Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
jak usunąć amvo.exe
06 Kwi 2008, 12:14
Witam. Nie mam pojęcia jak usunąć amvo.exe. Prosiłbym bardzo, aby ktoś sprawdził tego loga. Z góry dziękuje.
Log z ComboFix
Log z ComboFix
- Kod:
ComboFix 08-04-04.1 - user 2008-04-06 12:02:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1621 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\z firefoxa\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-05 20:52 . 2008-04-05 20:53 <DIR> d-------- C:\Milionerzy
2008-04-05 20:51 . 2008-04-05 20:51 103,463 -r-hs---- C:\m9j.com
2008-04-05 14:59 . 2008-04-05 14:59 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-05 14:32 . 2008-04-05 14:32 <DIR> d-------- C:\Program Files\MoorHunt
2008-04-04 18:58 . 2008-04-04 18:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-04 18:34 . 2008-04-04 18:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-04 18:34 . 2008-04-04 18:34 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Tibia
2008-04-04 18:21 . 2008-04-04 18:22 <DIR> d-------- C:\Program Files\Tibia
2008-04-03 20:23 . 2008-04-03 20:22 102,407 -r-hs---- C:\gy.cmd
2008-04-02 20:53 . 2008-04-02 20:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-02 20:53 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-02 20:53 . 2008-04-02 20:53 421 --a------ C:\WINDOWS\ODBC.INI
2008-04-02 20:52 . 2008-04-02 20:52 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-02 19:33 . 2008-04-02 19:33 22,328 --a------ C:\Documents and Settings\user\Dane aplikacji\PnkBstrK.sys
2008-04-02 19:33 . 2008-04-02 19:33 319 --a------ C:\WINDOWS\game.ini
2008-04-02 18:26 . 2008-04-02 18:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-02 18:26 . 2008-04-05 08:57 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-02 18:26 . 2008-04-02 21:56 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-02 18:26 . 2008-04-05 08:57 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-02 18:20 . 2008-04-02 18:20 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-04-02 18:17 . 2008-04-02 18:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-04-02 18:16 . 2008-04-05 08:56 <DIR> d-------- C:\Program Files\Xfire
2008-04-02 18:16 . 2008-04-05 09:18 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Xfire
2008-04-02 17:45 . 2008-04-02 19:26 <DIR> d-------- C:\Program Files\Activision
2008-04-02 17:44 . 2008-04-02 17:44 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-02 17:42 . 2008-04-02 17:42 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-02 17:40 . 2008-04-02 17:40 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools
2008-04-02 17:40 . 2008-04-02 17:40 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-02 16:36 . 2008-04-02 16:36 103,810 -r-hs---- C:\qwc.exe
2008-04-02 16:32 . 2008-04-02 21:20 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-01 22:55 . 2008-04-01 22:55 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu
2008-04-01 21:19 . 2008-04-01 21:19 <DIR> d-------- C:\Program Files\MarBit
2008-04-01 21:02 . 2008-04-01 21:02 <DIR> d-------- C:\Program Files\Ares
2008-04-01 20:44 . 2008-04-01 20:44 1,158 --a------ C:\WINDOWS\mozver.dat
2008-04-01 20:32 . 2008-04-01 20:32 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-01 20:32 . 2008-04-01 20:33 <DIR> d-------- C:\Documents and Settings\user\Gadu-Gadu
2008-04-01 20:30 . 2008-04-01 20:31 103,084 -r-hs---- C:\6l6w8.com
2008-04-01 20:29 . 2008-04-01 20:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-01 20:17 . 2008-04-01 20:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-01 20:07 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-01 20:07 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-01 20:07 . 2008-04-01 20:07 800 --a------ C:\WINDOWS\hpinfo.lnk
2008-04-01 20:07 . 2008-04-01 20:07 740 --a------ C:\WINDOWS\reg.prm
2008-04-01 20:06 . 2008-04-01 20:06 376 --a------ C:\WINDOWS\mozregistry.dat
2008-04-01 20:05 . 2008-04-01 20:07 <DIR> d-------- C:\Program Files\hp deskjet 656c series
2008-04-01 20:05 . 2008-04-01 20:06 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-01 20:04 . 2008-04-01 20:04 <DIR> d-------- C:\Program Files\SAGEM
2008-04-01 20:04 . 2005-11-04 16:55 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2008-04-01 20:02 . 2008-04-04 18:57 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-01 14:12 . 2008-04-01 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-04-01 14:11 . 2008-04-01 14:12 <DIR> d-------- C:\Program Files\CyberLink
2008-04-01 14:10 . 2008-04-02 16:37 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-01 14:09 . 2008-04-01 14:09 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Ahead
2008-04-01 14:08 . 2008-04-01 14:08 <DIR> d-------- C:\Program Files\Nero
2008-04-01 14:08 . 2008-04-01 14:10 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-01 14:08 . 2008-04-01 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-01 14:05 . 2008-04-01 14:05 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-01 14:05 . 2008-04-01 14:05 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-01 14:05 . 2008-04-01 14:05 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-03-14 01:05 . 2008-03-14 01:05 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 17:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 12:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-01 12:00 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-04-01 11:57 --------- d-----w C:\Program Files\My Company Name
2008-04-01 11:49 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-01 11:49 --------- d-----w C:\Program Files\Realtek
2008-04-01 11:49 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\InstallShield
2008-04-01 11:47 --------- d-----w C:\Program Files\Intel
2008-04-01 11:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-01 11:38 --------- d-----w C:\Program Files\Usługi online
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:35 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 17:31 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-01-10 11:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 11:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
"nwiz"="nwiz.exe" [2007-12-07 07:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-07 07:51 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 11:16 196608]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-01 14:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a16cf428-ffee-11dc-81bd-806d6172696f}]
\Shell\AutoRun\command - F:\6l6w8.com
\Shell\explore\Command - F:\6l6w8.com
\Shell\open\Command - F:\6l6w8.com
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 12:02:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-06 12:02:57
ComboFix-quarantined-files.txt 2008-04-06 10:02:55
Pre-Run: 80,475,918,336 bajtów wolnych
Post-Run: 80,503,476,224 bajtów wolnych
.
