Prosze o sprawdzenie loga combofixa mam ponad 2000 wirusów

[bili1610]

ComboFix 08-06-20.4 - Komputer 2008-06-27 18:52:55.11 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1471 [GMT 2:00]
Running from: C:\Documents and Settings\Komputer\Moje dokumenty\Programy\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 18:08 . 2008-06-27 18:53 594 ---hs---- C:\WINDOWS\system32\oqcvgojv.ini
2008-06-27 18:03 . 2008-06-27 18:03 91,008 --a------ C:\WINDOWS\system32\vjogvcqo.dll
2008-06-27 18:00 . 2008-06-21 11:35 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-06-27 17:57 . 2008-06-27 17:57 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\rhc3qtj0e575
2008-06-27 17:57 . 2008-06-27 10:06 303,104 --a------ C:\WINDOWS\gfetqaxsvgb.dll
2008-06-27 17:57 . 2008-06-27 10:06 229,376 --a------ C:\WINDOWS\pntqkflv.dll
2008-06-27 17:57 . 2008-06-27 10:06 180,224 --a------ C:\WINDOWS\qegbdmwf.dll
2008-06-27 17:57 . 2008-06-27 10:06 151,552 --a------ C:\WINDOWS\gxvpsafm.dll
2008-06-27 17:57 . 2008-06-27 18:49 94,208 --a------ C:\WINDOWS\system32\pphc7qtj0e575.exe
2008-06-27 17:57 . 2008-06-27 10:06 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-27 17:57 . 2008-06-27 17:57 28,800 --a------ C:\WINDOWS\system32\nnnkHYSl.dll
2008-06-27 17:57 . 2008-06-27 17:57 28,800 --a------ C:\WINDOWS\system32\byXRLFWp.dll
2008-06-27 17:56 . 2008-06-27 17:56 <DIR> d-------- C:\Program Files\VAV
2008-06-27 17:56 . 2008-06-27 17:57 <DIR> d-------- C:\Program Files\rhc3qtj0e575
2008-06-27 17:56 . 2008-06-27 17:56 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-06-27 17:56 . 2008-06-19 18:20 117,248 --a------ C:\WINDOWS\system32\vav.cpl
2008-06-27 17:56 . 2008-06-27 18:49 90,838 --a------ C:\WINDOWS\system32\phc7qtj0e575.bmp
2008-06-27 17:56 . 2008-06-27 18:49 60,928 --a------ C:\WINDOWS\system32\blphc7qtj0e575.scr
2008-06-27 17:56 . 2008-06-21 11:35 3,262 --a------ C:\WINDOWS\system32\sex1.ico
2008-06-27 17:55 . 2008-06-27 17:56 109,056 --a------ C:\WINDOWS\system32\lphc7qtj0e575.exe
2008-06-25 20:45 . 2008-06-25 20:45 51,678 --a------ C:\acadminidump.dmp
2008-06-24 14:45 . 2008-06-24 14:45 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-06-24 14:42 . 2008-06-24 14:47 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Autodesk
2008-06-24 14:42 . 2008-06-24 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-06-24 14:41 . 2008-06-24 14:46 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-24 14:36 . 2008-06-24 14:36 <DIR> d-------- C:\Program Files\Autodesk
2008-06-12 22:04 . 2008-06-12 22:04 <DIR> d-------- C:\Program Files\LucasArts
2008-06-12 12:32 . 2008-06-12 12:32 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-11 10:25 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:25 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 23:26 . 2008-06-10 23:26 110,304 --a------ C:\WINDOWS\system32\drivers\ACEDRV09.sys
2008-06-10 23:23 . 2008-06-14 00:03 <DIR> d-------- C:\WINDOWS\uninstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 16:50 --------- d-----w C:\Program Files\neostrada tp
2008-06-27 16:05 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\uTorrent
2008-06-26 08:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 13:53 --------- d-----w C:\Program Files\Gothic III
2008-06-12 20:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-10 21:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-08 18:52 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\ZoomBrowser EX
2008-06-08 18:52 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\CameraWindowDC
2008-05-21 11:46 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\BESTplayer
2008-05-18 20:23 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-05-12 14:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-12 14:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-05-08 14:08 --------- d-----w C:\Program Files\BYOND
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 16:50 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-30 16:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-29 18:43 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Hamachi
2008-04-29 18:40 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-28 08:08 --------- d-----w C:\Program Files\uTorrent
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-03 07:37 415,104 ----a-w C:\WINDOWS\system32\pr2aq6eb.exe
2008-03-19 13:55 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot_2008-06-27_18.45.05.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 16:15:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-27 16:49:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35218E2A-1C45-46FE-829B-8415790B0210}]
2008-06-27 17:57 28800 --a------ C:\WINDOWS\system32\nnnkHYSl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B74A6E94-805A-40A7-8F83-26CC9CD91D22}]
C:\WINDOWS\system32\nnnnMGXp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA00DCFD-75B6-48F2-889A-56595E335AA1}]
2008-06-27 10:06 303104 --a------ C:\WINDOWS\gfetqaxsvgb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 15:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 15:54 1555480]
"{01DC360B-6DEB-4B33-9329-F12E9CD8FB24}"= "C:\WINDOWS\gxvpsafm.dll" [2008-06-27 10:06 151552]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{01dc360b-6deb-4b33-9329-f12e9cd8fb24}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{D6317914-D4A0-4625-B9C9-3F365F46094E}]
[HKEY_CLASSES_ROOT\gxvpsafm]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 15:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 18:55 451872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"Sys1.exe"="C:\Windows\Sys1.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2007-12-14 13:26 413696]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-27 15:36 2169368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"lphc7qtj0e575"="C:\WINDOWS\system32\lphc7qtj0e575.exe" [2008-06-27 17:56 109056]
"Antivirus"="C:\Program Files\VAV\vav.exe" [2008-06-19 18:22 325632]
"SMrhc3qtj0e575"="C:\Program Files\rhc3qtj0e575\rhc3qtj0e575.exe" [2008-06-27 11:13 1214976]
"0862793d"="C:\WINDOWS\system32\vjogvcqo.dll" [2008-06-27 18:03 91008]
"Sys1.exe"="C:\Windows\Sys1.exe" [ ]

