antivirus 2008xp

ComboFix 08-08-04.09 - master 2008-08-06 10:03:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.550 [GMT 2:00]
Running from: C:\Documents and Settings\master\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\master\Dane aplikacji\rhctl0j0egda
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\00595061
C:\Program Files\myglobalsearch\bar\Cache\00596669
C:\Program Files\myglobalsearch\bar\Cache\00597444.bin
C:\Program Files\myglobalsearch\bar\Cache\0059875F.bin
C:\Program Files\myglobalsearch\bar\Cache\005997BA.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\blphcpl0j0egda.scr
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\system32\tmp20.tmp
C:\WINDOWS\system32\tmp21.tmp

.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.

2008-08-05 17:04 . 2008-08-05 20:38 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-05 17:01 . 2008-08-06 09:47 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-05 17:01 . 2008-08-05 17:01 <DIR> d-------- C:\Program Files\AVG
2008-08-05 17:01 . 2008-08-05 17:03 <DIR> d-------- C:\Documents and Settings\master\Dane aplikacji\AVGTOOLBAR
2008-08-05 17:01 . 2008-08-05 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg8
2008-08-05 17:01 . 2008-08-05 21:07 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-05 17:01 . 2008-08-05 17:01 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-08-05 17:01 . 2008-08-05 21:07 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-05 16:03 . 2008-08-05 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SoftLand Ltd
2008-08-05 16:03 . 2008-08-05 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\services
2008-08-04 21:02 . 2008-08-04 21:03 24 ---hs---- C:\WINDOWS\S5E29088B.tmp
2008-08-04 21:00 . 2008-08-04 21:00 <DIR> d-------- C:\Program Files\SlySoft
2008-08-04 20:52 . 2008-08-05 12:51 <DIR> d-------- C:\Program Files\Deutsch Translator 2
2008-08-03 09:46 . 2008-08-03 09:46 <DIR> d-------- C:\Program Files\CDex_151
2008-08-03 09:16 . 2008-08-03 09:16 <DIR> d-------- C:\totalcmd
2008-08-03 09:16 . 2008-08-03 09:18 820 --a------ C:\WINDOWS\wincmd.ini
2008-08-03 09:16 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\UC.PIF
2008-08-03 09:16 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\RAR.PIF
2008-08-03 09:16 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-08-03 09:16 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-08-03 09:16 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-08-03 09:16 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\LHA.PIF
2008-08-03 09:16 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\ARJ.PIF
2008-07-26 17:27 . 2008-07-26 17:27 <DIR> d-------- C:\Documents and Settings\master\Dane aplikacji\Nero
2008-07-26 17:22 . 2008-07-26 17:25 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-26 17:22 . 2008-07-26 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 15:24 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-05 14:07 --------- d-----w C:\Program Files\English Translator 3
2008-08-04 18:58 --------- d-----w C:\Program Files\BitComet
2008-08-03 07:49 --------- d-----w C:\Program Files\CDex_150
2008-07-26 15:22 --------- d-----w C:\Program Files\Nero
2008-07-26 15:10 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-22 09:23 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-18 15:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-07-07 13:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 18:53 --------- d-----w C:\Program Files\JetAudio
2008-06-29 11:18 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-29 11:18 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-29 11:18 --------- d-----w C:\Program Files\OpenAL
2008-06-29 11:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-02-19 18:09 1,599,488 --sh--w C:\Documents and Settings\master\Moje dokumentyEhw0Gp_cfdg.exe
2008-02-19 18:03 1,599,488 --sh--w C:\Documents and Settings\master\Moje dokumentyLlm76m_cfdg.exe
2008-02-02 13:08 560 ----a-w C:\Program Files\Global.sw
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-01-03 20:37 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 16:58 1716224]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 14:06 167368]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-12-18 03:02 471040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-10 17:19 171448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-03-21 23:55 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 08:51 7323648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 08:51 86016]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51 352256]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 18:04 3313664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-05 21:08 1232152]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"nwiz"="nwiz.exe" [2005-12-14 08:51 1519616 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 05:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 10:01 151552 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\master\Menu Start\Programy\Autostart\
PowerReg Scheduler.exe [2008-03-22 14:58:05 256000]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-21 23:55:23 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"E:\\PES 2008\\[PC] Pro Evolution Soccer 2008 [ENG] [dopeman]\\PES08\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20715:TCP"= 20715:TCP:BitComet 20715 TCP
"20715:UDP"= 20715:UDP:BitComet 20715 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-05 21:07]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-05 21:07]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 13:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-07-05 14:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7e6f09a-ba28-11dc-b5b8-0008a1878d40}]
\Shell\Auto\command - SVCH0ST.EXE
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de60b314-d57c-11dc-b637-0008a1878d40}]
\Shell\Auto\command - L:\SVCH0ST.EXE
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH0ST.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-11-09 23:11]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 -: Download all links using BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: Download all videos using BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: Download link using &BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{FAFFF1D9-88A6-457C-8B65-A63BFFFF84C1}: NameServer = 217.116.100.65 217.116.100.66


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 10:06:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-06 10:08:07
ComboFix-quarantined-files.txt 2008-08-06 08:07:27

Pre-Run: 20,269,027,328 bajtów wolnych
Post-Run: 21,381,201,920 bajtów wolnych

199 --- E O F --- 2008-07-18 15:55:00

Do wyleczenia pendrive z wirusów użyj
Perlovga Removal Tool
Flash Disinfector
lub format

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod:

File::
C:\WINDOWS\S5E29088B.tmp

Folder::
C:\Program Files\AskTBar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-
[-HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7e6f09a-ba28-11dc-b5b8-0008a1878d40}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de60b314-d57c-11dc-b637-0008a1878d40}]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.eu/ a w poście dajesz tylko link

http://www.wklejto.pl/7408

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

pisze ze nie znaleziono zadnych wirusów

Jeśli tak to powinno być ok

dzieki za pomoc