 --------- d-----w C:\Program Files\Nokia 2007-12-05 10:23 --------- d-----w C:\Program Files\Odkurzacz 2007-12-04 20:58 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Skype 2007-12-02 19:18 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Nokia Multimedia Player 2007-11-22 20:18 --------- d-----w C:\Program Files\Live_TV 2007-11-14 20:17 --------- d-----w C:\Program Files\Ashampoo 2007-11-05 14:54 --------- d-----w C:\Program Files\Google 2007-11-02 20:18 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\poleng 2007-11-02 20:16 --------- d-----w C:\Program Files\poleng 2007-10-29 17:34 --------- d-----w C:\Program Files\TubeMaster 2007-10-28 11:19 --------- d-----w C:\Program Files\JLC's Software 2007-10-28 11:19 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\JLC's Software 2007-10-21 20:10 --------- d-----w C:\Program Files\Real 2007-10-21 20:10 --------- d-----w C:\Program Files\Common Files\xing shared 2007-10-21 20:10 --------- d-----w C:\Program Files\Common Files\Real 2007-10-20 09:55 --------- d-----w C:\Program Files\DivX 2007-10-16 14:20 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Ashampoo 2007-10-16 14:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ashampoo 2007-10-15 16:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BufferZone 2007-10-14 13:14 --------- d-----w C:\Program Files\CCleaner 2007-10-14 12:00 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-10-14 12:00 --------- d-----w C:\Program Files\Common Files\Nokia 2007-10-14 12:00 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Nokia 2007-10-14 12:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2007-10-14 11:59 --------- d-----w C:\Program Files\PC Connectivity Solution 2007-10-14 11:59 --------- d-----w C:\Program Files\DIFX 2007-10-14 11:59 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\PC Suite 2007-10-14 11:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations 2007-10-14 11:50 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.1 2007-10-14 09:57 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\MegauploadToolbar 2007-10-14 09:42 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-10-11 19:29 --------- d-----w C:\Program Files\MegauploadToolbar 2007-10-10 18:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems 2007-09-25 12:56 71,609,184 ----a-w C:\162.18_forceware_winxp_international_whql.exe 2007-09-25 11:45 1,164,456 ----a-w C:\install_flash_player.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-21 21:10] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 C:\WINDOWS\soundman.exe] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 04:15] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-03-23 12:06] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoShellSearchButton"= 0 (0x0) [color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys . Contents of the 'Scheduled Tasks' folder "2007-12-09 11:40:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\DOCUME~1\PC\USTAWI~1\Temp\fkiggsqqC137411.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2007-12-09 12:43:34 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-09 12:44:10 - machine was rebooted . --- E O F ---
Użytkownik pawel315 edytował ten post 05 01 2013 - 17:58
#9
Napisano 09 12 2007 - 13:55
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\SET2C.tmp
Ten plik poniżej usuń Killboxem albo Unlockerem.
Opcjonalnie możesz uruchomić jakiegoś total commandera, w menadżerze zadań zabić proces explorer i usunąć plik. Po usunięciu uruchomisz explorer ponownie.
C:\DOCUME~1\PC\USTAWI~1\Temp\fkiggsqqC137411.dll
Teraz sprawa trybu awaryjnego.
Uruchom Edytor rejestru Wyeksportuj klucz HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\ do pliku reg. Następnie poszukaj w kluczach HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x (x to kolejne cyferki będą - kilka ich może być) tego klucza - je równiez wyeksportuj. Dodatkowo - zaznacz w edytorze rejestru klucz HKEY_USERS i daj Plik -> załaduj gałąź rejestru. Wskaż plik c:\windows\repair\system Regedit zapyta Cię o nazwe klucza - nazwij go np 123. Potem w załadowanym pliku odszukaj gałąź HKEY_USERS\123\ControlSet001\Control\SafeBoot i ja również wyeksportuj do pliku reg Po eksporcie tej gałęzi zaznacz dodany klucz i z menu Plik -> zwolnij gałąź rejestru.
Wyeksportowanym plikom zmień rozszerzenie na txt i dołacz jako załączniki do następnego postu. Zrobię dla Ciebie fixa, który powinien nareperować ten tryb awaryjny
Następny post - log Combofixa również zamieść.
#10
Napisano 09 12 2007 - 17:55
#11
Napisano 09 12 2007 - 19:50
Wklej Killboxowi ścieżke do pliku nie przejmując sie tym że go nie widać i każ mu usunąć przy nastepnym restarcie (delete on reboot).
