Jak moge odinstalowac AntiVirus XP?

matikaka1 · 6 Lipiec 2008 10:34

pytanie jak w temacie, prosze o pomoc

spandaupol · 6 Lipiec 2008 10:36

Daj log z Combofix

matikaka1 · 6 Lipiec 2008 10:50

ComboFix 08-07-05.1 - Ola 2008-07-06 12:43:08.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1567 [GMT 2:00]

Running from: C:\Documents and Settings\Ola\Pulpit\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Ola\Dane aplikacji\rhcvgtj0e34e

C:\Program Files\rhcvgtj0e34e

C:\WINDOWS\system32\blphcrgtj0e34e.scr

C:\WINDOWS\system32\lphcrgtj0e34e.exe

C:\WINDOWS\system32\phcrgtj0e34e.bmp

C:\WINDOWS\system32\pphcrgtj0e34e.exe

.

((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))

.

2008-07-06 12:22 . 2008-07-06 12:28

2008-07-06 12:22 . 2008-07-06 12:22

2008-07-06 12:19 . 2008-07-06 12:19

2008-07-06 12:18 . 2008-07-06 12:18

2008-07-06 11:41 . 2008-07-06 11:41

2008-07-06 11:41 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-07-06 11:31 . 2008-07-06 11:31 94,208 --a------ C:\WINDOWS\system32\3A.tmp

2008-07-06 11:31 . 2008-07-06 11:31 56,836 --a------ C:\WINDOWS\system32\msxml71.dll

2008-07-05 10:46 . 2008-07-05 10:46

2008-07-01 11:27 . 2008-07-01 11:27

2008-06-30 11:26 . 2008-06-30 11:26

2008-06-30 11:14 . 2008-06-30 11:14

2008-06-14 12:47 . 2008-06-14 12:47

2008-06-14 12:46 . 2008-06-14 12:46

2008-06-14 12:46 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys

2008-06-14 12:46 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2008-06-14 12:45 . 2008-06-14 12:45

2008-06-14 12:45 . 2004-09-16 11:31 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-06-14 12:45 . 2005-07-22 10:43 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll

2008-06-14 12:45 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx

2008-06-14 12:45 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx

2008-06-14 12:45 . 2005-11-24 11:34 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll

2008-06-14 12:45 . 2005-10-04 10:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-06-14 12:45 . 2005-06-28 22:12 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-06 10:45 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Skype

2008-07-06 10:40 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\skypePM

2008-07-06 10:17 16,384 ----a-w C:\Program Files\uik.dat

2008-07-06 10:02 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\AVG7

2008-07-06 09:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft

2008-07-06 08:13 4 ----a-w C:\Program Files\is.dat

2008-07-04 19:58 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\GanymedeNet

2008-07-03 16:58 --------- d-----w C:\Program Files\Ganymede

2008-06-14 10:46 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-12-06 19:20 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{500BCA15-57A7-4eaf-8143-8C619470B13D}]

2008-07-06 11:31 56836 --a------ C:\WINDOWS\system32\msxml71.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

2002-01-09 16:04 1470488 --a------ C:\Program Files\Wisdom-soft\tbWis1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{6dfc55bb-bfff-485a-9709-90c3fdf6db58}”= “C:\Program Files\Wisdom-soft\tbWis1.dll” [2002-01-09 16:04 1470488]

[HKEY_CLASSES_ROOT\clsid{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}”= “C:\Program Files\Wisdom-soft\tbWis1.dll” [2002-01-09 16:04 1470488]

[HKEY_CLASSES_ROOT\clsid{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-12-12 16:23 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22 7618560]

“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 15:34 868352]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 02:11 132496]

“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-04-25 09:58 579584]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2006-01-12 17:40 155648]

“BEWINTERNET-PLSessionManager”=“C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe” [2007-07-24 19:03 102400]

“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]

“nwiz”=“nwiz.exe” [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]

“Resume copy”=“copyfstq.exe” [2002-03-24 13:54 46080 C:\WINDOWS\COPYFSTQ.EXE]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]

“AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2008-01-29 23:23 219136]

C:\Documents and Settings\Ola\Menu Start\Programy\Autostart\

spy.bak [2008-07-06 12:45:32 336]

spy.exe [2004-12-14 12:34:58 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

