Pokaz ukryte pliki-mam problem,prosze o pomoc!

Witam!
Jestem po raz piewrszy na tym forum...witam stałych rozmówców! Od razu zwracam się z prośba o pomoc!Ukryłam sobie kilka plików, ale treaz nistety nie moge ich zobaczyć. W panelu sterowania-opcje folderów-klikam,żeby pokazał mi ukryte,ale niestety nie działa. Przeskanował komputer, pokazało mie,że mam trojana, ale nie umiem tego usunąć. Czy byłby ktośtak miły i pomógl mi...Proszę:-)
Pozdrawiam!

Z opisanych objawów można wnioskować, że masz infekcję z pendrive'a.
Daj log z:
-->ComboFix.
albo
-->ComboFix
albo
-->>ComboFix.

ordynat

Dziękuję za szybka odpowiedz. Mam loga z hijackthis. Wystarczy?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:09, on 2008-07-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Wszystkie programy\Programy internetowe\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Patunia\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Wszystkie programy\Programy internetowe\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O17 - HKLM\System\CCS\Services\Tcpip\..\{087B0C21-7FC0-4E6F-A428-4179211C16D5}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5523 bytes

Mam loga z hijackthis. Wystarczy?

Nie, nie wystarczy!

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

Mimo, że nawet tu jest widoczna część tej infekcji.

ordynat

Proszę, o to log.

ComboFix 08-08-02.01 - Patunia 2008-08-03 12:53:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.65 [GMT 2:00]
Running from: C:\Documents and Settings\Patunia\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1rfw8hjr.com
C:\autorun.inf
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
D:\1rfw8hjr.com
D:\Autorun.inf
E:\1rfw8hjr.com
E:\Autorun.inf
F:\1rfw8hjr.com
F:\Autorun.inf
G:\1rfw8hjr.com
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-02 20:10 . 2008-08-02 20:10 89,460 -r-hs---- C:\r813.bat
2008-07-31 20:10 . 2008-08-01 19:58 87,215 -r-hs---- C:\e.com
2008-07-31 12:32 . 2008-07-31 13:21 88,890 -r-hs---- C:\kn6jhgc.cmd
2008-07-26 13:10 . 2008-07-26 13:11 <DIR> d-------- C:\Documents and Settings\Hanka\Gadu-Gadu
2008-07-12 17:10 . 2008-08-02 20:10 83,456 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-09 18:55 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-09 18:28 . 2008-07-09 18:28 <DIR> d---s---- C:\Documents and Settings\Hanka\UserData
2008-07-06 15:43 . 2008-03-01 15:30 <DIR> d--h----- C:\Documents and Settings\Hanka\Ustawienia lokalne
2008-07-06 15:43 . 2008-07-15 09:03 <DIR> dr------- C:\Documents and Settings\Hanka\Ulubione
2008-07-06 15:43 . 2008-03-01 14:36 <DIR> d--h----- C:\Documents and Settings\Hanka\Szablony
2008-07-06 15:43 . 2008-07-26 13:14 <DIR> d-------- C:\Documents and Settings\Hanka\Pulpit
2008-07-06 15:43 . 2008-07-07 09:31 <DIR> dr------- C:\Documents and Settings\Hanka\Moje dokumenty
2008-07-06 15:43 . 2008-03-01 15:30 <DIR> dr------- C:\Documents and Settings\Hanka\Menu Start
2008-07-06 15:43 . 2008-07-26 13:14 <DIR> dr-h----- C:\Documents and Settings\Hanka\Dane aplikacji
2008-07-06 15:43 . 2008-07-26 13:10 <DIR> d-------- C:\Documents and Settings\Hanka
2008-07-06 15:40 . 2008-07-07 09:36 <DIR> d-------- C:\Program Files\CR3D DEMO
2008-07-06 15:07 . 2008-07-06 15:07 21 --a------ C:\WINDOWS\kit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 10:52 --------- d-----w C:\Program Files\Neostrada TP
2008-07-09 17:32 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-07-09 17:28 --------- d-----w C:\Documents and Settings\Patunia\Dane aplikacji\OpenOffice.org2
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 07:29 --------- d-----w C:\Program Files\Google
2008-06-08 18:46 --------- d-----w C:\Program Files\Java
2008-06-08 18:43 --------- d-----w C:\Program Files\Common Files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="D:\Wszystkie programy\Programy internetowe\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 20:13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 20:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 20:07 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-03-01 17:00:44 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Wszystkie programy\\Programy internetowe\\Gadu-Gadu\\gg.exe"=
"D:\\Wszystkie programy\\Programy internetowe\\Bear Share\\BearShare.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28ecb228-53d8-11dd-995c-4d6564696130}]
\Shell\AutoRun\command - J:\ivcvknr.bat
\Shell\explore\Command - J:\ivcvknr.bat
\Shell\open\Command - J:\ivcvknr.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fde72f4-5024-11dd-994a-4d6564696130}]
\Shell\AutoRun\command - J:\ffojc.com
\Shell\explore\Command - J:\ffojc.com
\Shell\open\Command - J:\ffojc.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Orb - C:\Program Files\Winamp Remote\bin\OrbTray.exe
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.neostrada.pl
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: { - C:\Program Files\Messenger\msmsgs.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 12:57:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-03 12:59:21 - machine was rebooted [Patunia]
ComboFix-quarantined-files.txt 2008-08-03 10:59:16