#12
Napisano 09 12 2007 - 22:04
#13
Napisano 09 12 2007 - 22:12
A co do wpisów rejestru - pisałem jako załączniki dodaj po uprzedniej zmianie rozszerzenia na txt Możesz czymś spakować i zmienić rozszerzenia archiwum - bylebyś napisał na jakie powinno sie zmieić po ściągnięciu by dało sie rozpakować.
#14
Napisano 09 12 2007 - 22:54
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.654 [GMT 1:00]
Running from: C:\Documents and Settings\PC\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.
2007-12-09 16:54 . 2007-12-09 17:05 <DIR> d-------- C:\totalcmd
2007-12-09 16:54 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2007-12-09 16:54 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2007-12-09 16:54 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-12-09 16:54 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-12-09 16:54 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-12-09 16:54 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2007-12-09 16:54 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2007-12-09 13:18 . 2007-12-09 14:16 <DIR> d-------- C:\Program Files\Encyklopedia Gier 08
2007-12-09 12:53 . 2007-12-09 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2007-12-09 10:55 . 2007-12-09 10:55 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-08 15:49 . 2007-12-08 15:49 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-08 13:35 . 2007-02-28 17:04 2,137,600 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-12-08 13:35 . 2007-02-28 17:04 2,137,600 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-12-07 17:20 . 2007-12-07 17:20 <DIR> d-------- C:\Program Files\SGJ
2007-12-07 17:20 . 2006-03-03 11:02 1,680,896 --a------ C:\WINDOWS\system32\vcl100.bpl
2007-12-07 17:20 . 2006-03-03 11:02 843,264 --a------ C:\WINDOWS\system32\rtl100.bpl
2007-12-07 17:20 . 2007-12-07 17:20 27 --a------ C:\WINDOWS\XTweaker.INI
2007-12-06 22:26 . 2007-12-06 22:26 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-06 13:34 . 2007-12-06 13:34 <DIR> d-------- C:\Program Files\Thomson
2007-12-06 12:54 . 2004-06-11 04:14 396,800 -ra------ C:\WINDOWS\system32\NvRaidWizard.dll
2007-12-06 12:54 . 2004-06-11 04:15 244,224 -ra------ C:\WINDOWS\system32\NvRaidMan.exe
2007-12-06 12:54 . 2004-06-18 07:57 172,032 -ra------ C:\WINDOWS\system32\nvuide.exe
2007-12-06 12:54 . 2004-06-11 04:15 83,968 -ra------ C:\WINDOWS\system32\nvraidservice.exe
2007-12-06 12:54 . 2004-06-11 04:14 74,240 -ra------ C:\WINDOWS\system32\NvRaidWizardEnu.dll
2007-12-06 12:54 . 2004-06-03 03:40 68,224 -ra------ C:\WINDOWS\system32\drivers\nvraid.sys
2007-12-06 12:54 . 2004-06-11 04:14 20,480 -ra------ C:\WINDOWS\system32\NvRaidEnu.dll
2007-12-06 12:54 . 2004-06-03 03:40 18,432 --a------ C:\WINDOWS\system32\nvraidco.dll
2007-12-06 12:54 . 2004-06-11 04:15 6,144 -ra------ C:\WINDOWS\system32\NvRaidSvEnu.dll
2007-12-06 12:54 . 2004-06-17 19:30 464 -ra------ C:\WINDOWS\system32\nvide.nvu
2007-12-06 12:53 . 2004-06-03 03:40 294,400 -ra------ C:\WINDOWS\system32\idecoi.dll
2007-12-06 12:53 . 2004-06-03 03:40 79,360 -ra------ C:\WINDOWS\system32\drivers\nvatabus.sys
2007-12-06 12:52 . 2007-12-06 12:52 <DIR> d-------- C:\Program Files\Realtek AC97
2007-12-06 12:52 . 2001-07-05 17:19 164 -r------- C:\WINDOWS\avrack.ini
2007-12-06 12:51 . 2007-12-06 12:51 <DIR> d-------- C:\Program Files\AMD
2007-12-06 12:51 . 2005-03-09 15:53 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-12-06 12:44 . 2007-12-06 12:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-06 12:26 . 2004-12-14 16:55 9,472 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2007-12-05 17:57 . 2007-12-08 16:05 139,296 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-05 17:57 . 2007-12-08 16:05 4,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-05 17:57 . 2007-12-08 16:05 3,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-05 17:57 . 2007-12-08 16:05 1,412 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-05 17:56 . 2007-12-05 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2007-12-05 17:36 . 2007-12-05 17:36 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-04 17:53 . 2007-12-05 18:10 <DIR> d-------- C:\Program Files\WinPcap
2007-12-04 17:52 . 2007-12-07 19:48 <DIR> d-------- C:\Program Files\WMR11
