Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
amvo.exe - proszę o sprawdzenie loga z ComboFixa
13 Cze 2008, 18:32
Witam,
dopadł mnie amvo.exe, uprzejmie proszę o sprawdzenie loga z ComboFixa i dalsze instrukcje co do skryptu.
LOG
Z gory dziekuję i pozdrawiam
boczan
dopadł mnie amvo.exe, uprzejmie proszę o sprawdzenie loga z ComboFixa i dalsze instrukcje co do skryptu.
LOG
Z gory dziekuję i pozdrawiam
boczan
13 Cze 2008, 19:05
Do wyleczenia pendrive z wirusów użyj
Perlovga Removal Tool
Flash Disinfector
lub format
otwórz notatnik i wklej
Z menu Notatnika
Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
Dr.WEB CureIt!
Włącz przywracanie systemu.
Perlovga Removal Tool
Flash Disinfector
lub format
otwórz notatnik i wklej
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Z menu Notatnika
Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg Uruchom ten plik, uruchom ponownie komputer
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
Dr.WEB CureIt!
Włącz przywracanie systemu.
13 Cze 2008, 22:14
Dziękuję, puściłem Kaspersky'ego, oto LOG.
Z tego co przeczytałem, Qoobox to kwarantanna ComboFixa, do usunięcia?
Z tego co przeczytałem, Qoobox to kwarantanna ComboFixa, do usunięcia?
14 Cze 2008, 07:26
Usuń ten folder:
Koniecznie wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Po tym przeskanuj ponownie i daj log
C:\QooBox
Koniecznie wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Po tym przeskanuj ponownie i daj log
14 Cze 2008, 13:08
QooBox sunięty. Przywracanie wyłączyłem na czas skanowania, włączyłem po, tak jak pisałeś w pierwszej odpowiedzi. Przed drugim skanem wyłączyłem i włączyłem. Oto drugi log z Kaspersky'ego.
14 Cze 2008, 13:33
Wyłacz przywracanie na wszsytkich partycjach bo nic się nie pousuwało
14 Cze 2008, 13:35
Wlasnie widze, ze nic sie nie pousuwalo. Zaznaczam wylacz przywracanie na wszystkich dyskach, potwierdzam. Zastosuj. Ok. Reset kompa. Wlaczam z powrotem. I dalej jest. Bez resetu tez probowalem. I nic.
14 Cze 2008, 13:49
Pobierz The Avenger
wklej do niego ten tekst:
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
wklej do niego ten tekst:
- Kod:
Folders to delete:
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP231
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP232
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP233
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP234
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP235
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP237
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP238
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP239
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP240
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP241
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP242
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP243
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP244
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP245
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP246
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP247
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP248
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP249
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP250
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP251
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP252
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP253
C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP254
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP219
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP220
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP221
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP222
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP223
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP224
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP225
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP226
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP227
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP228
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP229
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP230
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP231
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP232
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP233
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP234
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP235
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP237
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP238
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP239
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP240
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP241
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP242
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP243
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP244
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP245
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP246
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP247
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP248
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP249
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP250
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP251
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP252
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP253
F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP254
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
14 Cze 2008, 14:01
Zrobione.
- Kod:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP231" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP232" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP233" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP234" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP235" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236" deleted successfully.
Error: folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236" not found!
Deletion of folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP237" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP238" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP239" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP240" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP241" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP242" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP243" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP244" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP245" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP246" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP247" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP248" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP249" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP250" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP251" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP252" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP253" deleted successfully.
Folder "C:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP254" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP219" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP220" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP221" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP222" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP223" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP224" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP225" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP226" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP227" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP228" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP229" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP230" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP231" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP232" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP233" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP234" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP235" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP237" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP238" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP239" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP240" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP241" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP242" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP243" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP244" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP245" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP246" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP247" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP248" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP249" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP250" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP251" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP252" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP253" deleted successfully.
Folder "F:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP254" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
14 Cze 2008, 15:31
Daj nowy log z Kasperskiego
14 Cze 2008, 17:49
Nie wiem czemu te foldery przywracania nie chca sie usunac...
Nowy log z Kaspersky'ego.
Nowy log z Kaspersky'ego.