2008-04-02 19:20:53 --- E O F ---
10 Kwi 2008, 05:25
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
Wklej do notatnika:
- Kod:
File::
C:\m9j.com
C:\gy.cmd
C:\qwc.exe
C:\6l6w8.com
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
Kolejny log z combofix
11 Kwi 2008, 19:46
Oto log z combofix:
- Kod:
ComboFix 08-04-04.1 - user 2008-04-11 19:42:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1517 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\z firefoxa\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Pulpit\z firefoxa\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\6l6w8.com
C:\gy.cmd
C:\m9j.com
C:\qwc.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\6l6w8.com
C:\gy.cmd
C:\m9j.com
C:\qwc.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.
2008-04-10 15:10 . 2008-04-10 15:34 <DIR> d-------- C:\Program Files\Tibia7.6
2008-04-08 17:46 . 2008-04-08 17:46 <DIR> d-------- C:\Program Files\City Interactive
2008-04-08 15:50 . 2008-04-11 16:46 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Hamachi
2008-04-08 15:49 . 2008-04-08 15:50 <DIR> d-------- C:\Program Files\Hamachi
2008-04-08 15:49 . 2008-04-08 15:49 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-06 16:17 . 2008-04-06 16:17 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Media Player Classic
2008-04-06 15:04 . 2008-04-06 16:57 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\skypePM
2008-04-06 15:04 . 2008-04-06 15:04 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-06 15:03 . 2008-04-06 15:03 <DIR> d-------- C:\Program Files\Skype
2008-04-06 15:03 . 2008-04-06 15:03 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-06 15:03 . 2008-04-06 16:59 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Skype
2008-04-06 15:03 . 2008-04-06 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-05 20:52 . 2008-04-05 20:53 <DIR> d-------- C:\Milionerzy
2008-04-05 14:59 . 2008-04-05 14:59 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-05 14:32 . 2008-04-05 14:32 <DIR> d-------- C:\Program Files\MoorHunt
2008-04-04 23:31 . 2008-04-04 23:31 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-04 18:58 . 2008-04-04 18:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-04 18:34 . 2008-04-04 18:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-04 18:34 . 2008-04-04 18:34 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Tibia
2008-04-04 18:21 . 2008-04-09 16:28 <DIR> d-------- C:\Program Files\Tibia
2008-04-02 20:53 . 2008-04-02 20:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-02 20:53 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-02 20:53 . 2008-04-02 20:53 421 --a------ C:\WINDOWS\ODBC.INI
2008-04-02 20:52 . 2008-04-02 20:52 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-02 19:33 . 2008-04-02 19:33 22,328 --a------ C:\Documents and Settings\user\Dane aplikacji\PnkBstrK.sys
2008-04-02 19:33 . 2008-04-02 19:33 319 --a------ C:\WINDOWS\game.ini
2008-04-02 18:26 . 2008-04-02 18:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-02 18:26 . 2008-04-08 16:45 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-02 18:26 . 2008-04-02 21:56 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-02 18:26 . 2008-04-08 16:45 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-02 18:20 . 2008-04-02 18:20 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-04-02 18:17 . 2008-04-02 18:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-04-02 18:16 . 2008-04-09 09:02 <DIR> d-------- C:\Program Files\Xfire
2008-04-02 18:16 . 2008-04-10 06:34 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Xfire
2008-04-02 17:45 . 2008-04-02 19:26 <DIR> d-------- C:\Program Files\Activision
2008-04-02 17:44 . 2008-04-02 17:44 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-02 17:42 . 2008-04-02 17:42 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-02 17:40 . 2008-04-02 17:40 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools
2008-04-02 17:40 . 2008-04-02 17:40 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-02 16:32 . 2008-04-10 06:34 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-01 22:55 . 2008-04-01 22:55 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu
2008-04-01 21:19 . 2008-04-01 21:19 <DIR> d-------- C:\Program Files\MarBit
2008-04-01 21:02 . 2008-04-01 21:02 <DIR> d-------- C:\Program Files\Ares
2008-04-01 20:44 . 2008-04-01 20:44 1,158 --a------ C:\WINDOWS\mozver.dat
2008-04-01 20:32 . 2008-04-01 20:32 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-01 20:32 . 2008-04-01 20:33 <DIR> d-------- C:\Documents and Settings\user\Gadu-Gadu
2008-04-01 20:29 . 2008-04-01 20:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-01 20:17 . 2008-04-01 20:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-01 20:07 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-01 20:07 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-01 20:07 . 2008-04-01 20:07 800 --a------ C:\WINDOWS\hpinfo.lnk
2008-04-01 20:07 . 2008-04-01 20:07 740 --a------ C:\WINDOWS\reg.prm
2008-04-01 20:06 . 2008-04-01 20:06 376 --a------ C:\WINDOWS\mozregistry.dat
2008-04-01 20:05 . 2008-04-01 20:07 <DIR> d-------- C:\Program Files\hp deskjet 656c series
2008-04-01 20:05 . 2008-04-01 20:06 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-01 20:04 . 2008-04-01 20:04 <DIR> d-------- C:\Program Files\SAGEM
2008-04-01 20:04 . 2005-11-04 16:55 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2008-04-01 20:02 . 2008-04-11 19:18 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-01 14:12 . 2008-04-01 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-04-01 14:11 . 2008-04-01 14:12 <DIR> d-------- C:\Program Files\CyberLink
2008-04-01 14:10 . 2008-04-02 16:37 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-01 14:09 . 2008-04-01 14:09 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Ahead
2008-04-01 14:08 . 2008-04-01 14:08 <DIR> d-------- C:\Program Files\Nero
2008-04-01 14:08 . 2008-04-01 14:10 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-01 14:08 . 2008-04-01 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-01 14:05 . 2008-04-01 14:05 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-01 14:05 . 2008-04-01 14:05 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-01 14:05 . 2008-04-01 14:05 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 17:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 12:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-01 12:00 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-04-01 11:57 --------- d-----w C:\Program Files\My Company Name
2008-04-01 11:49 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-01 11:49 --------- d-----w C:\Program Files\Realtek
2008-04-01 11:49 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\InstallShield
2008-04-01 11:47 --------- d-----w C:\Program Files\Intel
2008-04-01 11:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-01 11:38 --------- d-----w C:\Program Files\Usługi online
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:35 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 17:31 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
"nwiz"="nwiz.exe" [2007-12-07 07:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-07 07:51 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 11:16 196608]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\City Interactive\\Americas Secret Operations - Close Conflict\\System\\cqc.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-01 14:00]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 19:43:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-11 19:43:46
ComboFix-quarantined-files.txt 2008-04-11 17:43:44
Pre-Run: 77,218,828,288 bajtów wolnych
Post-Run: 77,208,231,936 bajtów wolnych
.
