Prośba o sprawdzenie loga

[ewela]

Witam Czy ktoś może sprawdzić mi wydruk z comboFix-a wiem ze jest tam dużo wirusów ale widzę tylko niektóre a na reszcie sie nie znam. Bardzo proszę o sprawdzenie i zostawienie w takiej formie żebym tylko wrzuciła do programu. Jestem kompletnym laikiem w tym


ComboFix 08-05-21.3 - myszka 2008-05-24 16:07:20.6 - FAT32x86
Running from: C:\Documents and Settings\myszka\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
C:\Program Files\Google\googletoolbar1.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-24 14:21 . 2008-05-24 14:21 <DIR> d--hs---- C:\FOUND.018
2008-05-23 17:51 . 2008-05-23 17:51 <DIR> d--hs---- C:\FOUND.017
2008-05-23 15:59 . 2008-05-23 15:59 <DIR> d--hs---- C:\FOUND.016
2008-05-15 19:12 . 2008-05-15 19:12 <DIR> d-------- C:\Program Files\SkanerOnline
2008-05-14 16:20 . 2008-05-14 16:20 <DIR> d--hs---- C:\FOUND.015
2008-04-27 20:04 . 2008-02-18 02:31 704,512 ---hs---- C:\WINDOWS\system32\_rejoice082.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-18 00:31 704,512 --sh--w C:\WINDOWS\system32\_rejoice082.exe
2005-05-18 15:31 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-05-18 15:31 56 --sh--r C:\WINDOWS\system32\66BF89054E.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EA0D26BD-9029-431A-86E0-83152D67828A}"= "C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}]
[HKEY_CLASSES_ROOT\ZangoToolbar.ZCToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}]
[HKEY_CLASSES_ROOT\ZangoToolbar.ZCToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 17:32 25365032]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-07 20:40 68856]
"wsctf.exe"="wsctf.exe" []
"EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 15:23 1034752 C:\WINDOWS\explorer.exe]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 17:31 147456]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 19:45 35328]
"Globe7"="C:\Program Files\Globe7\Globe7.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-28 23:50 286720]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2004-08-25 17:09]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2001-04-27 06:08]
S2 Windows Instrumentation;Windows Instrumentation;C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice082.exe [2008-02-18 02:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c260e0-d70a-11db-a09d-00079506ee94}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8aac0bd0-00c9-11dc-a0f9-00079506ee94}]
\Shell\Auto\command - F:\rejoice082.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rejoice082.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df117200-9c3d-11dc-a1e7-00079506ee94}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fafb20-024b-11dc-a0fe-00079506ee94}]
\Shell\Auto\command - F:\rejoice082.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rejoice082.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 16:11:31
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

C:\program files\internet explorer\IEXPLORE.EXE [360] 0xFFA5EB98
C:\WINDOWS\system32\calc.exe [968] 0xFFA29978
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-24 16:13:12
ComboFix-quarantined-files.txt 2008-05-24 14:13:06
ComboFix3.txt 2008-02-10 13:52:42
ComboFix2.txt 2008-02-10 14:25:38

Pre-Run: 659,824,640 bajtów wolnych
Post-Run: 662,618,112 bajtów wolnych

111 --- E O F --- 2008-05-16 22:38:33

[huber2t]

Do wyleczenia pendrive z wirusów użyj
Perlovga Removal Tool
Flash Disinfector
lub format

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

Folder::
C:\FOUND.018
C:\FOUND.017
C:\FOUND.016
C:\FOUND.015

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wsctf.exe"=-
"EXPLORER.EXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"WinampAgent"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

[ewela]

Dziękuję bardzo i przepraszam, że podpięłam się pod temat

[huber2t]

daj log z usuwania z combofix, możliwe że nie wszystko zostało usunięte