Otwórz za pomocą.../amvo.exe/szlag mnie trafia...
Cześć czołem wszystkim! Nie było mnie tu miliard lat, bez kitu! Normalnie się za Wami stęskniłam! No, ale przejdźmy do rzeczy.
Ostatnio dopada mnie jakiś gówniany wirus, trojan, cholera wie co. Zapewne Wam znany amvo.exe. Ale w ogóle wali mi cały czas coś w kompie (zarówno moim, jak i moich sióstr). Po prostu mnie trafia na miejscu szlag, bo nie umiem sobie z nim poradzić.
Objawy:
- wpinany dysk zewnętrzny, aparat (pojawiający się w moim komputerze jako "dysk wymienny") nie otwierają się normalnie, przez dwuklik. Generalnie w ogóle się nie otwierają. Pojawia się okno "Otwórz za pomocą..." Robiłam już jakieś regsvr32 /i shell32, combofixy itp. ale działa to na krótką metę. Trojan (czy jak mu tam pojawia się znowu, a to z jakimś pendrivem, a to z kartą pamięci). A co ciekawe, Norton go nie widzi.
Nie wiem, poradźcie, co mam z tym zrobić, bo przyznam, że zaczyna mnie delikatnie mówiąc cholera trafiać. Zmiana antywirusa? Jeśli tak, to na jaki? Nie mam pomysłów co zrobić.
Poniżej wrzucam log z hijackthis:
[code]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:16, on 2008-08-31
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Ruda\Pulpit\hijackthis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8235 bytes[/code]
I Combofixa
[code]ComboFix 08-08-30.03 - Ruda 2008-08-31 12:36:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1556 [GMT 2:00]
Running from: E:\Programy\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.
2008-08-31 12:10 . 2008-08-31 12:10 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-29 18:28 . 2008-08-29 18:28 d-------- C:\Program Files\Common Files\PCSuite
2008-08-29 18:28 . 2008-08-29 18:28 d-------- C:\Program Files\Common Files\Nokia
2008-08-29 18:27 . 2008-08-29 18:27 d-------- C:\Program Files\PC Connectivity Solution
2008-08-29 02:05 . 2000-10-24 00:00 3,608 --a------ C:\WINDOWS\system32\drivers\port_nt.sys
2008-08-29 02:04 . 2008-08-29 02:05 d-------- C:\Program Files\PRO100
2008-08-24 14:58 . 2008-08-24 14:58 d--h----- C:\WINDOWS\PIF
2008-08-24 10:05 . 2001-10-26 14:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-24 10:05 . 2001-10-26 14:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-18 19:04 . 2008-08-18 19:05 d-------- C:\Documents and Settings\Ruda\Dane aplikacji\Luxology
2008-08-18 19:03 . 2008-08-18 19:03 d-------- C:\Program Files\Luxology
2008-08-17 21:04 . 2008-08-17 21:04 d-------- C:\Program Files\Ancient Quest of Saqqarah
2008-08-17 21:04 . 2008-08-17 21:12 d-------- C:\Documents and Settings\Ruda\Dane aplikacji\Ancient Quest of Saqqarah__bfg
2008-08-15 03:03 . 2008-08-15 03:03 d-------- C:\Documents and Settings\Ruda\Dane aplikacji\vlc
2008-08-15 03:01 . 2008-04-15 02:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-15 03:01 . 2008-08-15 03:04 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-14 20:53 . 2008-08-14 20:53 d-------- C:\Program Files\VideoLAN
2008-08-14 20:49 . 2008-08-14 20:49 d-------- C:\Documents and Settings\Ruda\Dane aplikacji\Media Player Classic
2008-08-06 20:46 . 2008-04-13 22:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-06 13:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-06 13:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-06 13:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-06 13:08 . 2008-08-06 13:08 dr-h----- C:\Documents and Settings\Ruda\Dane aplikacji\SecuROM
2008-08-06 13:08 . 2008-08-06 13:08 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-08-06 12:39 . 2008-08-06 12:39 d-------- C:\Program Files\Ubisoft
2008-08-06 12:35 . 2008-08-06 12:35 d-------- C:\Program Files\DAEMON Tools Lite
2008-08-06 12:27 . 2008-08-06 12:27 d-------- C:\Documents and Settings\Ruda\Dane aplikacji\DAEMON Tools
2008-08-06 12:27 . 2008-08-06 12:27 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-06 10:33 . 2008-08-15 07:55 d-------- C:\WINDOWS\system32\LogFiles
2008-08-06 10:24 . 2008-04-13 22:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-06 10:24 . 2008-04-13 22:15 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-06 10:24 . 2008-08-06 10:24 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-06 10:24 . 2008-08-06 10:24 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-05 20:58 . 2008-08-05 20:59 d-------- C:\Program Files\Yahoo!