2008-04-10 04:34:18 --- E O F ---
11 Kwi 2008, 20:10
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
Wklej do notatnika:
- Kod:
Driver::
VIDC.YV12
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
Kolejny log
12 Kwi 2008, 11:30
Oto log:
- Kod:
ComboFix 08-04-04.1 - user 2008-04-12 11:27:03.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1615 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\z firefoxa\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Pulpit\z firefoxa\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.
2008-04-10 15:10 . 2008-04-10 15:34 <DIR> d-------- C:\Program Files\Tibia7.6
2008-04-08 17:46 . 2008-04-08 17:46 <DIR> d-------- C:\Program Files\City Interactive
2008-04-08 15:50 . 2008-04-11 16:46 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Hamachi
2008-04-08 15:49 . 2008-04-08 15:50 <DIR> d-------- C:\Program Files\Hamachi
2008-04-08 15:49 . 2008-04-08 15:49 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-06 16:17 . 2008-04-06 16:17 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Media Player Classic
2008-04-06 15:04 . 2008-04-06 16:57 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\skypePM
2008-04-06 15:04 . 2008-04-06 15:04 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-06 15:03 . 2008-04-06 15:03 <DIR> d-------- C:\Program Files\Skype
2008-04-06 15:03 . 2008-04-06 15:03 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-06 15:03 . 2008-04-06 16:59 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Skype
2008-04-06 15:03 . 2008-04-06 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-05 20:52 . 2008-04-05 20:53 <DIR> d-------- C:\Milionerzy
2008-04-05 14:59 . 2008-04-05 14:59 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-05 14:32 . 2008-04-05 14:32 <DIR> d-------- C:\Program Files\MoorHunt
2008-04-04 23:31 . 2008-04-04 23:31 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-04 18:58 . 2008-04-04 18:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-04 18:34 . 2008-04-04 18:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-04 18:34 . 2008-04-04 18:34 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Tibia
2008-04-04 18:21 . 2008-04-09 16:28 <DIR> d-------- C:\Program Files\Tibia
2008-04-02 20:53 . 2008-04-02 20:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-02 20:53 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-02 20:53 . 2008-04-02 20:53 421 --a------ C:\WINDOWS\ODBC.INI
2008-04-02 20:52 . 2008-04-02 20:52 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-02 19:33 . 2008-04-02 19:33 22,328 --a------ C:\Documents and Settings\user\Dane aplikacji\PnkBstrK.sys
2008-04-02 19:33 . 2008-04-02 19:33 319 --a------ C:\WINDOWS\game.ini
2008-04-02 18:26 . 2008-04-02 18:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-02 18:26 . 2008-04-08 16:45 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-02 18:26 . 2008-04-02 21:56 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-02 18:26 . 2008-04-08 16:45 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-02 18:20 . 2008-04-02 18:20 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-04-02 18:17 . 2008-04-02 18:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-04-02 18:16 . 2008-04-09 09:02 <DIR> d-------- C:\Program Files\Xfire
2008-04-02 18:16 . 2008-04-10 06:34 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Xfire
2008-04-02 17:45 . 2008-04-02 19:26 <DIR> d-------- C:\Program Files\Activision
2008-04-02 17:44 . 2008-04-02 17:44 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-02 17:42 . 2008-04-02 17:42 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-02 17:40 . 2008-04-02 17:40 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools
2008-04-02 17:40 . 2008-04-02 17:40 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-02 16:32 . 2008-04-10 06:34 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-01 22:55 . 2008-04-01 22:55 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu
2008-04-01 21:19 . 2008-04-01 21:19 <DIR> d-------- C:\Program Files\MarBit
2008-04-01 21:02 . 2008-04-01 21:02 <DIR> d-------- C:\Program Files\Ares
2008-04-01 20:44 . 2008-04-01 20:44 1,158 --a------ C:\WINDOWS\mozver.dat
2008-04-01 20:32 . 2008-04-01 20:32 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-01 20:32 . 2008-04-01 20:33 <DIR> d-------- C:\Documents and Settings\user\Gadu-Gadu
2008-04-01 20:29 . 2008-04-01 20:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-01 20:17 . 2008-04-01 20:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-01 20:07 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-01 20:07 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-01 20:07 . 2008-04-01 20:07 800 --a------ C:\WINDOWS\hpinfo.lnk
2008-04-01 20:07 . 2008-04-01 20:07 740 --a------ C:\WINDOWS\reg.prm
2008-04-01 20:06 . 2008-04-01 20:06 376 --a------ C:\WINDOWS\mozregistry.dat
2008-04-01 20:05 . 2008-04-01 20:07 <DIR> d-------- C:\Program Files\hp deskjet 656c series
2008-04-01 20:05 . 2008-04-01 20:06 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-01 20:04 . 2008-04-01 20:04 <DIR> d-------- C:\Program Files\SAGEM
2008-04-01 20:04 . 2005-11-04 16:55 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2008-04-01 20:02 . 2008-04-11 19:18 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-01 14:12 . 2008-04-01 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-04-01 14:11 . 2008-04-01 14:12 <DIR> d-------- C:\Program Files\CyberLink
2008-04-01 14:10 . 2008-04-02 16:37 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-01 14:09 . 2008-04-01 14:09 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Ahead
2008-04-01 14:08 . 2008-04-01 14:08 <DIR> d-------- C:\Program Files\Nero
2008-04-01 14:08 . 2008-04-01 14:10 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-01 14:08 . 2008-04-01 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-01 14:05 . 2008-04-01 14:05 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-01 14:05 . 2008-04-01 14:05 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-01 14:05 . 2008-04-01 14:05 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 17:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 12:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-01 12:00 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-04-01 11:57 --------- d-----w C:\Program Files\My Company Name
2008-04-01 11:49 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-01 11:49 --------- d-----w C:\Program Files\Realtek
2008-04-01 11:49 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\InstallShield
2008-04-01 11:47 --------- d-----w C:\Program Files\Intel
2008-04-01 11:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-01 11:38 --------- d-----w C:\Program Files\Usługi online
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:35 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 17:31 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
"nwiz"="nwiz.exe" [2007-12-07 07:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-07 07:51 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 11:16 196608]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\City Interactive\\Americas Secret Operations - Close Conflict\\System\\cqc.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-01 14:00]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 11:27:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-12 11:27:58
ComboFix-quarantined-files.txt 2008-04-12 09:27:56
ComboFix2.txt 2008-04-11 17:43:47
Pre-Run: 76,071,677,952 bajtów wolnych
Post-Run: 76,071,333,888 bajtów wolnych
.
