Wolny windows

[in2dex]

Mam problem z systemem ostatnio strasznie się muli

[huber2t]

Podaj log z Combofix

[in2dex]

Proszę

ComboFix 08-09-16.05 - mikulak 2008-09-19 15:51:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.274 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\mikulak\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ddindfefsners.dll
C:\WINDOWS\system32\winitn.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-19 do 2008-09-19 )))))))))))))))))))))))))))))))
.

2008-09-17 14:32 . 2008-09-17 15:43 <DIR> d-------- C:\Documents and Settings\mikulak\Dane aplikacji\vlc
2008-09-16 17:58 . 2008-09-16 17:58 <DIR> d-------- C:\Documents and Settings\mikulak\Dane aplikacji\KompoZer
2008-09-14 20:57 . 2008-09-14 20:57 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-09-14 20:57 . 2008-09-14 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2008-09-14 20:57 . 2008-09-14 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-09-14 20:57 . 2008-09-14 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-09-14 20:53 . 2008-09-14 20:53 0 --a------ C:\WINDOWS\mngui.INI
2008-09-14 17:47 . 2008-09-14 17:47 <DIR> d-------- C:\Program Files\Send-Safe Mailer
2008-09-14 16:13 . 2008-09-14 16:13 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-14 14:52 . 2008-09-14 14:52 <DIR> d-------- C:\Program Files\SAGEM
2008-09-14 14:52 . 2008-09-14 14:52 <DIR> d-------- C:\Documents and Settings\mikulak\Dane aplikacji\InstallShield
2008-09-14 14:52 . 2005-11-04 16:55 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2008-09-13 16:50 . 2008-09-13 16:50 <DIR> d-------- C:\Program Files\CCleaner
2008-09-12 20:59 . 2008-09-19 14:21 <DIR> d-------- C:\Documents and Settings\mikulak\Dane aplikacji\skypePM
2008-09-12 20:59 . 2008-09-12 20:59 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-12 20:55 . 2008-09-12 20:55 <DIR> d-------- C:\Program Files\Skype
2008-09-12 20:55 . 2008-09-12 20:55 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-12 20:55 . 2008-09-19 14:44 <DIR> d-------- C:\Documents and Settings\mikulak\Dane aplikacji\Skype
2008-09-12 20:54 . 2008-09-12 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-09-11 18:20 . 2008-09-15 17:06 <DIR> d-------- C:\Program Files\Valve
2008-09-11 17:32 . 2008-09-11 17:32 <DIR> d-------- C:\Program Files\Robster Productions
2008-09-05 20:01 . 2008-09-05 20:01 <DIR> d-------- C:\WINDOWS\Cache
2008-09-04 19:11 . 2008-09-04 19:11 <DIR> d-------- C:\Program Files\Opera
2008-09-04 17:15 . 2008-09-19 15:29 <DIR> d-------- C:\Documents and Settings\mikulak\Dane aplikacji\OpenOffice.org2
2008-09-04 17:12 . 2008-09-04 17:12 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-09-03 22:15 . 2008-09-05 15:58 <DIR> d-------- C:\Program Files\FileZilla
2008-09-03 17:01 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-03 16:54 . 2008-09-03 16:54 <DIR> d-------- C:\WINDOWS\system32\pl
2008-09-03 16:54 . 2008-09-03 16:54 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-03 16:54 . 2008-09-03 16:54 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-03 16:51 . 2008-09-03 16:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-03 16:36 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-09-02 22:19 . 2008-09-03 18:26 <DIR> d-------- C:\Program Files\Simple Mailer
2008-08-31 13:58 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-30 09:37 . 2008-06-23 18:42 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-30 09:37 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-30 09:37 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-30 09:37 . 2008-06-23 18:42 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-30 09:37 . 2008-06-23 18:42 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-30 09:37 . 2008-06-23 18:42 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-30 09:37 . 2008-06-23 18:42 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-30 09:37 . 2008-06-23 18:42 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-30 09:37 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-30 09:35 . 2008-09-03 16:54 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-08-30 09:21 . 2008-08-30 09:22 <DIR> d-------- C:\e1626d2a636410d906ca
2008-08-29 09:29 . 2008-08-29 09:29 <DIR> d-------- C:\WINDOWS\Sun
2008-08-28 19:50 . 2008-08-28 19:50 <DIR> d-------- C:\Program Files\Java
2008-08-28 19:50 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-28 19:47 . 2008-08-28 19:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-28 17:33 . 2008-08-31 18:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-28 15:13 . 2008-08-28 15:13 <DIR> d-------- C:\Program Files\Google
2008-08-28 12:58 . 2008-08-28 13:09 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-26 19:25 . 2008-08-26 19:25 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-22 13:21 . 2008-08-27 18:49 <DIR> d-------- C:\Program Files\Counter-Strike Source
2008-08-19 20:52 . 2008-08-19 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-08-19 20:01 . 2008-08-19 20:01 <DIR> d-------- C:\Program Files\QuickTime
2008-08-19 19:39 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-08-19 19:39 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-08-19 19:37 . 2008-08-19 19:37 <DIR> d-------- C:\Program Files\Bonjour
2008-08-19 19:26 . 2008-08-19 19:26 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-19 19:21 . 2008-09-05 20:04 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 19:53 --------- d-----w C:\Documents and Settings\mikulak\Dane aplikacji\gtk-2.0