2008-08-05 17:10 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-05 16:44 . 2008-08-05 16:48 d-------- C:\Program Files\Windows Live
2008-08-05 16:44 . 2008-08-05 16:48 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-05 16:44 . 2008-08-05 16:44 d-------- C:\Documents and Settings\All Users\Dane aplikacji\WLInstaller
2008-08-05 16:39 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-08-05 16:39 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-08-05 16:39 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-08-05 16:27 . 2008-08-05 16:27 d-------- C:\Program Files\uTorrent
2008-08-05 16:27 . 2008-08-18 19:02 d-------- C:\Documents and Settings\Ruda\Dane aplikacji\uTorrent
2008-08-05 16:17 . 2008-08-15 07:21 103 --a------ C:\WINDOWS\VplayerINI.vpl
2008-08-05 16:16 . 2008-08-15 07:21 2,798 --a------ C:\WINDOWS\VPlayer.INI
2008-08-05 16:02 . 2008-08-05 16:02 16 --a------ C:\WINDOWS\system32\coh.cache
2008-08-05 12:32 . 2008-08-05 12:32 203,136 --a------ C:\WINDOWS\system32\drivers\RMCast.sys
2008-08-05 12:32 . 2008-08-05 12:32 203,136 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 10:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-31 09:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-08-30 16:33 --------- d-----w C:\Program Files\eMule
2008-08-29 16:28 --------- d-----w C:\Program Files\Nokia
2008-08-29 15:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-08-28 17:07 --------- d-----w C:\Documents and Settings\Ruda\Dane aplikacji\Tlen.pl
2008-08-23 07:39 --------- d-----w C:\Program Files\Tlen.pl
2008-08-18 17:04 --------- d-----w C:\Program Files\Bonjour
2008-08-18 17:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 01:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-09 06:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-08-06 08:49 --------- d-----w C:\Program Files\Winamp
2008-08-06 08:32 --------- d-----w C:\Documents and Settings\Ruda\Dane aplikacji\PC Suite
2008-08-06 08:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-08-05 14:37 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-05 14:23 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-05 14:23 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-05 14:23 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-05 14:23 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-05 14:23 --------- d-----w C:\Program Files\Symantec
2008-08-05 14:13 --------- d-----w C:\Program Files\SubEdit-Player
2008-08-05 13:30 --------- d-----w C:\Documents and Settings\Ruda\Dane aplikacji\Winamp
2008-08-05 13:29 --------- d-----w C:\Program Files\VPlayer
2008-08-05 13:28 --------- d-----w C:\Program Files\Unlocker
2008-08-05 13:28 --------- d-----w C:\Program Files\Total Commander
2008-08-05 13:27 --------- d-----w C:\Documents and Settings\Ruda\Dane aplikacji\Apple Computer
2008-08-05 13:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-08-05 13:26 --------- d-----w C:\Program Files\QuickTime
2008-08-05 13:26 --------- d-----w C:\Program Files\Opera
2008-08-05 13:26 --------- d-----w C:\Program Files\Apple Software Update
2008-08-05 13:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-08-05 13:25 --------- d-----w C:\Documents and Settings\Ruda\Dane aplikacji\Nokia
2008-08-05 13:23 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-05 13:23 --------- d-----w C:\Program Files\Easy CD-DA Extractor 11
2008-08-05 13:22 --------- d-----w C:\Program Files\DIFX
2008-08-05 13:20 --------- d-----w C:\Program Files\MSECache
2008-08-05 13:17 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-05 13:17 --------- d-----w C:\Program Files\Microsoft Works
2008-08-05 13:13 2,516 --sha-w C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys
2008-08-05 13:12 8 --sh--r C:\Documents and Settings\All Users\Dane aplikacji\3C89E9CEB1.sys
2008-08-05 13:12 --------- d-----w C:\Documents and Settings\Ruda\Dane aplikacji\Corel
2008-08-05 13:11 --------- d-----w C:\Program Files\Common Files\Protexis
2008-08-05 13:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-08-05 13:10 --------- d-----w C:\Program Files\Common Files\Corel
2008-08-05 13:09 --------- d-----w C:\Program Files\Corel
2008-08-05 13:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-08-05 13:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-05 12:59 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-05 12:59 --------- d-----w C:\Documents and Settings\Ruda\Dane aplikacji\Nero
2008-08-05 12:48 --------- d-----w C:\Program Files\Common Files\ChaosGroup
2008-08-05 12:47 --------- d-----w C:\Program Files\Chaos Group
2008-08-05 12:46 --------- d-----w C:\Documents and Settings\Ruda\Dane aplikacji\Autodesk
2008-08-05 12:42 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-08-05 12:42 --------- d-----w C:\Program Files\Autodesk
2008-08-05 12:36 --------- d-----w C:\Program Files\Nero
2008-08-05 12:35 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-05 12:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-08-05 12:34 262,884 ----a-w C:\WINDOWS\IPUI_DivXG400.exe