2008-04-12 08:51:00 --- E O F ---
12 Kwi 2008, 12:52
Log jest ok
Usuń ręcznie folder C: \Qoobox
usuń instalkę Combofix z dysku.
Usuń ręcznie folder C: \Qoobox
usuń instalkę Combofix z dysku.
12 Kwi 2008, 20:51
Ok. Wielkie dzięki huber2t.
07 Maj 2008, 12:09
Ja w tej samej sprawie, czyli mam problem z amvo.exe.
Nie mam pojęcia jak to usunąć. Proszę o pomoć. Poniżej wklejam kod z Combofix.
Z góry dziękuje i sory jeśli odkopuje stary temat.
Nie mam pojęcia jak to usunąć. Proszę o pomoć. Poniżej wklejam kod z Combofix.
Z góry dziękuje i sory jeśli odkopuje stary temat.
- Kod:
ComboFix 08-05-01.3 - michał 2008-05-07 11:59:21.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.471 [GMT 2:00]
Running from: D:\install\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\v.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\svchost.exe
C:\WINDOWS\system\_sv_CMD_
C:\WINDOWS\system\_sv_CMD_\_U_.exe
C:\WINDOWS\system\_sv_CMD_\U.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\temp1.exe
C:\WINDOWS\system32\temp2.exe
C:\WINDOWS\xcopy.exe
D:\Autorun.inf
F:\Autorun.inf
F:\RECYCLER\desktop.ini
F:\RECYCLER\INFO.exe
F:\RECYCLER\U.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.
2008-05-07 11:08 . 2008-05-07 11:08 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-05-07 11:06 . 2008-05-07 11:06 <DIR> d-------- C:\Documents and Settings\michał\Dane aplikacji\Nero
2008-05-07 11:03 . 2008-05-07 11:03 <DIR> d-------- C:\Program Files\Nero
2008-05-07 11:03 . 2008-05-07 11:05 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-07 11:03 . 2008-05-07 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-04 09:50 . 2008-05-04 09:50 104,147 -r-hs---- C:\igxv.cmd
2008-04-29 22:22 . 2008-04-29 22:22 <DIR> d-------- C:\Program Files\PITy
2008-04-27 16:37 . 2008-04-27 16:37 <DIR> d-------- C:\WINDOWS\Sun
2008-04-26 14:27 . 2008-04-26 14:27 103,457 -r-hs---- C:\[u]0[/u]n.bat
2008-04-26 14:20 . 2008-04-26 09:06 104,161 -r-hs---- C:\1dg.exe
2008-04-19 18:25 . 2008-04-23 20:38 <DIR> d-------- C:\Documents and Settings\michał\Dane aplikacji\skypePM
2008-04-19 18:25 . 2008-04-19 18:25 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-19 18:23 . 2008-04-19 18:23 <DIR> d-------- C:\Program Files\Skype
2008-04-19 18:23 . 2008-04-19 18:23 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-19 18:23 . 2008-04-24 01:49 <DIR> d-------- C:\Documents and Settings\michał\Dane aplikacji\Skype
2008-04-19 18:22 . 2008-04-19 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-17 20:43 . 2008-04-17 20:43 <DIR> d-------- C:\Documents and Settings\michał\Dane aplikacji\MozillaControl
2008-04-17 17:05 . 2008-04-17 17:05 <DIR> d-------- C:\Program Files\Dao 3.5
2008-04-17 17:05 . 2008-04-17 17:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 17:05 . 2008-04-17 17:05 <DIR> d-------- C:\Documents and Settings\michał\WINDOWS
2008-04-17 17:05 . 2008-04-17 17:05 <DIR> d-------- C:\Documents and Settings\michał\WINDOWS
2008-04-17 17:05 . 1999-09-28 18:42 1,050,896 --a------ C:\WINDOWS\system32\MSJET35.DLL
2008-04-17 17:05 . 1999-08-25 11:57 415,504 --a------ C:\WINDOWS\system32\MSREPL35.DLL
2008-04-17 17:05 . 1997-04-17 00:00 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2008-04-17 17:05 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-17 17:05 . 1999-05-03 10:32 252,176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL
2008-04-17 17:05 . 1999-05-03 10:32 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2008-04-17 17:05 . 1999-05-03 10:32 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2008-04-17 17:05 . 2008-04-17 17:05 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-04-17 16:40 . 2008-04-17 16:40 <DIR> d-------- C:\berberis_server
2008-04-17 16:37 . 2008-04-17 16:37 <DIR> d-------- C:\Program Files\Java
2008-04-17 16:37 . 2008-04-17 16:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-17 16:37 . 2008-01-08 19:55 <DIR> d--h----- C:\Documents and Settings\berberis\Ustawienia lokalne
2008-04-17 16:37 . 2008-01-05 22:15 <DIR> d-------- C:\Documents and Settings\berberis\Ulubione
2008-04-17 16:37 . 2008-01-05 21:44 <DIR> d--h----- C:\Documents and Settings\berberis\Szablony
2008-04-17 16:37 . 2008-01-05 22:15 <DIR> d-------- C:\Documents and Settings\berberis\Pulpit
2008-04-17 16:37 . 2008-01-05 22:15 <DIR> d-------- C:\Documents and Settings\berberis\Moje dokumenty
2008-04-17 16:37 . 2008-01-05 22:15 <DIR> dr------- C:\Documents and Settings\berberis\Menu Start
2008-04-17 16:37 . 2008-01-05 22:15 <DIR> dr-h----- C:\Documents and Settings\berberis\Dane aplikacji
2008-04-17 16:37 . 2008-04-17 16:37 <DIR> d-------- C:\Documents and Settings\berberis
2008-04-17 16:37 . 2004-06-03 22:05 61,555 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-17 16:37 . 2008-05-07 11:35 1,024 --ah----- C:\Documents and Settings\berberis\ntuser.dat.LOG
2008-04-17 16:36 . 2008-04-17 16:37 <DIR> d-------- C:\Program Files\CRM_BMS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 09:58 3,478 --sha-r C:\WINDOWS\pagefile.sys.vbs
2008-05-07 09:58 3,478 --sha-r C:\pagefile.sys.vbs
2008-04-27 21:20 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\dvdcss
2008-04-24 06:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink
2008-04-23 17:41 --------- d-----w C:\Program Files\DVD Region+CSS Free
2008-04-19 23:00 --------- d-----w C:\Program Files\SuperDVD Player 5.1
2008-04-02 14:20 --------- d-----w C:\Documents and Settings\michal2\Dane aplikacji\PC Suite
2008-03-29 20:27 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\DVD Flick
2008-03-18 17:04 --------- d-----w C:\Program Files\Google AdWords Editor
2008-03-17 13:15 --------- d-----w C:\Program Files\PowerQuest
2008-03-09 10:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.
