RIP Napisano Październik 30, 2009 Zgłoś Share Napisano Październik 30, 2009 Siema Problem polega na tym,że wczoraj avast zaczął mi wywalać co chwilę "potencjalne zagrożenie" w osobie pliku eexyv.exe,który znajdował się rzekomo na obu dyskach lokalnych. Działania podjęte przez avasta nic nie dawały i komunikat wciąż wyskakiwał co parę sekund. Przeskanowałem więc kompa programem Malware Anti-Malwares,który znalazł około 35 plików zainfekowanych tym rootkitem. Naprawiłem je przez ten program i komunikaty przestały się pojawiać. Pojawił się natomiast nowy problem. Nie mogę normalnie-poprzez kliknięcie, otworzyć zawartości dysków lokalnych. Próba taka kończy się wyskoczeniem okienka z prośbą o wybranie programu, którym chcę ów dysk otworzyć. Aktualnie mogę korzystać jedynie z polecenia "run"... Dzięki z góry za pomoc Pozdrawiam @...i serdecznie przepraszam moderatorów za założenie tematu prawie identycznego,jak już istniejący...pośpiech @wosq zaraz biorę się za skany programami podanymi w twoim temacie. Zobaczymy co będzie Link do komentarza Udostępnij na innych stronach More sharing options...
Wosq Napisano Październik 30, 2009 Zgłoś Share Napisano Październik 30, 2009 Miałem to samo niemalże. Pomógł skan RSIT-em i paroma innymi programami. Szczegóły i linki w tym temacie: http://forum.cdaction.pl/index.php?showtopic=58348&hl= Link do komentarza Udostępnij na innych stronach More sharing options...
Gofer Napisano Październik 30, 2009 Zgłoś Share Napisano Październik 30, 2009 I zmień antywirusa na Avire/AVG/Comodo. Sam widzisz, że Avast nic nie daje A co do tematu, to bardzo dobrze zrobiłeś. Każdy swoje problemy w osobnym temacie opisuje i jest porządek. Link do komentarza Udostępnij na innych stronach More sharing options...
RIP Napisano Październik 30, 2009 Autor Zgłoś Share Napisano Październik 30, 2009 no tak dobrze zrobiłem,bo jednak mi te skany w przeciwieństwie do kolegi,nie pomogły. Napiszę więc co otrzymałem RSIT: Logfile of random's system information tool 1.06 (written by random/random) Run by Owner at 2009-10-30 11:02:53 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 14 GB (27%) free of 53 GB Total RAM: 2046 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:03:13, on 2009-10-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\Mateusz\RSIT.exe C:\Program Files\trend micro\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file) R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 5747 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1580818891-839522115-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1580818891-839522115-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] SearchSettings Class - C:\Program Files\Search Settings\kb128\SearchSettings.dll [2009-07-29 1153024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-30 13594624] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\FEAR\FEAR.exe"="D:\FEAR\FEAR.exe:*:Enabled:FEAR" "D:\FEAR\FEARMP.exe"="D:\FEAR\FEARMP.exe:*:Enabled:FEAR" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "D:\gta\Rockstar Games Social Club\RGSCLauncher.exe"="D:\gta\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club" "D:\SopCast\SopCast.exe"="D:\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "D:\SopCast\adv\SopAdver.exe"="D:\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "D:\PPStream\PPStream.exe"="D:\PPStream\PPStream.exe:*:Enabled:PPStream" "D:\TVAnts\Tvants.exe"="D:\TVAnts\Tvants.exe:*:Enabled:TVAnts" "D:\Rome - Total War\RomeTW.exe"="D:\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War" "C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service" "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts" "C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream" "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0addb11e-b427-11de-bd4a-0013e8fa96cb}] shell\AutoRun\command - J:\eexyv.exe shell\open\command - J:\eexyv.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29c96aae-10d1-11de-b783-000df048b088}] shell\AutoRun\command - J:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{845600c5-b34f-11dd-bb80-806d6172696f}] shell\AutoRun\command - eexyv.exe shell\open\command - eexyv.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dd41e25-c93e-11dd-b4f6-000df048b088}] shell\AutoRun\command - eexyv.exe shell\open\command - eexyv.exe ======File associations====== .scr - open - "C:\WINDOWS\system32\notepad.exe" "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-10-30 11:02:54 ----D---- C:\Program Files\trend micro 2009-10-30 11:02:53 ----D---- C:\rsit 2009-10-29 22:01:14 ----D---- C:\Qoobox 2009-10-29 20:59:05 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2009-10-29 20:58:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-10-29 20:58:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-10-26 22:44:56 ----N---- C:\WINDOWS\system32\fppr332.dll 2009-10-26 22:44:56 ----N---- C:\WINDOWS\system32\fppmon3.dll 2009-10-21 19:30:13 ----D---- C:\WINDOWS\system32\AGEIA 2009-10-21 19:30:12 ----D---- C:\Program Files\AGEIA Technologies 2009-10-21 19:30:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-10-21 19:29:16 ----D---- C:\WINDOWS\nview 2009-10-21 19:29:15 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-10-21 19:28:33 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2009-10-21 19:28:03 ----D---- C:\NVIDIA 2009-10-21 14:04:46 ----D---- C:\Program Files\Driver Cleaner 2009-10-21 12:31:32 ----D---- C:\Program Files\SystemRequirementsLab 2009-10-21 12:31:31 ----D---- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab 2009-10-21 11:17:37 ----D---- C:\swsetup 2009-10-21 09:18:15 ----D---- C:\Program Files\KotOR2-PL 2009-10-16 16:13:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$ 2009-10-16 16:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2009-10-16 16:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2009-10-16 16:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2009-10-16 16:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2009-10-16 16:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2009-10-16 16:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2009-10-16 16:12:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2009-10-16 16:12:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$ 2009-10-16 16:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2009-10-11 09:45:17 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu 2009-10-11 09:45:15 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter 2009-10-11 09:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2009-10-11 09:40:11 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ 2009-10-11 09:39:55 ----A---- C:\WINDOWS\system32\CNMLM99.DLL 2009-10-11 09:39:51 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information 2009-10-11 09:39:33 ----HD---- C:\Program Files\CanonBJ 2009-10-11 09:37:30 ----D---- C:\Program Files\Canon 2009-10-10 11:29:27 ----A---- C:\WINDOWS\RUNTEST.INI 2009-10-09 15:12:13 ----D---- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player 2009-10-08 18:18:39 ----D---- C:\WINDOWS\SxsCaPendDel 2009-10-01 17:42:01 ----D---- C:\Documents and Settings\Owner\Application Data\Google ======List of files/folders modified in the last 1 months====== 2009-10-30 11:02:59 ----D---- C:\WINDOWS\Prefetch 2009-10-30 11:02:54 ----RD---- C:\Program Files 2009-10-30 10:49:21 ----D---- C:\Program Files\Mozilla Firefox 2009-10-30 10:10:19 ----D---- C:\WINDOWS\system32 2009-10-30 10:10:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-30 10:06:50 ----D---- C:\WINDOWS\Temp 2009-10-29 22:13:29 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-10-29 22:09:25 ----D---- C:\WINDOWS\system32\CatRoot2 2009-10-29 22:08:45 ----D---- C:\WINDOWS 2009-10-29 20:58:59 ----D---- C:\WINDOWS\system32\drivers 2009-10-28 14:02:30 ----D---- C:\RM-Win_4.21 2009-10-28 06:44:17 ----A---- C:\WINDOWS\NeroDigital.ini 2009-10-28 06:43:01 ----D---- C:\WINDOWS\system32\config 2009-10-27 18:50:23 ----SHD---- C:\WINDOWS\Installer 2009-10-27 18:50:23 ----SHD---- C:\Config.Msi 2009-10-27 08:04:51 ----HD---- C:\WINDOWS\inf 2009-10-24 18:17:16 ----D---- C:\Program Files\Opera 2009-10-21 19:30:00 ----D---- C:\Program Files\Common Files 2009-10-21 19:29:21 ----D---- C:\WINDOWS\Help 2009-10-21 19:29:16 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-10-21 11:36:52 ----D---- C:\WINDOWS\system32\CatRoot 2009-10-21 10:35:33 ----D---- C:\Documents and Settings\Owner\Application Data\foobar2000 2009-10-16 21:42:44 ----D---- C:\Program Files\Frilo 2009-10-16 17:51:22 ----D---- C:\WINDOWS\Microsoft.NET 2009-10-16 17:51:17 ----RSD---- C:\WINDOWS\assembly 2009-10-16 16:16:30 ----D---- C:\WINDOWS\WinSxS 2009-10-16 16:13:58 ----D---- C:\Program Files\Internet Explorer 2009-10-16 16:12:53 ----HD---- C:\WINDOWS\$hf_mig$ 2009-10-16 13:38:07 ----D---- C:\WINDOWS\Debug 2009-10-13 21:44:10 ----D---- C:\WINDOWS\system32\LogFiles 2009-10-12 16:27:26 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft 2009-10-11 20:36:12 ----A---- C:\Documents and Settings\Owner\Application Data\ceville_console_history.txt 2009-10-10 11:30:13 ----D---- C:\Documents and Settings\Owner\Application Data\Autodesk 2009-10-10 11:29:27 ----D---- C:\WINDOWS\SHELLNEW 2009-10-10 11:29:10 ----D---- C:\Program Files\Common Files\Autodesk Shared 2009-10-10 11:29:09 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk 2009-10-10 11:28:12 ----RSD---- C:\WINDOWS\Fonts 2009-10-10 11:27:30 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-10-10 11:27:10 ----HD---- C:\Program Files\InstallShield Installation Information 2009-10-08 18:37:27 ----D---- C:\Documents and Settings\All Users\Application Data\Norton 2009-10-08 18:37:24 ----SD---- C:\WINDOWS\Tasks 2009-10-08 18:28:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-10-08 18:28:18 ----D---- C:\Program Files\Microsoft Visual Studio 9.0 2009-10-08 18:21:34 ----D---- C:\WINDOWS\system32\1033 2009-10-08 18:16:27 ----D---- C:\Program Files\Microsoft.NET 2009-10-01 17:41:13 ----D---- C:\Program Files\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152] R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024] R3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016] R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184] R3 NETw4x32;Intel? Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-24 2203520] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-30 6250848] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2006-02-28 67584] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-02-28 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480] R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736] S3 ax69ofu0;ax69ofu0; C:\WINDOWS\system32\drivers\ax69ofu0.sys [] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-05-07 13224] S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-05-07 24616] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472] S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392] S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704] S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312] S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488] S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336] R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-30 168004] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-01 133104] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-21 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-11-16 85096] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Malware: Malwarebytes' Anti-Malware 1.41 Database version: 3056 Windows 5.1.2600 Service Pack 2 2009-10-29 22:08:45 mbam-log-2009-10-29 (22-08-45).