2008-08-05 12:34 --------- d-----w C:\Program Files\Xvid
2008-08-05 12:34 --------- d-----w C:\Program Files\Real Alternative
2008-08-05 12:34 --------- d-----w C:\Program Files\Java
2008-08-05 12:34 --------- d-----w C:\Program Files\Common Files\Java
2008-08-05 12:34 --------- d-----w C:\Program Files\AC3Filter
2008-08-05 12:33 --------- d-----w C:\Program Files\Lavalys
2008-08-05 12:31 --------- d-----w C:\Program Files\ToniArts
2008-08-05 12:31 --------- d-----w C:\Program Files\CCleaner
2008-08-05 12:30 --------- d-----w C:\Program Files\Innovative Solutions
2008-08-05 12:30 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-05 12:26 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-05 12:24 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-08-05 12:24 --------- d-----w C:\Documents and Settings\Ruda\Dane aplikacji\Folder przesyłania Share-to-Web
2008-08-05 12:22 --------- d-----w C:\Program Files\HP
2008-08-05 12:17 --------- d-----w C:\Program Files\Creative
2008-08-05 12:16 --------- d-----w C:\Documents and Settings\Ruda\Dane aplikacji\Creative
2008-08-05 12:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-05 12:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-05 12:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-05 10:39 86,073 ----a-w C:\WINDOWS\system32\usrfaxa.dll
2008-08-05 10:34 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-08-05 10:34 330,752 ----a-w C:\WINDOWS\system32\ipnathlp.dll
2008-08-05 10:34 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-08-05 10:34 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-08-05 10:34 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-08-05 10:34 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:39 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-05-07 05:38 90,624 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
2008-05-07 05:38 659,968 ----a-w C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 02:51 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 16:00 1249280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 05:10 116328]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-04-25 18:08 123904 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\All Users\Menu Start\Programy\AutostartYahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-15 02:51 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-10-23 19:51 233472 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 11:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-11-07 18:45 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-01-14 09:11 771704 C:\Program Files\Norton Internet Security\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
--a------ 2002-12-03 18:06 45056 C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 10:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-10-06 08:57 24576 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"E:\\Programy\\3D Studio Max 2008\\Vray Render1.5 R3\\crack\\VRLServer.exe"=
"C:\\Program Files\\Chaos Group\\V-Ray\\3dsmax R9 for x86\\vrlserver.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 09:07]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-24 00:00]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c6e6d3-62f3-11dd-9e23-806d6172696f}]
\Shell\AutoRun\command - F:\CTRun\Start.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c6e6d4-62f3-11dd-9e23-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-08-25 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Ruda.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 11:09]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-RunOnce-@ - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ruda\Dane aplikacji\Mozilla\Firefox\Profiles\spb2gthc.defaultFireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.
.
------- File Associations (Beta) -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 12:38:34
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-31 12:39:30
ComboFix-quarantined-files.txt 2008-08-31 10:39:12
ComboFix2.txt 2008-08-23 07:44:15
Pre-Run: 24,828,792,832 bajtów wolnych
Post-Run: 24,904,617,984 bajtów wolnych
275 --- E O F --- 2008-08-16 08:57:37[/code]
Lia (co dawno tu nie była)
Odpowiedzi: 1
Pozbądź się z rejestru klucza HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c6e6d3-62f3-11dd-9e23-806d6172696f} oraz wywal pliki F:\CTRun\Start.EXE i G:\setup.exe. Pewnie coś jeszcze przegapiłem, ale wybacz, przestałem być biegły w odrabaczaniu już dawno, dawno.
Przejedź [url=http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe]tym[/url] wszystkie posiadane pamięci flash, oraz [url=http://www.softpedia.com/get/Security/Security-Related/PRT-Perlovga-Removal-Tool.shtml]tym[/url] caluśki system.
Norton jak dla mnie jest nie możliwy w codziennym użytku, kobyła jakich mało. Coś lepszego? W zasadzie wszystko, ale Avasta masz za friko.
Powitać serdecznie! Wpadasz jak po ogień, ale miło, że się czasem zjawisz :)
Strona 1 / 1