C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{35218E2A-1C45-46FE-829B-8415790B0210}"= C:\WINDOWS\system32\nnnkHYSl.dll [2008-06-27 17:57 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pntqkflv"= {FEA1D2F2-7D95-4C54-B25E-3F69CB1A2837} - C:\WINDOWS\pntqkflv.dll [2008-06-27 10:06 229376]
"qegbdmwf"= {63EF39F3-4DEA-46A5-80B7-5CAD0BF2137F} - C:\WINDOWS\qegbdmwf.dll [2008-06-27 10:06 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkHYSl]
nnnkHYSl.dll 2008-06-27 17:57 28800 C:\WINDOWS\system32\nnnkHYSl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Aspyr Media, Inc\\THAW\\Game\\THAW.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\BYOND\\bin\\byond.exe"=
"C:\\Program Files\\Techland\\FIM Speedway GP3\\sgp3.exe"=

R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);C:\WINDOWS\system32\drivers\pe3aq6eb.sys [2008-04-03 09:36]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);C:\WINDOWS\system32\drivers\ps7aq6eb.sys [2008-04-03 09:35]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-06-10 23:26]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 12:03]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 12:07]
S2 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);C:\WINDOWS\system32\pr2aq6eb.exe svc []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 18:53:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\nnnkHYSl.dll
.
Completion time: 2008-06-27 18:55:01
ComboFix-quarantined-files.txt 2008-06-27 16:54:59
ComboFix2.txt 2008-06-27 16:45:30
ComboFix3.txt 2008-04-30 18:15:03
ComboFix4.txt 2008-04-30 18:09:24
ComboFix5.txt 2008-04-30 17:03:20

Pre-Run: 37,018,918,912 bajtów wolnych
Post-Run: 37,011,931,136 bajtów wolnych

187 --- E O F --- 2008-06-27 16:10:01

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\oqcvgojv.ini
C:\WINDOWS\system32\vjogvcqo.dll
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\gfetqaxsvgb.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\system32\pphc7qtj0e575.exe
C:\WINDOWS\tovafrnm.exe
C:\WINDOWS\system32\nnnkHYSl.dll
C:\WINDOWS\system32\byXRLFWp.dll
C:\Windows\Sys1.exe
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\phc7qtj0e575.bmp
C:\WINDOWS\system32\blphc7qtj0e575.scr
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\lphc7qtj0e575.exe
C:\WINDOWS\system32\pr2aq6eb.exe

Folder::
C:\Program Files\rhc3qtj0e575
C:\Documents and Settings\Komputer\Dane aplikacji\rhc3qtj0e575
C:\Program Files\VAV
C:\Program Files\BearShare Applications\BearShare MediaBar

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35218E2A-1C45-46FE-829B-8415790B0210}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B74A6E94-805A-40A7-8F83-26CC9CD91D22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA00DCFD-75B6-48F2-889A-56595E335AA1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{01DC360B-6DEB-4B33-9329-F12E9CD8FB24}"=-
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[-HKEY_CLASSES_ROOT\clsid\{01dc360b-6deb-4b33-9329-f12e9cd8fb24}]
[-HKEY_CLASSES_ROOT\gxvpsafm.1]
[-HKEY_CLASSES_ROOT\TypeLib\{D6317914-D4A0-4625-B9C9-3F365F46094E}]
[-HKEY_CLASSES_ROOT\gxvpsafm]
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sys1.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphc7qtj0e575"=-
"Antivirus"=-
"SMrhc3qtj0e575"=-
"0862793d"=-
"Sys1.exe"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{35218E2A-1C45-46FE-829B-8415790B0210}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pntqkflv"=-
"qegbdmwf"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkHYSl]

Driver::
pr2aq6eb


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklejto.pl a w poście dajesz tylko link