------- Sigcheck -------
2004-08-04 00:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\wininet.dll
2004-08-04 00:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-04 00:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\explorer.exe
2004-08-04 00:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 18:52 1409024]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05 212992]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 23:15 593920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 14:07 761946]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 12:23 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-08-16 12:21 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 12:20 53248]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:06 304664]
"AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 19:43 754712]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 22:12 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 22:10 46632]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 14:46 255528]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 15:51 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 16:58 65536]
"MSRegInfo"="C:\WINDOWS\pagefile.sys.vbs" [2008-05-07 11:58 3478]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 09:29 237568]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05 32881]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\michaˆ\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
Thoosje Vista Sidebar.lnk - C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-22 02:28:57 524288]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\phonevoip\\X-Lite\\x-lite.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2006-06-20 11:04]
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-10-02 11:39]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-08-16 19:42]
R2 BerbService;Berberis;C:\Program Files\CRM_BMS\berberis_server\berberis_service\bin\BerbServices.exe [2006-04-20 11:22]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d1e0be3-e45b-11dc-9e58-0016d4b2e546}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f27d245c-eae6-11dc-9e66-0016d4b2e546}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
*Newly Created Service* - CATCHME
*Newly Created Service* - NERO_BACKITUP_SCHEDULER_3
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 12:00:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-07 12:01:10
ComboFix-quarantined-files.txt 2008-05-07 10:01:06
ComboFix2.txt 2008-01-08 17:55:48
Pre-Run: 10,026,889,216 bajtów wolnych
Post-Run: 10,756,857,856 bajtów wolnych
180
07 Maj 2008, 16:20
masterkick
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
- Kod:
File::
C:\igxv.cmd
C:\0n.bat
C:\1dg.exe
C:\WINDOWS\pagefile.sys.vbs
C:\pagefile.sys.vbs
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
07 Maj 2008, 18:12
Wielkie dzięki za szybką odpowiedź.
Zrobiłem jak kazałeś. Poniżej log:
I jak?
Zrobiłem jak kazałeś. Poniżej log:
- Kod:
ComboFix 08-05-01.3 - michał 2008-05-07 18:08:52.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.348 [GMT 2:00]
Running from: C:\Documents and Settings\michał\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\michał\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\[u]0[/u]n.bat
C:\1dg.exe
C:\igxv.cmd
C:\pagefile.sys.vbs
C:\WINDOWS\pagefile.sys.vbs
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\[u]0[/u]n.bat
C:\1dg.exe
C:\igxv.cmd
C:\pagefile.sys.vbs
C:\WINDOWS\pagefile.sys.vbs
.
((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.
2008-05-07 12:24 . 2008-05-07 15:12 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-07 12:10 . 2008-05-07 12:10 <DIR> d-------- C:\Documents and Settings\michab
2008-05-07 11:08 . 2008-05-07 11:08 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-05-07 11:06 . 2008-05-07 11:06 <DIR> d-------- C:\Documents and Settings\michał\Dane aplikacji\Nero
2008-05-07 11:03 . 2008-05-07 11:03 <DIR> d-------- C:\Program Files\Nero
2008-05-07 11:03 . 2008-05-07 11:05 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-07 11:03 . 2008-05-07 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-29 22:22 . 2008-04-29 22:22 <DIR> d-------- C:\Program Files\PITy
2008-04-27 16:37 . 2008-04-27 16:37 <DIR> d-------- C:\WINDOWS\Sun
2008-04-19 18:25 . 2008-04-23 20:38 <DIR> d-------- C:\Documents and Settings\michał\Dane aplikacji\skypePM
2008-04-19 18:25 . 2008-04-19 18:25 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-19 18:23 . 2008-04-19 18:23 <DIR> d-------- C:\Program Files\Skype
2008-04-19 18:23 . 2008-04-19 18:23 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-19 18:23 . 2008-04-24 01:49 <DIR> d-------- C:\Documents and Settings\michał\Dane aplikacji\Skype
2008-04-19 18:22 . 2008-04-19 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-17 20:43 . 2008-04-17 20:43 <DIR> d-------- C:\Documents and Settings\michał\Dane aplikacji\MozillaControl
2008-04-17 17:05 . 2008-04-17 17:05 <DIR> d-------- C:\Program Files\Dao 3.5
2008-04-17 17:05 . 2008-04-17 17:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 17:05 . 2008-04-17 17:05 <DIR> d-------- C:\Documents and Settings\michał\WINDOWS
2008-04-17 17:05 . 2008-04-17 17:05 <DIR> d-------- C:\Documents and Settings\michał\WINDOWS
2008-04-17 17:05 . 1999-09-28 18:42 1,050,896 --a------ C:\WINDOWS\system32\MSJET35.DLL
2008-04-17 17:05 . 1999-08-25 11:57 415,504 --a------ C:\WINDOWS\system32\MSREPL35.DLL
2008-04-17 17:05 . 1997-04-17 00:00 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2008-04-17 17:05 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-17 17:05 . 1999-05-03 10:32 252,176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL
