Prosze o sprawdzenie loga z Combofix-u

[danielcio92]

ComboFix 08-07-14.2 - User 2008-07-16 9:08:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1614 [GMT 2:00]
Running from: C:\Documents and Settings\User\Moje dokumenty\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Moje dokumenty\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Temp\CTun.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\0000BB9F
C:\Program Files\myglobalsearch\bar\Cache\00014495.bin
C:\Program Files\myglobalsearch\bar\Cache\00014FB1.bin
C:\Program Files\myglobalsearch\bar\Cache\0001559D.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\Temp\CTun.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-15 20:22 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-07-15 14:23 . 2008-07-15 20:22 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-15 14:22 . 2006-10-25 14:17 <DIR> d-------- C:\Documents and Settings\User\Support
2008-07-15 14:22 . 2006-10-25 14:17 <DIR> d-------- C:\Documents and Settings\User\DirectX
2008-07-15 14:22 . 2006-10-25 14:17 <DIR> d-------- C:\Documents and Settings\User\AutoRun
2008-07-15 14:22 . 2006-10-25 14:17 380,928 --a------ C:\Documents and Settings\User\server.dll
2008-07-15 14:22 . 2006-10-25 14:17 22,016 --a------ C:\Documents and Settings\User\setup.exe
2008-07-15 14:21 . 2006-10-25 14:17 625,035,295 --a------ C:\Documents and Settings\User\0compressed.zip
2008-07-15 14:21 . 2006-10-25 14:17 7,577,600 --a------ C:\Documents and Settings\User\nfsc_demo.exe
2008-07-15 14:21 . 2006-10-25 14:17 720,896 --a------ C:\Documents and Settings\User\EAInstall.dll
2008-07-15 14:21 . 2006-10-25 14:17 569,344 --a------ C:\Documents and Settings\User\AutoRun.exe
2008-07-15 14:21 . 2006-10-25 14:17 528,384 --a------ C:\Documents and Settings\User\AutoRunGUI.dll
2008-07-15 14:21 . 2006-10-25 14:17 499,712 --a------ C:\Documents and Settings\User\msvcp71.dll
2008-07-15 14:21 . 2006-10-25 14:17 348,160 --a------ C:\Documents and Settings\User\msvcr71.dll
2008-07-15 14:21 . 2006-10-25 14:17 253,952 --a------ C:\Documents and Settings\User\eauninstall.exe
2008-07-15 14:21 . 2006-10-25 14:17 53,248 --a------ C:\Documents and Settings\User\nfs_inst.exe
2008-07-15 14:21 . 2006-10-25 14:17 258 --a------ C:\Documents and Settings\User\dat.bin
2008-07-15 11:04 . 1998-10-29 19:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-15 11:03 . 2008-07-15 11:11 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-07-15 11:02 . 2002-04-19 13:24 15,749,120 -ra------ C:\WINDOWS\UnWSetup.exe
2008-07-15 10:58 . 2008-07-15 19:43 <DIR> d-------- C:\Program Files\Outbreak
2008-07-15 10:57 . 2008-07-15 10:57 53,248 --a------ C:\WINDOWS\unrar.dll
2008-07-15 09:20 . 2008-07-15 09:20 <DIR> d-------- C:\WINDOWS\Cache
2008-07-14 07:39 . 2008-07-15 08:44 <DIR> d-------- C:\Program Files\Offroad
2008-07-10 21:39 . 2008-07-16 08:56 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\OpenOffice.org2
2008-07-10 21:38 . 2008-07-10 21:38 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-10 21:38 . 2008-07-11 08:36 <DIR> d-------- C:\Program Files\Java
2008-07-10 21:38 . 2008-07-10 21:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-10 21:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-01 20:33 . 2008-07-01 20:33 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-07-01 20:33 . 2008-07-14 10:55 <DIR> d-------- C:\Program Files\Winamp Remote
2008-07-01 20:33 . 2008-07-01 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-07-01 20:33 . 2008-07-01 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-07-01 20:26 . 2008-07-01 20:41 <DIR> d-------- C:\Program Files\Winamp
2008-07-01 20:26 . 2008-07-01 20:42 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\Winamp
2008-06-30 11:58 . 2008-06-30 11:58 <DIR> d-------- C:\Program Files\AC3Filter
2008-06-26 09:12 . 2008-06-26 18:28 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-06-25 11:55 . 2008-06-26 10:11 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\DivX
2008-06-25 11:54 . 2008-07-15 19:42 <DIR> d-------- C:\Program Files\DivX
