proszę o sprawdzenie loga.

przez **kruk87** » 06 Mar 2008, 18:56

Usterki z komputerem: nie działający schwek (czasami, nie da się nic skopiować i wkleić), ostatnio też nie mogę zaznaczyę opcji pokaż ukryte pliki i foldery (tzn mogę, ale pliki sie nie pokazują a po ponowym wejściu w menu narzędzia, funkcja jest odznaczona)

ComboFix 08-03-05.3 - Kruk 2008-03-06 17:35:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.131 [GMT 1:00]Running from: C:\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-03-06 17:24 . 2008-03-06 17:21 107,849 -r-hs---- C:\a3g3.bat
2008-03-06 08:57 . 2008-03-06 17:25 <DIR> d-------- C:\Program Files\PictureLabor
2008-03-06 08:15 . 2008-03-06 08:14 106,249 -r-hs---- C:\ta2.cmd
2008-03-02 22:55 . 2008-03-03 19:48 108,058 -r-hs---- C:\x6.bat
2008-02-27 19:16 . 2008-02-27 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-02-27 19:10 . 2008-02-27 19:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-25 21:40 . 2008-02-25 21:40 <DIR> d-------- C:\Program Files\Goolag Scanner
2008-02-14 16:02 . 2008-02-14 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\stamina
2008-02-12 22:18 . 2008-02-12 22:18 175 --a------ C:\WINDOWS\ODBC.INI
2008-02-12 22:17 . 2008-02-12 22:17 <DIR> d-------- C:\WINDOWS\system32\js
2008-02-12 22:17 . 2008-02-12 22:17 <DIR> d-------- C:\WINDOWS\system32\images
2008-02-12 22:17 . 2008-02-12 22:17 <DIR> d-------- C:\WINDOWS\system32\html
2008-02-12 22:17 . 2008-02-12 22:17 <DIR> d-------- C:\WINDOWS\system32\css
2008-02-12 22:17 . 2008-02-12 22:17 <DIR> d-------- C:\Program Files\Business Objects
2008-02-12 22:07 . 2008-02-12 22:15 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-02-12 22:06 . 2008-02-12 22:06 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-02-12 22:05 . 2008-02-12 22:06 <DIR> d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-02-12 22:04 . 2008-02-12 22:04 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-12 22:04 . 2008-02-12 22:04 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-12 21:53 . 2008-02-12 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PreEmptive Solutions
2008-02-12 21:46 . 2008-02-12 21:46 <DIR> d-------- C:\WINDOWS\symbols
2008-02-12 21:44 . 2008-02-12 22:12 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-12 21:44 . 2008-02-12 22:17 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-02-12 21:44 . 2008-02-12 21:44 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-02-12 21:44 . 2008-02-12 21:48 <DIR> d-------- C:\Program Files\HTML Help Workshop
2008-02-12 21:44 . 2008-02-12 21:53 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-02-12 21:44 . 2008-02-12 21:44 <DIR> d-------- C:\Program Files\CE Remote Tools
2008-02-12 21:42 . 2008-02-12 21:42 <DIR> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-02-12 21:38 . 2008-02-12 21:38 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-12 21:38 . 2008-02-12 21:38 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-12 21:38 . 2008-02-12 21:47 <DIR> d-------- C:\Program Files\MSBuild
2008-02-12 21:37 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-12 21:21 . 2008-02-12 21:22 <DIR> d-------- C:\ponyChat files
2008-02-11 12:38 . 2006-06-01 15:34 130,499 --a------ C:\WINDOWS\.NET Framework 2.0Readme.rtf
2008-02-09 17:44 . 2008-02-09 17:44 56 --a------ C:\WINDOWS\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 16:39 --------- d-----w C:\Documents and Settings\Kruk\Dane aplikacji\Free Download Manager
2008-03-03 19:08 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-27 18:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-19 19:40 --------- d-----w C:\Documents and Settings\Kruk\Dane aplikacji\GanymedeNet
2008-02-12 20:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-02-03 12:33 --------- d-----w C:\Documents and Settings\Kruk\Dane aplikacji\Teleca
2008-02-03 12:32 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-03 12:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-02-03 12:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-02-03 12:31 --------- d-----w C:\Program Files\Sony Ericsson
2008-02-03 12:29 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-02-03 12:29 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-01-31 10:18 --------- d-----w C:\Program Files\Nettsenteret
2008-01-29 18:25 --------- d-----w C:\Program Files\Ganymede
2008-01-23 22:45 --------- d-----w C:\Program Files\Interplay
2008-01-23 13:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-22 20:28 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-01-21 12:47 --------- d-----w C:\Documents and Settings\Kruk\Dane aplikacji\Unigraphics Solutions
2008-01-21 12:35 --------- d-----w C:\Program Files\Rainbow Technologies
2008-01-21 12:29 --------- d-----w C:\Program Files\Solid Edge V11
2008-01-21 12:23 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-21 12:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-14 18:54 --------- d-----w C:\Program Files\Java
2008-01-14 18:41 --------- d-----w C:\Program Files\Common Files\Java
2008-01-10 12:29 --------- d-----w C:\Program Files\IrfanView
2008-01-09 16:48 --------- d-----w C:\Program Files\GuildFTPd
2007-12-13 20:33 147,456 ----a-w C:\WINDOWS\effeUI.exe
2007-12-13 17:34 581,632 ----a-w C:\WINDOWS\system32\VTDisply.dll
2007-12-13 17:34 540,672 ----a-w C:\WINDOWS\system32\VTovrlay.dll
2007-12-13 17:34 53,248 ----a-w C:\WINDOWS\system32\VTTimer.exe
2007-12-13 17:34 446,464 ----a-w C:\WINDOWS\system32\VTGamma2.dll
2007-12-13 17:34 319,488 ----a-w C:\WINDOWS\system32\VTInfo2.dll
2007-12-13 17:34 3,490,432 ----a-w C:\WINDOWS\system32\vtdisp.dll
2007-12-13 17:34 163,840 ----a-w C:\WINDOWS\system32\VTTrayp.exe
2007-12-13 17:34 1,875,968 ----a-w C:\WINDOWS\system32\vticd.dll
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 18:02 40960]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 13:06 167368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"VTTimer"="VTTimer.exe" [2007-12-13 18:34 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2007-12-13 18:34 163840 C:\WINDOWS\system32\VTTrayp.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ponyChat"="C:\Program Files\ponyChat\ponyChat.exe" [2007-12-13 21:33 618496]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 14:22 159744]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\ponyChat\\ponyChat.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be149694-a989-11dc-a779-0040cadef08b}]
\Shell\AutoRun\command - H:\x6.bat
\Shell\explore\Command - H:\x6.bat
\Shell\open\Command - H:\x6.bat

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 17:40:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-06 17:42:07
ComboFix-quarantined-files.txt 2008-03-06 16:42:00
.
2008-02-15 22:05:07 --- E O F ---

przez **Arexe** » 06 Mar 2008, 21:33

Wklej do Notatnika:

File::
C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\a3g3.bat
C:\ta2.cmd
C:\x6.bat

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be149694-a989-11dc-a779-0040cadef08b}]

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combofix.

Przeskanuj kompa MKS Skaner Online oraz np. SpyBot....

proszę o sprawdzenie loga.

proszę o sprawdzenie loga.

Kto jest na forum