2008-04-17 17:05 . 1999-05-03 10:32 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2008-04-17 17:05 . 1999-05-03 10:32 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2008-04-17 17:05 . 2008-04-17 17:05 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-04-17 16:40 . 2008-04-17 16:40 <DIR> d-------- C:\berberis_server
2008-04-17 16:37 . 2008-04-17 16:37 <DIR> d-------- C:\Program Files\Java
2008-04-17 16:37 . 2008-04-17 16:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-17 16:37 . 2008-01-08 19:55 <DIR> d--h----- C:\Documents and Settings\berberis\Ustawienia lokalne
2008-04-17 16:37 . 2008-01-05 22:15 <DIR> d-------- C:\Documents and Settings\berberis\Ulubione
2008-04-17 16:37 . 2008-01-05 21:44 <DIR> d--h----- C:\Documents and Settings\berberis\Szablony
2008-04-17 16:37 . 2008-01-05 22:15 <DIR> d-------- C:\Documents and Settings\berberis\Pulpit
2008-04-17 16:37 . 2008-01-05 22:15 <DIR> d-------- C:\Documents and Settings\berberis\Moje dokumenty
2008-04-17 16:37 . 2008-01-05 22:15 <DIR> dr------- C:\Documents and Settings\berberis\Menu Start
2008-04-17 16:37 . 2008-01-05 22:15 <DIR> dr-h----- C:\Documents and Settings\berberis\Dane aplikacji
2008-04-17 16:37 . 2008-04-17 16:37 <DIR> d-------- C:\Documents and Settings\berberis
2008-04-17 16:37 . 2004-06-03 22:05 61,555 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-17 16:37 . 2008-05-07 11:35 1,024 --ah----- C:\Documents and Settings\berberis\ntuser.dat.LOG
2008-04-17 16:36 . 2008-04-17 16:37 <DIR> d-------- C:\Program Files\CRM_BMS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 13:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink
2008-04-27 21:20 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\dvdcss
2008-04-23 17:41 --------- d-----w C:\Program Files\DVD Region+CSS Free
2008-04-19 23:00 --------- d-----w C:\Program Files\SuperDVD Player 5.1
2008-04-02 14:20 --------- d-----w C:\Documents and Settings\michal2\Dane aplikacji\PC Suite
2008-03-29 20:27 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\DVD Flick
2008-03-18 17:04 --------- d-----w C:\Program Files\Google AdWords Editor
2008-03-17 13:15 --------- d-----w C:\Program Files\PowerQuest
2008-03-09 10:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.
------- Sigcheck -------
2004-08-04 00:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\wininet.dll
2004-08-04 00:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-04 00:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\explorer.exe
2004-08-04 00:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 18:52 1409024]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05 212992]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 23:15 593920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 14:07 761946]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 12:23 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-08-16 12:21 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 12:20 53248]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:06 304664]
"AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 19:43 754712]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 22:12 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 22:10 46632]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 14:46 255528]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 15:51 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 16:58 65536]
"MSRegInfo"="C:\WINDOWS\pagefile.sys.vbs" [ ]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 09:29 237568]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05 32881]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\michaˆ\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
Thoosje Vista Sidebar.lnk - C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-22 02:28:57 524288]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\phonevoip\\X-Lite\\x-lite.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2006-06-20 11:04]
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-10-02 11:39]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-08-16 19:42]
R2 BerbService;Berberis;C:\Program Files\CRM_BMS\berberis_server\berberis_service\bin\BerbServices.exe [2006-04-20 11:22]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
*Newly Created Service* - CATCHME
*Newly Created Service* - NERO_BACKITUP_SCHEDULER_3
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 18:09:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-07 18:10:40
ComboFix-quarantined-files.txt 2008-05-07 16:10:36
ComboFix2.txt 2008-05-07 10:01:10
ComboFix3.txt 2008-01-08 17:55:48
Pre-Run: 6,302,416,896 bajtów wolnych
Post-Run: 6,292,758,528 bajtów wolnych
165
I jak?
07 Maj 2008, 19:29
Log wyglada na czysty
Usuń ręcznie folder C: \Qoobox
Usuń instalkę Combofix z dysku.
Wykonaj optymalizację autostartu
Wykonaj optymalizację link zostal usuniety!
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Usuń ręcznie folder C: \Qoobox
Usuń instalkę Combofix z dysku.
Wykonaj optymalizację autostartu
Wykonaj optymalizację link zostal usuniety!
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Włącz przywracanie systemu na wszystkich dyskach. Instrukcja
09 Maj 2008, 17:42
witam ja tez mam problem z amvo mimo ze tydzin temu robilem gruntowny format musial sie on zagniezdic na dysku d
oto lgo z combofix'a
i jeszcze pytanie czemu wszystkim karzesz pobierac combofix'a skoro kazdy daje z niego logi czy jest on jednorazowego uzytku??
musze pobrac go jeszcze raz a tego co pobralem 10 minut temu do zrobienia log mam usunac??
oto lgo z combofix'a
i jeszcze pytanie czemu wszystkim karzesz pobierac combofix'a skoro kazdy daje z niego logi czy jest on jednorazowego uzytku??
musze pobrac go jeszcze raz a tego co pobralem 10 minut temu do zrobienia log mam usunac??
