artur76 utworzono 1 września 2008 utworzono 1 września 2008 powód: problem z opcjami folderów i dwuklikiem ComboFix 08-08-31.01 - art_san 2008-09-01 19:30:27.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.93 [GMT 2:00]Running from: C:\Documents and Settings\art_san\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 ))))))))))))))))))))))))))))))).2008-08-28 20:18 . 2008-08-28 20:18 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI2008-08-26 10:13 . 2008-08-28 08:46 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak2008-08-26 06:32 . 2008-08-27 18:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$2008-08-26 06:32 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe2008-08-04 12:27 . 2008-08-04 12:27 <DIR> d-------- C:\WINDOWS\DF5A03CCD5AA43D8B948D9903F2AF94A.TMP.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-01 16:18 --------- d-----w C:\Program Files\Mozilla Thunderbird2008-08-28 06:38 --------- d-----w C:\Program Files\Gadu-Gadu2008-07-14 11:45 --------- d-----w C:\Documents and Settings\art_san\Dane aplikacji\BESTplayer2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll2008-06-23 15:41 662,016 ----a-w C:\WINDOWS\system32\wininet.dll2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"{067A4D22-0884-4116-9A39-A1A740C8D447}"="G:\bmoc -d" [X]"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 11:35 327720]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]"CloneCDTray"="G:\programy\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:44 110592 C:\WINDOWS\system32\bthprops.cpl][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - G:\Reader\reader_sl.exe [2006-10-23 03:48:00 40048]Adobe Reader Synchronizer.lnk - G:\Reader\AdobeCollabSync.exe [2006-10-23 02:01:00 734872]BlueSoleil.lnk - G:\BlueSoleil\BlueSoleil.exe [2008-04-19 20:11:08 1183744]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56 65588][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="G:\\instalki\\flashget.exe"="G:\\BlueSoleil\\BlueSoleil.exe"=[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ed64fea-b166-11dc-a37f-0002a50152ed}]\Shell\AutoRun\command - F:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be2c34aa-174f-11dd-a478-101111111111}]\Shell\AutoRun\command - EXPLORER.EXE\Shell\explore\Command - EXPLORER.EXE\Shell\open\Command - EXPLORER.EXE[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed27b5b4-ff57-11dc-a437-101111111111}]\Shell\AutoRun\command - F:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fde30020-7734-11dd-a536-101111111111}]\Shell\AutoRun\command - F:\AutoRun.exe*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.- - - - ORPHANS REMOVED - - - -HKLM-Run-zzzHPSETUP - E:\Setup.exe.------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\art_san\Dane aplikacji\Mozilla\Firefox\Profiles\3xfmqpx5.default\.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-01 19:33:12Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-09-01 19:35:36ComboFix-quarantined-files.txt 2008-09-01 17:35:29Pre-Run: 1,705,988,096 bajtów wolnychPost-Run: 2,716,639,232 bajtów wolnych87 --- E O F --- 2008-08-27 16:32:18
Gość komentarz 1 września 2008 komentarz 1 września 2008 Wklej do Notatnika: Folder::C:\WINDOWS\DF5A03CCD5AA43D8B948D9903F2AF94A.TMPRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ed64fea-b166-11dc-a37f-0002a50152ed}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be2c34aa-174f-11dd-a478-101111111111}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed27b5b4-ff57-11dc-a437-101111111111}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fde30020-7734-11dd-a536-101111111111}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"{067A4D22-0884-4116-9A39-A1A740C8D447}"=- >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
artur76 komentarz 1 września 2008 Autor komentarz 1 września 2008 ComboFix 08-08-31.01 - art_san 2008-09-01 20:04:54.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.108 [GMT 2:00]Running from: C:\Documents and Settings\art_san\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\art_san\Pulpit\CFScript.txt.txt * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\DF5A03CCD5AA43D8B948D9903F2AF94A.TMPC:\WINDOWS\DF5A03CCD5AA43D8B948D9903F2AF94A.TMP\WiseCustomCalla.dllC:\WINDOWS\DF5A03CCD5AA43D8B948D9903F2AF94A.TMP\WiseCustomCalla11.dllC:\WINDOWS\DF5A03CCD5AA43D8B948D9903F2AF94A.TMP\WiseCustomCalla6.dllC:\WINDOWS\DF5A03CCD5AA43D8B948D9903F2AF94A.TMP\WiseCustomCalla9.exe.((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 ))))))))))))))))))))))))))))))).2008-08-28 20:18 . 2008-08-28 20:18 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI2008-08-26 10:13 . 2008-08-28 08:46 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak2008-08-26 06:32 . 2008-08-27 18:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$2008-08-26 06:32 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-01 17:50 --------- d-----w C:\Program Files\Mozilla Thunderbird2008-08-28 06:38 --------- d-----w C:\Program Files\Gadu-Gadu2008-07-14 11:45 --------- d-----w C:\Documents and Settings\art_san\Dane aplikacji\BESTplayer2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll2008-06-23 15:41 662,016 ----a-w C:\WINDOWS\system32\wininet.dll2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 11:35 327720]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]"CloneCDTray"="G:\programy\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:44 110592 C:\WINDOWS\system32\bthprops.cpl][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - G:\Reader\reader_sl.exe [2006-10-23 03:48:00 40048]Adobe Reader Synchronizer.lnk - G:\Reader\AdobeCollabSync.exe [2006-10-23 02:01:00 734872]BlueSoleil.lnk - G:\BlueSoleil\BlueSoleil.exe [2008-04-19 20:11:08 1183744]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56 65588][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="G:\\instalki\\flashget.exe"="G:\\BlueSoleil\\BlueSoleil.exe"=*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-01 20:07:03Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-09-01 20:08:44ComboFix-quarantined-files.txt 2008-09-01 18:08:40ComboFix2.txt 2008-09-01 17:35:38Pre-Run: 2,746,183,680 bajtów wolnychPost-Run: 2,737,127,424 bajtów wolnych78 --- E O F --- 2008-08-27 16:32:18
Mateusz J. komentarz 1 września 2008 komentarz 1 września 2008 Log czysty. powód: problem z opcjami folderów i dwuklikiemJeśli dalej masz problem, napisz trochę jaśniej o co chodzi
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.