Hello. 1 week ago, when I searched in google/yahoo/icq and more ( not all browsers because in russian browsers I don’t have any problem) I’m redirected to gomeo.es or other sites. If I enter a original site it gives me: Error in codification. That means that either way I can’t enter this site. I tried everything. The last thing I did is scan my computer with combofix and here I put a log(hgfd.exe is combofic. I renamed it because this virus didn’t let me open it with previous name):
ComboFix 11-02-12.02 - Olga 13/02/2011 20:11:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.3082.18.1023.793 [GMT 1:00]
Running from: c:\documents and settings\Olga\Mis documentos\Descargas\hgfd.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2011-01-13 to 2011-02-13 )))))))))))))))))))))))))))))))
.
2011-02-12 15:48 . 2011-02-12 16:16 -------- d-----w- C:\AeriaGames
2011-02-10 19:25 . 2011-02-10 19:25 -------- d-----w- C:\Perfect World Entertainment
2011-02-09 14:27 . 2011-02-09 14:27 -------- d-----w- C:\Program Files
2011-02-09 07:42 . 2011-02-09 07:42 -------- d-----w- C:\Ntreev
2011-02-06 20:29 . 2011-02-06 20:29 -------- d-----r- C:\MSOCache
2011-02-06 20:26 . 2011-02-06 20:28 -------- d-----w- C:\Mo2007sp1
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2008-04-14 . D9900206D5391357018E6111EAB4E1BF . 510976 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . C6BF10FAFEBCF4D1BBB06E1BB0DBB806 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Skype”=“c:\archivos de programa\Skype\Phone\Skype.exe” [2011-01-26 15026056]
“Advanced SystemCare 3”=“c:\archivos de programa\IObit\Advanced SystemCare 3\AWC.exe” [2010-12-16 2402512]
“uTorrent”=“c:\archivos de programa\uTorrent\uTorrent.exe” [2011-02-06 395640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“SoundMan”=“SOUNDMAN.EXE” [2004-11-15 77824]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-10-07 13574144]
“nwiz”=“nwiz.exe” [2008-10-07 1630208]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-10-07 86016]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Archivos de programa\Skype\Phone\Skype.exe”=
“c:\Archivos de programa\Skype\Plugin Manager\skypePM.exe”=
“c:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Archivos de programa\uTorrent\uTorrent.exe”=
“c:\Archivos de programa\Pando Networks\Media Booster\PMB.exe”=
“c:\Ntreev\Grand Chase\main.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“57152:TCP”= 57152:TCP:Pando Media Booster
“57152:UDP”= 57152:UDP:Pando Media Booster
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/04/2008 13:00 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service → c:\windows\system32\GameMon.des -service [?]
S3 RegKernelHelp;RegKernelHelp;??\c:\archivos de programa\Safe Returner\RegKernelHelp.sys → c:\archivos de programa\Safe Returner\RegKernelHelp.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [06/02/2011 21:45 27064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = www.apeha.ru
IE: &Экспорт в Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Olga\Datos de programa\Mozilla\Firefox\Profiles\gow49jyl.default
FF - prefs.js: browser.startup.homepage - hxxp://www.google.es/
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Symantec Database Services - symdbsvc.exe
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-13 20:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
“ServiceDll”=“C:/Archivos de programa/Archivos comunes/Akamai/netsession_win_dbc0250.dll”
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
“ServiceDll”=“C:/Archivos de programa/Archivos comunes/Akamai/netsession_win_dbc0250.dll”
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
“ImagePath”=“c:\windows\system32\GameMon.des -service”
.
Completion time: 2011-02-13 20:17:04
ComboFix-quarantined-files.txt 2011-02-13 19:17
Pre-Run: 168.670.588.928 bytes libres
Post-Run: 168.784.658.432 bytes libres
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
-
- End Of File - - 394F36CC7D813610C2438C0075E86506
Help please.