16 Cze 2008, 16:45
Wiem bo zatamtym razem wszsytkiego nie usunąłem
Pobierz The Avenger
wklej do niego ten tekst:
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
Pobierz The Avenger
wklej do niego ten tekst:
- Kod:
Files to delete:
H:\Backup Starych Dysków\E\moje dokumenty2\BSINSTALLPL.exe
Folders to delete:
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP219
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP220
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP221
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP222
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP223
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP224
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP225
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP226
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP227
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP228
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP229
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP230
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP231
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP232
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP233
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP234
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP235
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP237
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP238
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP239
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP240
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP241
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP242
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP243
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP244
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP245
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP246
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP247
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP248
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP249
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP250
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP251
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP252
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP253
G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP254
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP219
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP220
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP221
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP222
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP223
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP224
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP225
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP226
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP227
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP228
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP229
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP230
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP231
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP232
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP233
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP234
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP235
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP237
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP238
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP239
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP240
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP241
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP242
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP243
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP244
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP245
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP246
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP247
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP248
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP249
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP250
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP251
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP252
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP253
H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP254
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
17 Cze 2008, 11:48
Log z Avengera
Przywracanie było w tym czasie wyłączone.
- Kod:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "H:\Backup Starych Dysków\E\moje dokumenty2\BSINSTALLPL.exe" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP219" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP220" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP221" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP222" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP223" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP224" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP225" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP226" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP227" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP228" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP229" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP230" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP231" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP232" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP233" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP234" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP235" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP237" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP238" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP239" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP240" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP241" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP242" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP243" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP244" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP245" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP246" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP247" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP248" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP249" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP250" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP251" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP252" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP253" deleted successfully.
Folder "G:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP254" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP219" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP220" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP221" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP222" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP223" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP224" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP225" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP226" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP227" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP228" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP229" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP230" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP231" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP232" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP233" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP234" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP235" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP236" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP237" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP238" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP239" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP240" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP241" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP242" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP243" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP244" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP245" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP246" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP247" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP248" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP249" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP250" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP251" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP252" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP253" deleted successfully.
Folder "H:\System Volume Information\_restore{02C9159A-15C5-48C7-9393-EDF9734CC548}(2)\RP254" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Przywracanie było w tym czasie wyłączone.
17 Cze 2008, 13:14
Przeskanuj ponownie antywirusem i daj log
18 Cze 2008, 10:48
Witam nie będę zakładać nowego wątku i zaśmiecał forum skoro odpowiedni wątek już istnieje,
niestety znów sie zaraziłem amvo.exe (podpoiłem pendriva do laptopa kupla, i znów to złapałem,że jestem zarażony odkryłem podpinając pena w domu i otwierając go ;/)
moje pytanie czy jest jakiś sposób aby chronić się przed tym problemem (z pendriva korzystam często i nie tylko na swoim komputerze) czytałem że Flash Disinfector może jakoś pomóc ale nie było napisane dokładnie jak, może wy wiecie??
Log z Combo Fix'a (zrobiłem wczoraj ale forum coś mi się nie otwierało, więc daje dziś)
na dniach znów będę potrzebował pomocy tym razem z laptopem przyjaciółki co ma ten problem :]
z góry dzięki za pomoc
niestety znów sie zaraziłem amvo.exe (podpoiłem pendriva do laptopa kupla, i znów to złapałem,że jestem zarażony odkryłem podpinając pena w domu i otwierając go ;/)
moje pytanie czy jest jakiś sposób aby chronić się przed tym problemem (z pendriva korzystam często i nie tylko na swoim komputerze) czytałem że Flash Disinfector może jakoś pomóc ale nie było napisane dokładnie jak, może wy wiecie??
Log z Combo Fix'a (zrobiłem wczoraj ale forum coś mi się nie otwierało, więc daje dziś)
- Kod:
ComboFix 08-06-16.5 - pykoo 2008-06-17 19:57:57.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.282 [GMT 2:00]
Running from: C:\Documents and Settings\pykoo\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.