2007-12-04 17:42 . 2007-12-04 17:43 <DIR> d-------- C:\Program Files\Play65
2007-12-04 17:30 . 2007-12-04 17:30 <DIR> d-------- C:\Program Files\BlueSprite
2007-12-04 17:30 . 2001-01-14 02:16 176,128 --a------ C:\WINDOWS\system32\lame_dshow.ax
2007-12-04 17:30 . 2003-02-03 01:45 106,496 --a------ C:\WINDOWS\system32\FileDump.ax
2007-12-04 17:30 . 2003-02-03 01:45 73,728 --a------ C:\WINDOWS\system32\wavdest.ax
2007-12-04 17:29 . 2007-12-04 17:29 <DIR> d-------- C:\Documents and Settings\PC\WINDOWS
2007-12-04 17:29 . 1998-10-01 15:22 299,520 --a------ C:\WINDOWS\uninst.exe
2007-12-03 11:21 . 2007-12-03 11:51 249,856 --------- C:\WINDOWS\Setup1.exe
2007-12-03 11:21 . 2007-12-03 11:51 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-02 22:17 . 2007-12-02 22:17 <DIR> d-------- C:\Program Files\MarBit
2007-11-27 14:39 . 2007-11-27 14:39 0 --ah----- C:\WINDOWS\83914241
2007-11-27 11:25 . 2007-11-27 11:25 <DIR> d-------- C:\WINDOWS\Sun
2007-11-27 11:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-27 11:23 . 2007-11-27 11:24 <DIR> d-------- C:\Program Files\Java
2007-11-27 11:20 . 2007-11-27 11:20 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-27 10:31 . 2007-11-27 10:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-25 21:57 . 2003-12-22 08:20 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-11-24 17:19 . 2004-12-11 18:00 13,866 --a------ C:\Program Files\data.dat
2007-11-24 16:02 . 2007-11-24 16:02 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-11-23 21:52 . 2007-11-23 21:52 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-11-23 21:50 . 2007-11-23 21:50 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-11-23 21:50 . 2007-11-23 21:50 27,656 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-21 22:06 . 2007-11-21 22:07 <DIR> d-------- C:\Program Files\NewLive All Media To Mp3 Converter
2007-11-21 22:00 . 2003-05-12 20:25 503,808 --a------ C:\WINDOWS\system32\mpeg2dmx.ax
2007-11-21 22:00 . 2001-08-18 20:00 262,144 --a------ C:\WINDOWS\system32\mpg4ds32.axu
2007-11-21 22:00 . 2003-05-21 01:10 210,432 --a------ C:\WINDOWS\system32\mpgdec.ax
2007-11-21 22:00 . 2004-04-30 21:46 28,672 --a------ C:\WINDOWS\system32\t3odm.dll
2007-11-14 16:52 . 2007-11-14 16:52 <DIR> d-------- C:\Documents and Settings\PC\Dane aplikacji\Ashampoo Photo Commander 4
2007-11-14 16:43 . 2007-11-14 16:47 222 --a------ C:\WINDOWS\VOGEL.INI
2007-11-14 16:19 . 2007-11-14 16:19 804 --a------ C:\WINDOWS\unins001.dat
2007-11-10 22:21 . 2007-12-05 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2007-11-09 22:00 . 2007-11-09 22:00 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2007-11-09 17:37 . 2007-11-09 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-11-09 16:47 . 2007-11-09 16:47 <DIR> d-------- C:\Program Files\Common Files\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 18:00 --------- d-----w C:\Program Files\eMule
2007-12-06 12:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-06 11:52 --------- d-----w C:\Program Files\AvRack
2007-12-05 10:29 --------- d-----w C:\Program Files\Nokia
2007-12-05 10:23 --------- d-----w C:\Program Files\Odkurzacz
2007-12-04 20:58 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Skype
2007-12-02 19:18 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Nokia Multimedia Player
2007-11-22 20:18 --------- d-----w C:\Program Files\Live_TV
2007-11-14 20:17 --------- d-----w C:\Program Files\Ashampoo
2007-11-05 14:54 --------- d-----w C:\Program Files\Google
2007-11-02 20:18 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\poleng
2007-11-02 20:16 --------- d-----w C:\Program Files\poleng
2007-10-29 17:34 --------- d-----w C:\Program Files\TubeMaster
2007-10-28 11:19 --------- d-----w C:\Program Files\JLC's Software
2007-10-28 11:19 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\JLC's Software
2007-10-21 20:10 --------- d-----w C:\Program Files\Real
2007-10-21 20:10 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-21 20:10 --------- d-----w C:\Program Files\Common Files\Real
2007-10-20 09:55 --------- d-----w C:\Program Files\DivX
2007-10-16 14:20 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Ashampoo
2007-10-16 14:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2007-10-15 16:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BufferZone