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 291485 Time elapsed: 1 hour(s), 6 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 36 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\trzC.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files\Alwil Software\Avast4\DATA\moved\eexyv.exe.2.vir (Spyware.OnlineGames) -> Delete on reboot. C:\Program Files\Alwil Software\Avast4\DATA\moved\eexyv.exe.vir (Spyware.OnlineGames) -> Delete on reboot. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078473.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078486.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078499.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078526.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078539.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078720.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078732.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078742.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078756.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078770.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078785.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078828.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078840.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078860.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078475.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078488.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078501.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078528.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078541.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP196\A0078629.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078722.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078734.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078744.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078758.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078772.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078787.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078830.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078842.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{AA08C5DB-AF91-4D43-A738-45D1442844FC}\RP197\A0078862.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. Dr.Web natomiast znalazł problemy w plikach AUTORUN.INF na obu dyskach,dałem przenieś (ale nie na stałe) Link do komentarza Udostępnij na innych stronach More sharing options...
Wosq Napisano Październik 30, 2009 Zgłoś Share Napisano Październik 30, 2009 U mnie zarówno Bit Defender, Web, Anti-Malware wykrywały autorana na każdej partycji.. Nie wiem dokładne, który w końcu to badziewie usunął, ale po tym zdarzeniu jest na razie spokój. Samo przeniesienie raczej nic nie da. Link do komentarza Udostępnij na innych stronach More sharing options...
Gofer Napisano Październik 30, 2009 Zgłoś Share Napisano Październik 30, 2009 Malware i Dr. Beb to bardzo bezpieczne programy, pozwól im naprawić co znajdą. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Październik 30, 2009 Zgłoś Share Napisano Październik 30, 2009 Otwórz notatnik, wklej do niego to co poniżej Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0addb11e-b427-11de-bd4a-0013e8fa96cb}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29c96aae-10d1-11de-b783-000df048b088}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{845600c5-b34f-11dd-bb80-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dd41e25-c93e-11dd-b4f6-000df048b088}] Następnie zapisz plik jako fix.reg i go odpal. Wszystkie pamięci przenośne, które ostatnio podłączałeś do kompa zdezynfekuj za pomocą programu Flash Disinfector. To powinno rozwiązać problem. Później jeszcze dokładnie sprawdzę logi, teraz niestety nie mam czasu. P.S. RSIT z założenia nic nie naprawia. To jest program nieingerencyjny, który tylko tworzy logi, z których ktoś z jako taką wiedzą może trochę wyczytać. Link do komentarza Udostępnij na innych stronach More sharing options...
RIP Napisano Październik 30, 2009 Autor Zgłoś Share Napisano Październik 30, 2009 I po problemie fix naprawił problem,dziękuję Co do malware i dr.web'a to naprawiałem, ale nie pomogło Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Październik 30, 2009 Zgłoś Share Napisano Październik 30, 2009 Sprawdź jeszcze pliki C:\Program Files\TVAnts\Tvants.exe oraz C:\Program Files\PPStream\PPStream.exe na VirusTotal, bo widzę w internecie sprzeczne informacje na temat tych plików. Część stron podaje, że jest to szkodliwe oprogramowanie. Poza tym czysto. Link do komentarza Udostępnij na innych stronach More sharing options...
RIP Napisano Październik 31, 2009 Autor Zgłoś Share Napisano Październik 31, 2009 TVants czysty a PPStream'a już od pewnego czasu nie mam na dysku. Chyba go RSIT z jakichś zakamarków rejestru wygrzebał Dzięki Więc temat do zamknięcia Link do komentarza Udostępnij na innych stronach More sharing options...
Gofer Napisano Październik 31, 2009 Zgłoś Share Napisano Październik 31, 2009 Problem rozwiązany, więc temat zamykam.W razie potrzeby otwarcia tematu, proszę o kontakt przez PW. Link do komentarza Udostępnij na innych stronach More sharing options...