Pre-Run: 54,796,288 bajtów wolnych
Post-Run: 350,744,576 bajt˘w wolnych

140 --- E O F --- 2008-07-09 18:57:20




Ps. Chyba już wszystko jest w porządku, prawda? ukryte pliki pokazały się:-)

Daję usuwanie "na wyrost", bo nie wiem, czy na wszystkich dyskach to będzie, ale nawet jeśli nie będzie - to nie przeszkadza.

Wklej do Notatnika:

File::
C:\r813.bat
C:\e.com
C:\kn6jhgc.cmd
C:\WINDOWS\system32\ckvo1.dll
d:\r813.bat
d:\e.com
d:\kn6jhgc.cmd
d:\WINDOWS\system32\ckvo1.dll
e:\r813.bat
e:\e.com
e:\kn6jhgc.cmd
e:\WINDOWS\system32\ckvo1.dll
f:\r813.bat
f:\e.com
f:\kn6jhgc.cmd
f:\WINDOWS\system32\ckvo1.dll
g:\r813.bat
g:\e.com
g:\kn6jhgc.cmd
g:\WINDOWS\system32\ckvo1.dll
J:\ivcvknr.bat
d:\ivcvknr.bat
e:\ivcvknr.bat
f:\ivcvknr.bat
g:\ivcvknr.bat
J:\ffojc.com
c:\ffojc.com
d:\ffojc.com
e:\ffojc.com
f:\ffojc.com
g:\ffojc.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28ecb228-53d8-11dd-995c-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fde72f4-5024-11dd-994a-4d6564696130}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.
Po restarcie usuń ręcznie folder C:\Qoobox.

ordynat

Zrobiłam tak jak poleciłeś... Oto log:

ComboFix 08-08-08.07 - Patunia 2008-08-09 10:06:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.71 [GMT 2:00]
Running from: C:\Documents and Settings\Patunia\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Patunia\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::
C:\e.com
c:\ffojc.com
C:\kn6jhgc.cmd
C:\r813.bat
C:\WINDOWS\system32\ckvo1.dll
d:\e.com
d:\ffojc.com
d:\ivcvknr.bat
d:\kn6jhgc.cmd
d:\r813.bat
d:\WINDOWS\system32\ckvo1.dll
e:\e.com
e:\ffojc.com
e:\ivcvknr.bat
e:\kn6jhgc.cmd
e:\r813.bat
e:\WINDOWS\system32\ckvo1.dll
f:\e.com
f:\ffojc.com
f:\ivcvknr.bat
f:\kn6jhgc.cmd
f:\r813.bat
f:\WINDOWS\system32\ckvo1.dll
g:\e.com
g:\ffojc.com
g:\ivcvknr.bat
g:\kn6jhgc.cmd
g:\r813.bat
g:\WINDOWS\system32\ckvo1.dll
J:\ffojc.com
J:\ivcvknr.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\e.com
C:\kn6jhgc.cmd
C:\r813.bat
C:\tyktjfww.exe
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
D:\Autorun.inf
d:\e.com
d:\kn6jhgc.cmd
d:\r813.bat
D:\tyktjfww.exe
E:\Autorun.inf
e:\e.com
e:\kn6jhgc.cmd
e:\r813.bat
E:\tyktjfww.exe
F:\Autorun.inf
f:\e.com
f:\kn6jhgc.cmd
f:\r813.bat
F:\tyktjfww.exe
G:\Autorun.inf
g:\e.com
g:\kn6jhgc.cmd
g:\r813.bat
G:\tyktjfww.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-08 12:21 . 2008-07-19 11:31 115,799 -r-hs---- C:\ybj8df.exe
2008-07-26 13:10 . 2008-07-26 13:11 <DIR> d-------- C:\Documents and Settings\Hanka\Gadu-Gadu
2008-07-09 18:55 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-09 18:28 . 2008-07-09 18:28 <DIR> d---s---- C:\Documents and Settings\Hanka\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 08:06 --------- d-----w C:\Program Files\Neostrada TP
2008-07-09 17:32 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-07-09 17:28 --------- d-----w C:\Documents and Settings\Patunia\Dane aplikacji\OpenOffice.org2
2008-07-07 07:36 --------- d-----w C:\Program Files\CR3D DEMO
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 07:29 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="D:\Wszystkie programy\Programy internetowe\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 20:13 68856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 20:37 2321600]
"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 20:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 20:07 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-03-01 17:00:44 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Wszystkie programy\\Programy internetowe\\Gadu-Gadu\\gg.exe"=
"D:\\Wszystkie programy\\Programy internetowe\\Bear Share\\BearShare.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0555010-2701-11dd-9909-4d6564696130}]
\Shell\AutoRun\command - J:\ybj8df.exe
\Shell\explore\Command - J:\ybj8df.exe
\Shell\open\Command - J:\ybj8df.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 10:10:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-09 10:12:03 - machine was rebooted [Patunia]
ComboFix-quarantined-files.txt 2008-08-09 08:12:00
ComboFix2.txt 2008-08-03 10:59:22