“msacm.divxa32”= msaud32_divx.acm

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\NAPI-PROJEKT\napisy.exe”=

“C:\WINDOWS\system32\dpvsetup.exe”=

“C:\Program Files\Grisoft\AVG7\avginet.exe”=

“C:\Program Files\Grisoft\AVG7\avgamsvr.exe”=

“C:\Program Files\Grisoft\AVG7\avgcc.exe”=

“C:\Program Files\Grisoft\AVG7\avgemc.exe”=

“C:\Program Files\OrangeBS\BEWInternet-PL\Connectivity\ConnectivityManager.exe”=

“C:\Documents and Settings\Ola\Menu Start\Programy\Autostart\spy.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“8461:TCP”= 8461:TCP:GoD High Port

“8462:TCP”= 8462:TCP:GoD Low Port

R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00]

R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]

S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48]

S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48]

S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1422b582-990b-11dc-b78b-806d6172696f}]

\Shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6d1d90b6-9f51-11dc-b0a9-000df3032eb8}]

\Shell\AutoRun\command - F:\EXPLORER.EXE

\Shell\explore\Command - F:\EXPLORER.EXE

\Shell\open\Command - F:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{805e549a-9938-11dc-b08c-001d6022480a}]

\Shell\AutoRun\command - F:\af9rgm8h.bat

\Shell\explore\Command - F:\af9rgm8h.bat

\Shell\open\Command - F:\af9rgm8h.bat

.

- - - ORPHANS REMOVED - - - -

HKLM-Run-lphcrgtj0e34e - C:\WINDOWS\system32\lphcrgtj0e34e.exe

HKLM-Run-SMrhcvgtj0e34e - C:\Program Files\rhcvgtj0e34e\rhcvgtj0e34e.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-06 12:45:29

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASFWHide]

“ImagePath”="??\C:\DOCUME~1\Ola\USTAWI~1\Temp\ASFWHide"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

C:\Program Files\WLAN\WConfig\WConfig.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Ola\Menu Start\Programy\Autostart\spy.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2008-07-06 12:46:58 - machine was rebooted [Ola]

ComboFix-quarantined-files.txt 2008-07-06 10:46:56

Pre-Run: 14,557,020,160 bajtów wolnych

Post-Run: 14,684,872,704 bajt˘w wolnych

172 — E O F — 2008-02-14 22:31:46

spandaupol · 6 Lipiec 2008 11:10

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum

Usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

matikaka1 · 6 Lipiec 2008 11:53

ComboFix 08-07-05.1 - Ola 2008-07-06 13:51:13.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1487 [GMT 2:00]

Running from: C:\Documents and Settings\Ola\Pulpit\Combo-Fix.exe

Command switches used :: C:\Documents and Settings\Ola\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\WINDOWS\system32\3A.tmp

C:\WINDOWS\system32\msxml71.dll

F:\af9rgm8h.bat

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\3A.tmp

C:\WINDOWS\system32\msxml71.dll

.

((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))

.

2008-07-06 12:22 . 2008-07-06 12:28

2008-07-06 12:22 . 2008-07-06 12:22

2008-07-06 12:19 . 2008-07-06 12:19

2008-07-06 12:18 . 2008-07-06 12:18

2008-07-06 11:41 . 2008-07-06 11:41

2008-07-06 11:41 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-07-05 10:46 . 2008-07-05 10:46

2008-07-01 11:27 . 2008-07-01 11:27

2008-06-30 11:26 . 2008-06-30 11:26

2008-06-30 11:14 . 2008-06-30 11:14

2008-06-14 12:47 . 2008-06-14 12:47

2008-06-14 12:46 . 2008-06-14 12:46

2008-06-14 12:46 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys

2008-06-14 12:46 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2008-06-14 12:45 . 2008-06-14 12:45

2008-06-14 12:45 . 2004-09-16 11:31 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-06-14 12:45 . 2005-07-22 10:43 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll

2008-06-14 12:45 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx

2008-06-14 12:45 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx

2008-06-14 12:45 . 2005-11-24 11:34 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll

2008-06-14 12:45 . 2005-10-04 10:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-06-14 12:45 . 2005-06-28 22:12 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-06 10:52 4 ----a-w C:\Program Files\is.dat

2008-07-06 10:49 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Skype