2008-06-03 17:41 . 2008-03-21 13:13 102,536 -r-hs---- C:\v.com
2008-06-02 12:25 . 2008-06-02 12:25 <DIR> d-------- C:\Documents and Settings\pykoo\Dane aplikacji\XCPCSync.OEM
2008-06-02 12:21 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-06-02 12:20 . 2008-06-02 12:21 <DIR> d-------- C:\Program Files\Mobile Phone Manager
2008-06-02 12:20 . 2008-06-02 12:20 <DIR> d-------- C:\Program Files\Common Files\XCPCSync.OEM
2008-06-01 20:06 . 2008-06-01 20:06 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-06-01 20:06 . 2008-06-01 20:06 <DIR> d-------- C:\Program Files\PDFCreator
2008-06-01 20:06 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-06-01 20:06 . 2008-06-01 20:06 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_6984.exe
2008-06-01 20:06 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-06-01 20:06 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-06-01 20:06 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-06-01 20:06 . 2008-06-01 20:06 14,290 --a------ C:\Program Files\settings.dat
2008-05-18 15:33 . 2008-05-18 15:34 49 --a------ C:\WINDOWS\NeroDigital.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 18:43 --------- d-----w C:\Documents and Settings\pykoo\Dane aplikacji\foobar2000
2008-06-02 10:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 10:26 --------- d-----w C:\Program Files\BitComet
2008-05-09 17:44 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-09 16:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-02 14:58 --------- d-----w C:\Program Files\FlashGet
2008-05-02 14:46 --------- d-----w C:\Documents and Settings\pykoo\Dane aplikacji\Ahead
2008-05-02 12:53 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-01 20:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-01 20:54 --------- d-----w C:\Program Files\Norton Ghost
2008-05-01 20:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-01 20:36 --------- d-----w C:\Documents and Settings\pykoo\Dane aplikacji\Symantec
2008-05-01 20:11 --------- d-----w C:\Program Files\Symantec
2008-05-01 20:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 19:21 --------- d-----w C:\Program Files\IrfanView
2008-05-01 18:53 --------- d-----w C:\Program Files\LightSurf
2008-05-01 18:18 --------- d-----w C:\Program Files\KonnektPlus
2008-05-01 18:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\stamina
2008-05-01 17:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-01 17:48 --------- d-----w C:\Program Files\Ahead
2008-05-01 17:42 --------- d-----w C:\Program Files\DivX
2008-05-01 17:36 --------- d-----w C:\Program Files\AC3Filter
2008-05-01 17:30 --------- d-----w C:\Program Files\Xvid
2008-05-01 16:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-01 15:55 --------- d-----w C:\Program Files\Alcohol Soft
2008-05-01 15:53 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-01 15:43 --------- d-----w C:\Program Files\eMule
2008-05-01 15:42 --------- d-----w C:\Program Files\foobar2000
2008-05-01 14:58 --------- d-----w C:\Program Files\Opera
2008-05-01 14:16 --------- d-----w C:\Program Files\Neostrada TP
2008-05-01 14:13 --------- d-----w C:\Program Files\Thomson
2008-05-01 13:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-01 13:52 --------- d-----w C:\Program Files\Microsoft Works
2008-05-01 13:29 --------- d-----w C:\Program Files\Analog Devices
2008-05-01 12:52 --------- d-----w C:\Program Files\Softwin
2008-05-01 12:52 --------- d-----w C:\Program Files\Common Files\Softwin
2008-05-01 12:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-01 12:28 --------- d-----w C:\Program Files\Usługi online
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2003-07-17 02:26 448,640 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-17 02:22 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 07:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.
------- Sigcheck -------
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2004-02-11 08:49 2015232]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-10-11 11:28 360448]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 17:53 90112]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28 9728]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 13:09 33280]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SmartSync - ScheduleSync"="C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2005-10-21 16:20 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\KonnektPlus\\konnekt.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27308:TCP"= 27308:TCP:BitComet 27308 TCP
"27308:UDP"= 27308:UDP:BitComet 27308 UDP
R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [2005-07-28 15:42]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 19:59:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-17 19:59:33
ComboFix-quarantined-files.txt 2008-06-17 17:59:30
Pre-Run: 7,751,614,464 bajtów wolnych
Post-Run: 7,749,947,392 bajtów wolnych
137
na dniach znów będę potrzebował pomocy tym razem z laptopem przyjaciółki co ma ten problem :]
z góry dzięki za pomoc