2007-10-14 13:14 --------- d-----w C:\Program Files\CCleaner
2007-10-14 12:00 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-10-14 12:00 --------- d-----w C:\Program Files\Common Files\Nokia
2007-10-14 12:00 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\Nokia
2007-10-14 12:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2007-10-14 11:59 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-10-14 11:59 --------- d-----w C:\Program Files\DIFX
2007-10-14 11:59 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\PC Suite
2007-10-14 11:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
2007-10-14 11:50 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.1
2007-10-14 09:57 --------- d-----w C:\Documents and Settings\PC\Dane aplikacji\MegauploadToolbar
2007-10-14 09:42 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-10-11 19:29 --------- d-----w C:\Program Files\MegauploadToolbar
2007-10-10 18:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2007-09-26 18:03 98,304 ----a-w C:\WINDOWS\system32\qttask.exe
2007-09-25 12:56 71,609,184 ----a-w C:\162.18_forceware_winxp_international_whql.exe
2007-09-25 11:45 1,164,456 ----a-w C:\install_flash_player.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-09_12.43.43.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-21 10:14:20 32,768 ----a-w C:\WINDOWS\$hf_mig$\KB926247\SP2QFE\snmp.exe
+ 2005-10-12 23:21:28 16,096 ----a-w C:\WINDOWS\$hf_mig$\KB926247\spmsg.dll
+ 2005-10-12 23:21:30 216,288 ----a-w C:\WINDOWS\$hf_mig$\KB926247\spuninst.exe
+ 2005-10-12 23:21:27 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926247\update\spcustom.dll
+ 2005-10-12 23:21:33 723,680 ----a-w C:\WINDOWS\$hf_mig$\KB926247\update\update.exe
+ 2005-10-12 23:21:40 386,784 ----a-w C:\WINDOWS\$hf_mig$\KB926247\update\updspapi.dll
+ 2007-12-09 11:53:39 10,134 ----a-r C:\WINDOWS\Installer\{7A39DABB-8519-4272-81AB-7186AEE2F88C}\callmsi.exe
+ 2007-12-09 11:53:39 136,448 ----a-r C:\WINDOWS\Installer\{7A39DABB-8519-4272-81AB-7186AEE2F88C}\egui.exe
- 2006-03-02 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe
+ 2006-11-21 10:26:48 32,768 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe
- 2006-03-02 12:00:00 32,256 ----a-w C:\WINDOWS\system32\snmp.exe
+ 2006-11-21 10:26:48 32,768 ----a-w C:\WINDOWS\system32\snmp.exe
+ 2007-12-09 19:40:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_500.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-21 21:10]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 C:\WINDOWS\soundman.exe]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 04:15]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-03-23 12:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 21:51]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoShellSearchButton"= 0 (0x0)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-12-09 19:43:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 20:44:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 20:45:16
C:\ComboFix2.txt ... 2007-12-09 12:44
.
--- E O F ---
Załączone pliki
#15
Napisano 09 12 2007 - 23:01
ściągnij załącznik, rozpakuj, scal z rejestrem i sprawdź czy tryb awaryjny działa.
Załączone pliki
#16
Napisano 09 12 2007 - 23:09
#17
Napisano 09 12 2007 - 23:12
Skasuj klucz HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot i spróbuj raz jeszcze.
#18
Napisano 09 12 2007 - 23:22
#19
Napisano 09 12 2007 - 23:33
Zróbmy automatem reset uprawnień do kluczy rejestru.
Ściągnij subinacl, zainstaluj. Jak nie będzie się dało zainstalowac - pisz - wystawię Ci exeka samego zebyś mógł sobie go ściągnąć.
Po instalacji uruchamiasz wiersz polecenia (start -> uruchom -> cmd), przechodzisz do katalogu gdzie został zainstalowany subinacl (domyślnie C:\Program Files\Windows Resource Kits\Tools\) - polecenie do przechodzenia pomiędzy katalogami to cd nazwa_katalogu (jak nazwa katalogu zawiera spacje to w cudzysłów ją weź np cd "C:\Program Files\Windows Resource Kits\Tools\") i tam wydaj polecenia
Zamiast wyboldowanego słowa wstaw swoją nazwe uzytkownika.subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=Administrator=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=System=f
Po tym - jeszcze raz próba dodania.
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych