Proszę o pomoc w zwalczeniu.przed chwilą stawiałem system i mam to z powrotem.“Witki mi opadły”.jestem tu nowy więc proszę o wyrozumiałość.wklejam log z Combo fixa.jestem zielony w tych sprawach mam nadzieje że to to…
ComboFix 08-05-15.3 - SPILER 2008-05-16 20:35:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1496 [GMT 2:00]
Running from: C:\Documents and Settings\SPILER\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\SPILER\Pulpit\CFScript.txt.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
H:\v.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\system32\amvo.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-16 20:22 . 2008-05-16 19:58 225,280 --a------ C:\Program Files\Uninstall My Global Search Bar.dll
2008-05-16 20:14 . 2008-05-16 20:14
2008-05-16 20:14 . 2008-05-16 20:14
2008-05-16 19:58 . 2008-05-16 19:58
2008-05-16 19:58 . 2008-05-16 19:58
2008-05-16 19:54 . 2008-05-16 19:57
2008-05-16 19:51 . 2008-05-16 19:51
2008-05-16 19:51 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-05-16 19:50 . 2008-05-16 19:50
2008-05-16 19:35 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2008-05-16 19:35 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2008-05-16 19:34 . 2008-05-16 19:34
2008-05-16 19:34 . 2008-05-16 19:34
2008-05-16 19:34 . 2008-05-16 19:34
2008-05-16 19:34 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-05-16 19:34 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-05-16 19:22 . 2008-05-16 19:22
2008-05-16 19:22 . 2008-05-16 19:22
2008-05-16 19:18 . 2008-05-16 19:22
2008-05-16 19:18 . 2008-05-16 19:33
2008-05-16 19:17 . 2008-05-16 19:17
2008-05-16 19:16 . 2008-05-16 19:16
2008-05-16 19:16 . 2008-05-16 19:16
2008-05-16 19:16 . 2008-05-16 19:16 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-05-16 19:13 . 2008-05-16 19:13
2008-05-16 19:11 . 2008-05-16 20:17
2008-05-16 19:11 . 2008-05-16 19:11
2008-05-16 19:11 . 2008-05-16 19:13
2008-05-16 19:09 . 2008-05-16 19:09 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-16 19:08 . 2008-05-16 19:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 19:07 . 2008-05-16 19:07
2008-05-16 19:07 . 2006-12-10 23:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-16 19:07 . 2006-12-10 23:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-16 19:07 . 2008-05-16 19:07 262,884 --a------ C:\WINDOWS\IPUI_DivXG400.exe
2008-05-16 19:07 . 2008-05-16 19:07 245,760 --a------ C:\WINDOWS\system32\DivXG400.ax
2008-05-16 19:07 . 2008-05-16 19:07 21,869 --a------ C:\WINDOWS\system32\divxg400.htm
2008-05-16 19:07 . 2007-01-09 18:46 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-16 19:07 . 2008-05-16 19:07 665 --a------ C:\WINDOWS\unins000.dat
2008-05-16 19:07 . 2006-12-10 23:32 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-16 19:01 . 2008-05-16 19:01
2008-05-16 19:01 . 2008-05-16 19:01
2008-05-16 19:01 . 2008-05-16 23:34 2,596 --a------ C:\WINDOWS\system32\config.hsp
2008-05-16 18:59 . 2008-05-16 18:59
2008-05-16 18:59 . 2008-05-16 18:59
2008-05-16 18:52 . 2008-05-16 18:52 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-05-16 18:48 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-16 18:48 . 2004-08-03 23:08 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-16 18:48 . 2004-08-04 00:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-16 18:48 . 2004-08-04 00:44 21,504 --a–c— C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-16 18:48 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-16 18:48 . 2004-08-04 00:38 14,848 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-05-16 18:48 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-16 18:48 . 2001-10-26 16:57 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-16 18:48 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-16 18:48 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-16 18:01 . 2008-05-16 18:01
2008-05-16 17:58 . 2008-05-16 17:58
2008-05-16 17:54 . 2008-05-16 17:55
2008-05-16 17:54 . 2005-10-13 06:15 1,114,674 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2008-05-16 17:54 . 2005-11-10 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-16 17:54 . 2005-11-11 08:33 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-16 17:54 . 2005-11-09 00:48 112,456 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-05-16 17:54 . 2005-06-08 22:45 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
2008-05-16 17:54 . 2005-11-11 08:54 25,056 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-05-16 17:54 . 2005-08-24 20:25 6,020 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-05-16 17:54 . 2005-10-13 06:15 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2008-05-16 17:47 . 2008-05-16 17:47
2008-05-16 17:47 . 2008-05-16 17:47
2008-05-16 17:47 . 2008-05-16 17:47
2008-05-16 17:47 . 2008-05-16 17:47 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-16 17:47 . 2008-05-16 17:47 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-16 17:47 . 2007-05-31 09:19 96,896 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-05-16 17:46 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-05-16 17:46 . 2004-08-03 23:15 82,944 --a–c— C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-05-16 17:46 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-05-16 17:46 . 2004-08-03 23:07 52,864 --a–c— C:\WINDOWS\system32\dllcache\dmusic.sys
2008-05-16 17:46 . 2006-08-01 09:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-05-16 17:46 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-05-16 17:46 . 2004-08-03 23:07 6,400 --a–c— C:\WINDOWS\system32\dllcache\splitter.sys
2008-05-16 17:45 . 2008-05-16 17:47
2008-05-16 17:45 . 2008-05-16 19:01
2008-05-16 17:45 . 2008-05-16 17:45
2008-05-16 17:45 . 2008-05-16 17:54
2008-05-16 17:44 . 2008-05-16 17:44
2008-05-16 17:44 . 2006-06-18 23:51 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-16 17:44 . 2008-05-16 17:47 16,512 --a------ C:\WINDOWS\gdrv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 21:34 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 21:33 --------- d-----w C:\Program Files\Usługi online
2008-05-16 17:07 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-05-16 15:45 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-06 05:51 104,213 --sh–r C:\xlu8a8sy.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36 2111176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-03-13 16:48 1443072]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-05-16 19:11:39 882176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
–a------ 2007-05-04 02:32 961024 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
–a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
–a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
–a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
–a------ 2006-11-13 15:57 1289000 C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-08-20 09:38 16384512 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Microsoft ActiveSync\rapimgr.exe”= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
“C:\Program Files\Ares\Ares.exe”=
“C:\Program Files\BearShare\BearShare.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-16 17:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7dba62b3-239d-11dd-9054-806d6172696f}]
\Shell\AutoRun\command - D:\xlu8a8sy.exe
\Shell\explore\Command - D:\xlu8a8sy.exe
\Shell\open\Command - D:\xlu8a8sy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7dba62b4-239d-11dd-9054-806d6172696f}]
\Shell\AutoRun\command - E:\xlu8a8sy.exe
\Shell\explore\Command - E:\xlu8a8sy.exe
\Shell\open\Command - E:\xlu8a8sy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7dba62b6-239d-11dd-9054-806d6172696f}]
\Shell\AutoRun\command - C:\xlu8a8sy.exe
\Shell\explore\Command - C:\xlu8a8sy.exe
\Shell\open\Command - C:\xlu8a8sy.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 20:37:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-16 20:37:35
ComboFix-quarantined-files.txt 2008-05-16 18:37:33
Pre-Run: 104,223,875,072 bajtów wolnych
Post-Run: 104,237,973,504 bajtów wolnych
203