2008-09-14 18:57 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-09-11 16:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 17:26 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-08-30 11:50 --------- d-----w C:\Program Files\Gadu-Gadu
2008-08-19 17:19 --------- d-----w C:\Program Files\BitComet
2008-08-16 16:57 --------- d-----w C:\Program Files\4Musics OGG to MP3 Converter
2008-08-16 09:07 171,520 ----a-w C:\WINDOWS\system32\cncs32.dll
2008-08-14 10:45 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-13 09:28 --------- d-----w C:\Documents and Settings\mikulak\Dane aplikacji\Teleca
2008-08-13 09:26 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-08-13 09:26 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-08-10 15:40 --------- d-----w C:\Program Files\Trend Micro
2008-08-09 12:20 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-09 12:01 --------- d-----w C:\Program Files\Alwil Software
2008-08-08 19:03 --------- d-----w C:\Program Files\Akram Audio Editor
2008-08-08 18:53 835,584 ----a-w C:\WINDOWS\system32\maae.dll
2008-08-08 18:53 729,088 ----a-w C:\WINDOWS\system32\maad.dll
2008-08-08 18:53 450,560 ----a-w C:\WINDOWS\system32\maai.dll
2008-08-08 18:53 335,872 ----a-w C:\WINDOWS\system32\maac.dll
2008-08-08 18:53 315,392 ----a-w C:\WINDOWS\system32\maab.dll
2008-08-08 18:53 311,296 ----a-w C:\WINDOWS\system32\maaf.dll
2008-08-08 18:53 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
2008-08-08 18:53 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-08-08 18:53 1,843,200 ----a-w C:\WINDOWS\system32\maaa.dll
2008-08-08 18:53 1,040,384 ----a-w C:\WINDOWS\system32\maah.dll
2008-08-08 18:45 --------- d-----w C:\Documents and Settings\mikulak\Dane aplikacji\GetRightToGo
2008-08-08 18:39 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-08 17:20 --------- d-----w C:\Program Files\Teleport Pro
2008-08-08 12:31 --------- d-----w C:\Documents and Settings\mikulak\Dane aplikacji\Dev-Cpp
2008-08-08 12:19 --------- d-----w C:\Program Files\Dev-Cpp
2008-08-05 10:29 --------- d-----w C:\Program Files\VideoLAN
2008-08-05 07:58 --------- d-----w C:\Documents and Settings\mikulak\Dane aplikacji\Nvu
2008-08-05 07:39 --------- d-----w C:\Program Files\Nvu
2008-08-04 19:43 --------- d-----w C:\Program Files\GIMP-2.0
2008-08-04 19:30 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-08-04 19:29 --------- d-----w C:\Program Files\FaxTools
2008-08-04 19:29 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-08-04 19:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-08-04 18:16 --------- d-----w C:\Program Files\Winamp
2008-08-04 18:01 --------- d-----w C:\Documents and Settings\mikulak\Dane aplikacji\Gadu-Gadu
2008-08-04 18:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-08-04 17:38 --------- d-----w C:\Program Files\SiSLan
2008-08-04 17:37 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-08-04 17:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-04 17:37 --------- d-----w C:\Program Files\AvRack
2008-08-04 17:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-04 17:25 --------- d-----w C:\Program Files\Usługi online
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\mikulak\Menu Start\Programy\Autostart\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mpng"= C:\Program Files\t@b\0.958\686\tabdec.dll
"vidc.mvjp"= C:\Program Files\t@b\0.958\686\tabdec.dll
"vidc.444p"= C:\Program Files\t@b\0.958\686\tabdec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"7156:TCP"= 7156:TCP:BitComet 7156 TCP
"7156:UDP"= 7156:UDP:BitComet 7156 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eee9001-691a-11dd-8740-001bbf57b904}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4067e198-695e-11dd-8743-001bbf57b904}]
\Shell\AutoRun\command - J:\ylr.exe
\Shell\explore\Command - J:\ylr.exe
\Shell\open\Command - J:\ylr.exe

*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
HKLM-Run-SiSRaid - C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
Notify-winhdn32 - winhdn32.dll


.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\mikulak\Dane aplikacji\Mozilla\Firefox\Profiles\onoy0suj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.pl
FF -: plugin - C:\Documents and Settings\mikulak\Ustawienia lokalne\Dane aplikacji\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0808050_SUA_900\npoctoshape.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 15:54:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-09-19 15:56:17
ComboFix-quarantined-files.txt 2008-09-19 13:55:55

Przed: 120,553,021,440 bajt˘w wolnych
Po: 121,213,177,856 bajt˘w wolnych

225 --- E O F --- 2008-09-10 14:04:46

[huber2t]

Do wyleczenia pendrive z wirusów użyj
Perlovg Removal Tool
Flash Disinfector
lub format

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"Skype"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eee9001-691a-11dd-8740-001bbf57b904}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4067e198-695e-11dd-8743-001bbf57b904}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=-
"NvMediaCenter"=-
"SiSUSBRG"=-
"Lexmark X1100 Series"=-
"SunJavaUpdateSched"=-
"Sony Ericsson PC Suite"=-
"nwiz"=-
"SoundMan"=-

Z menu Notatnika Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer


usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!