Pre-Run: 304,889,856 bajtów wolnych
Post-Run: 454,811,648 bajt˘w wolnych

156 --- E O F --- 2008-07-09 18:57:20

Wklej do Notatnika:

File::
C:\ybj8df.exe
d:\ybj8df.exe
e:\ybj8df.exe
f:\ybj8df.exe
g:\ybj8df.exe
J:\ybj8df.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kamsoft"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0555010-2701-11dd-9909-4d6564696130}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
? podobnie jak na tym obrazku -->
Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C:\Qoobox.

Daj ten log, króry powstanie w trakcie usuwania.

ordynat

Proszę, o to log:

ComboFix 08-08-08.07 - Patunia 2008-08-10 17:19:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.101 [GMT 2:00]
Running from: C:\Documents and Settings\Patunia\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Patunia\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::
C:\ybj8df.exe
d:\ybj8df.exe
e:\ybj8df.exe
f:\ybj8df.exe
g:\ybj8df.exe
J:\ybj8df.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ybj8df.exe
d:\ybj8df.exe
e:\ybj8df.exe
f:\ybj8df.exe
g:\ybj8df.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.

2008-08-09 12:44 . 2008-08-09 17:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-08-09 12:44 . 2008-08-09 12:44 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-09 11:00 . 2008-08-09 11:00 <DIR> d-------- C:\Documents and Settings\Patunia\Dane aplikacji\Serif
2008-08-09 10:59 . 2008-08-09 10:59 <DIR> d-------- C:\Program Files\Serif
2008-07-26 13:10 . 2008-07-26 13:11 <DIR> d-------- C:\Documents and Settings\Hanka\Gadu-Gadu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 15:18 --------- d-----w C:\Program Files\Neostrada TP
2008-08-09 08:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 17:32 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-07-09 17:28 --------- d-----w C:\Documents and Settings\Patunia\Dane aplikacji\OpenOffice.org2
2008-07-07 07:36 --------- d-----w C:\Program Files\CR3D DEMO
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 07:29 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 20:13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 20:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 20:07 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-03-01 17:00:44 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Wszystkie programy\\Programy internetowe\\Gadu-Gadu\\gg.exe"=
"D:\\Wszystkie programy\\Programy internetowe\\Bear Share\\BearShare.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 17:20:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-10 17:21:32
ComboFix-quarantined-files.txt 2008-08-10 15:21:30
ComboFix2.txt 2008-08-09 08:12:04

Pre-Run: 412,028,928 bajtów wolnych
Post-Run: 513,265,664 bajtów wolnych

95 --- E O F --- 2008-07-09 18:57:20

Czysto.


ordynat

Dziękuję bardzo za pomoc! Jestem bardzo wdzięczna...Sama nie poradziłabym sobie! Jeszcze raz wielkie dzięki!
Pozdrawiam!