- Kod:
ComboFix 08-05-08.1 - pykoo 2008-05-09 17:31:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.204 [GMT 2:00]
Running from: C:\Documents and Settings\pykoo\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
2008-05-05 18:06 . 2008-05-05 18:06 <DIR> d-------- C:\DESKJET
2008-05-05 18:04 . 2008-05-05 18:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-05 16:56 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-05 16:56 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-02 17:24 . 2008-05-02 17:24 <DIR> d-------- C:\Logs
2008-05-02 16:46 . 2008-05-02 16:46 <DIR> d-------- C:\Documents and Settings\pykoo\Dane aplikacji\Ahead
2008-05-02 14:53 . 2008-05-02 14:53 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-01 22:41 . 2008-05-01 22:42 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-01 22:12 . 2008-05-01 22:54 <DIR> d-------- C:\Program Files\Norton Ghost
2008-05-01 22:11 . 2008-05-01 22:11 <DIR> d-------- C:\Program Files\Symantec
2008-05-01 22:11 . 2008-05-01 22:55 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-01 22:11 . 2008-05-01 22:36 <DIR> d-------- C:\Documents and Settings\pykoo\Dane aplikacji\Symantec
2008-05-01 22:11 . 2008-05-01 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-01 22:05 . 2008-05-02 16:58 <DIR> d-------- C:\Program Files\FlashGet
2008-05-01 22:05 . 2004-08-03 23:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-05-01 21:21 . 2008-05-01 21:21 <DIR> d-------- C:\Program Files\IrfanView
2008-05-01 20:53 . 2008-05-01 20:53 <DIR> d-------- C:\Program Files\LightSurf
2008-05-01 20:51 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-01 20:17 . 2008-05-01 20:18 <DIR> d-------- C:\Program Files\KonnektPlus
2008-05-01 20:15 . 2008-05-01 20:15 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-01 19:52 . 2008-05-01 19:52 <DIR> d-------- C:\WINDOWS\nview
2008-05-01 19:52 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-01 19:52 . 2008-05-01 19:53 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-01 19:52 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-01 19:51 . 2008-05-01 19:51 <DIR> d-------- C:\NVIDIA
2008-05-01 19:51 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-01 19:48 . 2008-05-01 19:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-01 19:48 . 2008-05-01 19:48 <DIR> d-------- C:\Program Files\Ahead
2008-05-01 19:48 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-05-01 19:48 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-05-01 19:48 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-05-01 19:48 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-01 19:48 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-01 19:48 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-05-01 19:48 . 2008-05-01 19:48 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-05-01 19:45 . 2008-05-01 19:45 2,301 --a------ C:\WINDOWS\mozver.dat
2008-05-01 19:41 . 2008-05-01 19:42 <DIR> d-------- C:\Program Files\DivX
2008-05-01 19:36 . 2008-05-01 19:36 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-01 19:36 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-05-01 19:30 . 2008-05-01 19:30 <DIR> d-------- C:\Program Files\Xvid
2008-05-01 19:30 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-01 19:30 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-01 19:30 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-01 18:55 . 2008-05-01 18:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-01 18:05 . 2008-05-01 23:01 1,224 --a------ C:\WINDOWS\bestplayer.ini
2008-05-01 18:05 . 2008-05-01 23:01 57 --a------ C:\WINDOWS\bestplayer.bpp
2008-05-01 18:05 . 2008-05-01 23:01 0 --a------ C:\WINDOWS\bestplayer.bbt
2008-05-01 17:55 . 2008-05-01 17:55 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-01 17:47 . 2008-05-01 17:47 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-01 17:47 . 2008-05-01 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\stamina
2008-05-01 17:45 . 2008-05-01 17:53 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-01 17:43 . 2008-05-01 17:43 <DIR> d-------- C:\Program Files\eMule
2008-05-01 17:42 . 2008-05-01 17:42 <DIR> d-------- C:\Program Files\foobar2000
2008-05-01 17:42 . 2008-05-07 18:05 <DIR> d-------- C:\Documents and Settings\pykoo\Dane aplikacji\foobar2000
2008-05-01 17:37 . 2008-05-01 17:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-01 17:36 . 2008-05-01 17:37 <DIR> d-------- C:\Program Files\BitComet
2008-05-01 17:02 . 2008-05-01 19:04 14 --a------ C:\WINDOWS\system32\getfile.dat
2008-05-01 15:54 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-01 15:54 . 2008-05-01 15:54 421 --a------ C:\WINDOWS\ODBC.INI
2008-05-01 15:53 . 2008-05-01 15:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-01 15:52 . 2008-05-01 15:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-01 15:52 . 2008-05-01 15:52 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-01 15:29 . 2008-05-01 16:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-01 15:29 . 2008-05-01 15:29 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-01 15:28 . 2008-05-01 22:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-01 15:17 . 2000-03-29 08:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-01 15:17 . 2008-05-01 16:44 3,366 --a------ C:\WINDOWS\Ascd_tmp.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 14:58 --------- d-----w C:\Program Files\Opera
2008-05-01 14:16 --------- d-----w C:\Program Files\Neostrada TP
2008-05-01 14:13 --------- d-----w C:\Program Files\Thomson
2008-05-01 12:52 --------- d-----w C:\Program Files\Softwin
2008-05-01 12:52 --------- d-----w C:\Program Files\Common Files\Softwin
2008-05-01 12:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-01 12:28 --------- d-----w C:\Program Files\Usługi online
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 11:13 102,536 --sh--r C:\v.com
2003-07-17 02:26 448,640 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-17 02:22 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 07:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.
