SDFixa masz uruchomić w trybie awaryjnym i dać log tu jest opis http://www.searchengines.pl/index.php?showtopic=31936&st=0&p=358436entry358436
potem log Combofixa uruchomiony dwuklikiem
to właśnie masz zrobić
SDFixa masz uruchomić w trybie awaryjnym i dać log tu jest opis http://www.searchengines.pl/index.php?showtopic=31936&st=0&p=358436entry358436
potem log Combofixa uruchomiony dwuklikiem
to właśnie masz zrobić
SDFix: Version 1.221
Run by Maciek on 2008-09-04 at 21:43
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\Documents and Settings\Maciek\Pulpit\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\dpl.txt - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 21:53:18
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden services …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Gadu-Gadu\GG.EXE”=“C:\Program Files\Gadu-Gadu\GG.EXE:*:Enabled:Gadu-Gadu - program glowny”
“C:\Program Files\PPMate\ppmate.exe”=“C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate”
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\Maciek\Pulpit\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 30 Mar 1998 5,946,880 …H. — “C:\Corel\Graphics8\programs\CNSFlt80.dll”
Finished!
no i o to chodzi
czekam
ComboFix 08-09-03.03 - Maciek 2008-09-04 22:03:40.5 - FAT32 x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.47 [GMT 2:00]
Running from: C:\Documents and Settings\Maciek\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.
2008-09-04 21:41 . 2008-09-04 21:41
2008-09-04 14:15 . 2008-09-04 14:15
2008-09-04 14:15 . 2008-09-04 14:15
2008-09-04 14:15 . 2008-09-04 14:15
2008-09-04 14:15 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-09-04 14:15 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-09-04 10:19 . 2008-09-04 10:19 91,700 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2008-09-04 10:19 . 2008-09-04 10:19 85,860 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2008-09-04 10:17 . 2008-09-04 10:17
2008-09-04 10:17 . 2008-09-04 10:17
2008-09-04 10:17 . 2008-09-04 21:57 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx
2008-09-04 10:17 . 2008-09-04 21:57 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2008-09-04 10:17 . 2008-09-04 21:57 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-09-04 10:17 . 2008-09-04 21:57 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-09-04 10:15 . 2008-09-04 10:15
2008-09-04 08:22 . 2008-09-04 08:22
2008-08-27 08:50 . 2008-08-27 08:50
2008-08-26 23:55 . 2008-08-26 23:55
2008-08-25 18:44 . 2008-08-25 18:44
2008-08-25 16:40 . 2008-08-25 16:40
2008-08-25 13:32 . 2008-08-25 13:32
2008-08-25 13:32 . 2008-08-25 13:32
2008-08-25 13:31 . 2008-08-25 13:31
2008-08-25 11:36 . 2008-08-25 11:36
2008-08-25 11:27 . 2008-08-25 11:27
2008-08-24 20:56 . 2008-09-02 11:48 13,880 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\COMFiltr.sys
2008-08-24 20:52 . 2008-08-24 20:52
2008-08-24 20:43 . 2008-08-24 20:43
2008-08-24 20:42 . 2003-10-22 18:23 446,464 --a------ C:\WINDOWS\SYSTEM32\HHActiveX.dll
2008-08-24 20:42 . 2007-04-24 15:43 142,128 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\netimflt.sys
2008-08-24 20:42 . 2007-03-15 19:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl
2008-08-24 20:42 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2008-08-24 20:42 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\net_m32.inf
2008-08-24 20:35 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys
2008-08-24 20:29 . 2008-08-24 20:30
2008-08-24 20:17 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys
2008-08-24 20:17 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-08-24 20:04 . 2008-08-24 20:04
2008-08-24 20:04 . 2008-08-24 20:04
2008-08-17 08:50 . 2008-08-17 08:50 59,176 --a------ C:\WINDOWS\SYSTEM32\sbbd.exe
2008-08-06 09:44 . 2008-08-06 09:44
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 06:30 90,112 ----a-w C:\WINDOWS\DUMP1510.tmp
2008-07-19 16:18 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\Gadu-Gadu
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2008-07-17 06:37 0 —ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-17 06:37 0 —ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-17 06:29 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-07-17 06:29 --------- d-----w C:\Program Files\Common Files\Nokia
2008-07-17 06:22 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\SYSTEM32\dllcache\es.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mscms.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mswsock.dll
2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip6.sys
2004-02-20 17:34 266 --sh–w C:\Program Files\desktop.ini
2004-02-20 17:34 11,232 —h–w C:\Program Files\folder.htt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 15360]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 1667584]
“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe” [2008-06-17 1249280]
“PC Suite Tray”=“C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” [2008-06-18 1122816]
“Gadu-Gadu”=“C:\PROGRA~1\GADU-G~1\gg.exe” [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-04-01 36352]
“SBAMTray”=“C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe” [2008-08-17 660776]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-11 962667]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.ac3filter”= ac3filter.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@=“Service”
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\GG.EXE”=
“C:\Program Files\PPMate\ppmate.exe”=
R2 SBAMSvc;Sunbelt VIPRE Antivirus Service;C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-08-17 849192]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 142128]
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [2008-09-02 13880]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [2007-11-06 87848]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O17 -: HKLM\CCS\Interface{4B1C84A8-1BD8-4639-8CEF-F71A3993806D}: NameServer = 83.238.255.76 213.241.79.37
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 22:11:24
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-04 22:14:53
ComboFix-quarantined-files.txt 2008-09-04 20:14:42
Pre-Run: 1,115,824,128 bajtów wolnych
Post-Run: 1,126,416,384 bajtów wolnych
145 — E O F — 2008-08-25 14:40:06
i co teraz?:(:((((
Log wygląda na czysty
Pobierz CCleaner http://www.filehippo.com/download_ccleaner/
przeskanuj nim i wyczyść rejestr.
zrób optymalizacje uruchamiania
http://cybertrash.netarteria.pl/cyber/i … 378.0.html
usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.
Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE
lub
Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& … It!+4.44.5
te skanery nic nie daja non stop mnie rozl;acza z netem:(((( co jest grane???
Ustaw ponownie łącze internetowe, skonsultuj sie z dostawca internetu