2008-06-20 20:47 . 2008-07-15 11:12 <DIR> d-------- C:\Program Files\EliteTyping 2002
2008-06-20 20:47 . 1998-06-27 05:22 979,728 -ra------ C:\WINDOWS\system32\MSCHART.OCX
2008-06-20 20:47 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-06-20 20:44 . 2008-06-20 20:44 <DIR> d-------- C:\Program Files\Delix
2008-06-20 16:27 . 2008-06-20 16:27 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-06-16 20:06 . 2008-06-16 20:06 <DIR> d-------- C:\Program Files\Samsung ML-2010 Series
2008-06-16 20:05 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-16 20:05 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-16 19:51 . 2008-06-16 19:51 <DIR> d-------- C:\Program Files\Samsung
2008-06-16 19:45 . 2005-03-14 07:01 766 --------- C:\WINDOWS\Uninstall.ico
2008-06-16 19:44 . 2008-06-16 20:06 <DIR> d-------- C:\WINDOWS\Samsung
2008-06-16 19:44 . 2005-03-14 07:01 208,896 --------- C:\WINDOWS\system32\SSRemove.exe
2008-06-16 19:44 . 2005-03-03 06:32 151,552 --a------ C:\WINDOWS\system32\SSCoInst.exe
2008-06-16 19:44 . 2005-03-03 12:09 57,344 --a------ C:\WINDOWS\system32\SSCoInst.dll
2008-06-16 19:44 . 2005-04-08 04:29 20,622 --a------ C:\WINDOWS\system32\SUGS2LMK.DLL
2008-06-16 19:44 . 2005-07-08 22:54 11,502 --------- C:\WINDOWS\system32\SP119.ICO
2008-06-16 19:44 . 2005-03-03 13:23 604 --a------ C:\WINDOWS\system32\SUGS2LMK.SMT
2008-06-16 19:43 . 2005-03-14 07:01 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 09:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-15 06:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-11 16:29 --------- d-----w C:\Program Files\Valve
2008-06-14 18:49 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu
2008-06-14 18:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-14 16:21 --------- d-----w C:\Program Files\BearShare
2008-06-14 13:43 --------- d-----w C:\Program Files\Alwil Software
2008-06-14 13:35 --------- d-----w C:\Program Files\Opera
2008-06-14 12:28 16,376 ----a-w C:\WINDOWS\gdrv.sys
2008-06-14 12:28 --------- d-----w C:\Program Files\Realtek
2008-06-14 12:28 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\InstallShield
2008-06-14 12:26 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-14 12:24 --------- d-----w C:\Program Files\Intel
2008-06-14 12:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-14 12:18 --------- d-----w C:\Program Files\Usługi online
2008-05-22 22:22 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 22:22 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 15:03 2396160]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 01:00 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-07 01:00 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 09:20 372736]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-08-03 07:22 1826816 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-11-07 01:00 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38316ffa-3bda-11dd-94fc-001d7d481567}]
\Shell\AutoRun\command - oq.cmd
\Shell\explore\Command - oq.cmd
\Shell\open\Command - oq.cmd

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-sXe Injected - C:\Program Files\sXe Injected\sXe Injected.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 09:09:13
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-16 9:09:35
ComboFix-quarantined-files.txt 2008-07-16 07:09:30

Pre-Run: 86,596,014,080 bajtów wolnych
Post-Run: 86,637,707,264 bajtów wolnych

171



Z góry WiELKiE Dzięki:)

[huber2t]

Do wyleczenia pendrive z wirusów użyj
Perlovga Removal Tool
Flash Disinfector
lub format

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38316ffa-3bda-11dd-94fc-001d7d481567}]

Z menu Notatnika Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer


usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

[danielcio92]

Bardzo Ci dziękuje huber2t nie ma juz virusów na momi PC ani innych pierdół a i system smiga jak burza jeszcze raz WIELKIE DZIĘKI

[huber2t]

Przeskanuj antywirusem, jeśli będą wirusy to raport daj na forum, jeśli będzie czysto to niedawaj