------- Sigcheck -------
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2004-02-11 08:49 2015232]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-10-11 11:28 360448]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 17:53 90112]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28 9728]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 13:09 33280]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\KonnektPlus\\konnekt.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27308:TCP"= 27308:TCP:BitComet 27308 TCP
"27308:UDP"= 27308:UDP:BitComet 27308 UDP
R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [2005-07-28 15:42]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 17:32:37
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-09 17:33:08
ComboFix-quarantined-files.txt 2008-05-09 15:33:05
Pre-Run: 7,882,547,200 bajtów wolnych
Post-Run: 7,906,623,488 bajtów wolnych
161
Ostatnio edytowany przez pykoo, 09 Maj 2008, 17:51, edytowano w sumie 1 raz
09 Maj 2008, 17:47
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Wklej do notatnika:
- Kod:
File::
C:\v.com
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
09 Maj 2008, 17:56
oto i log po przeprowadzeniu podanego przez ciebie procesu
- Kod:
ComboFix 08-05-08.1 - pykoo 2008-05-09 17:53:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.199 [GMT 2:00]
Running from: C:\Documents and Settings\pykoo\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\pykoo\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\v.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\v.com
.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
2008-05-05 18:06 . 2008-05-05 18:06 <DIR> d-------- C:\DESKJET
2008-05-05 18:04 . 2008-05-05 18:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-05 16:56 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-05 16:56 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-02 17:24 . 2008-05-02 17:24 <DIR> d-------- C:\Logs
2008-05-02 16:46 . 2008-05-02 16:46 <DIR> d-------- C:\Documents and Settings\pykoo\Dane aplikacji\Ahead
2008-05-02 14:53 . 2008-05-02 14:53 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-01 22:41 . 2008-05-01 22:42 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-01 22:12 . 2008-05-01 22:54 <DIR> d-------- C:\Program Files\Norton Ghost
2008-05-01 22:11 . 2008-05-01 22:11 <DIR> d-------- C:\Program Files\Symantec
2008-05-01 22:11 . 2008-05-01 22:55 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-01 22:11 . 2008-05-01 22:36 <DIR> d-------- C:\Documents and Settings\pykoo\Dane aplikacji\Symantec
2008-05-01 22:11 . 2008-05-01 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-01 22:05 . 2008-05-02 16:58 <DIR> d-------- C:\Program Files\FlashGet
2008-05-01 22:05 . 2004-08-03 23:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-05-01 21:21 . 2008-05-01 21:21 <DIR> d-------- C:\Program Files\IrfanView
2008-05-01 20:53 . 2008-05-01 20:53 <DIR> d-------- C:\Program Files\LightSurf
2008-05-01 20:51 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-01 20:17 . 2008-05-01 20:18 <DIR> d-------- C:\Program Files\KonnektPlus
2008-05-01 20:15 . 2008-05-01 20:15 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-01 19:52 . 2008-05-01 19:52 <DIR> d-------- C:\WINDOWS\nview
2008-05-01 19:52 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-01 19:52 . 2008-05-01 19:53 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-01 19:52 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-01 19:51 . 2008-05-01 19:51 <DIR> d-------- C:\NVIDIA
2008-05-01 19:51 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-01 19:48 . 2008-05-01 19:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-01 19:48 . 2008-05-01 19:48 <DIR> d-------- C:\Program Files\Ahead
2008-05-01 19:48 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-05-01 19:48 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-05-01 19:48 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-05-01 19:48 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-01 19:48 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-01 19:48 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-05-01 19:48 . 2008-05-01 19:48 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-05-01 19:45 . 2008-05-01 19:45 2,301 --a------ C:\WINDOWS\mozver.dat
2008-05-01 19:41 . 2008-05-01 19:42 <DIR> d-------- C:\Program Files\DivX
2008-05-01 19:36 . 2008-05-01 19:36 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-01 19:36 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-05-01 19:30 . 2008-05-01 19:30 <DIR> d-------- C:\Program Files\Xvid
2008-05-01 19:30 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-01 19:30 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-01 19:30 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-01 18:55 . 2008-05-01 18:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-01 18:05 . 2008-05-01 23:01 1,224 --a------ C:\WINDOWS\bestplayer.ini
2008-05-01 18:05 . 2008-05-01 23:01 57 --a------ C:\WINDOWS\bestplayer.bpp
2008-05-01 18:05 . 2008-05-01 23:01 0 --a------ C:\WINDOWS\bestplayer.bbt
2008-05-01 17:55 . 2008-05-01 17:55 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-01 17:47 . 2008-05-01 17:47 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-01 17:47 . 2008-05-01 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\stamina
2008-05-01 17:45 . 2008-05-01 17:53 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-01 17:43 . 2008-05-01 17:43 <DIR> d-------- C:\Program Files\eMule
2008-05-01 17:42 . 2008-05-01 17:42 <DIR> d-------- C:\Program Files\foobar2000
2008-05-01 17:42 . 2008-05-07 18:05 <DIR> d-------- C:\Documents and Settings\pykoo\Dane aplikacji\foobar2000
2008-05-01 17:37 . 2008-05-01 17:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-01 17:36 . 2008-05-01 17:37 <DIR> d-------- C:\Program Files\BitComet
2008-05-01 17:02 . 2008-05-01 19:04 14 --a------ C:\WINDOWS\system32\getfile.dat
2008-05-01 15:54 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-01 15:54 . 2008-05-01 15:54 421 --a------ C:\WINDOWS\ODBC.INI
2008-05-01 15:53 . 2008-05-01 15:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-01 15:52 . 2008-05-01 15:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-01 15:52 . 2008-05-01 15:52 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-01 15:29 . 2008-05-01 16:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-01 15:29 . 2008-05-01 15:29 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-01 15:28 . 2008-05-01 22:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-01 15:17 . 2000-03-29 08:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-01 15:17 . 2008-05-01 16:44 3,366 --a------ C:\WINDOWS\Ascd_tmp.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 14:58 --------- d-----w C:\Program Files\Opera
2008-05-01 14:16 --------- d-----w C:\Program Files\Neostrada TP
2008-05-01 14:13 --------- d-----w C:\Program Files\Thomson
2008-05-01 12:52 --------- d-----w C:\Program Files\Softwin
2008-05-01 12:52 --------- d-----w C:\Program Files\Common Files\Softwin
2008-05-01 12:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-01 12:28 --------- d-----w C:\Program Files\Usługi online
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2003-07-17 02:26 448,640 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-17 02:22 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 07:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.
------- Sigcheck -------
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2004-02-11 08:49 2015232]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-10-11 11:28 360448]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 17:53 90112]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28 9728]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 13:09 33280]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\KonnektPlus\\konnekt.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27308:TCP"= 27308:TCP:BitComet 27308 TCP
"27308:UDP"= 27308:UDP:BitComet 27308 UDP
R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [2005-07-28 15:42]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 17:54:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-09 17:54:58
ComboFix-quarantined-files.txt 2008-05-09 15:54:54
ComboFix2.txt 2008-05-09 15:33:09
Pre-Run: 7,891,132,416 bajtów wolnych
Post-Run: 7,883,915,264 bajtów wolnych
161
09 Maj 2008, 17:58
Log wyglada na czysty
Usuń ręcznie folder C: \Qoobox,usuń instalkę Combofix z dysku
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Włącz przywracanie systemu.
Usuń ręcznie folder C: \Qoobox,usuń instalkę Combofix z dysku
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Włącz przywracanie systemu.