SDFixa masz uruchomić w trybie awaryjnym i dać log tu jest opis http://www.searchengines.pl/index.php?showtopic=31936&st=0&p=358436entry358436

potem log Combofixa uruchomiony dwuklikiem

to właśnie masz zrobić

SDFix: Version 1.221

Run by Maciek on 2008-09-04 at 21:43

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\Documents and Settings\Maciek\Pulpit\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\dpl.txt - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-04 21:53:18

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden services …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

“C:\Program Files\Gadu-Gadu\GG.EXE”=“C:\Program Files\Gadu-Gadu\GG.EXE:*:Enabled:Gadu-Gadu - program glowny”

“C:\Program Files\PPMate\ppmate.exe”=“C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\DOCUME~1\Maciek\Pulpit\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 30 Mar 1998 5,946,880 …H. — “C:\Corel\Graphics8\programs\CNSFlt80.dll”

Finished!

no i o to chodzi

czekam

ComboFix 08-09-03.03 - Maciek 2008-09-04 22:03:40.5 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.47 [GMT 2:00]

Running from: C:\Documents and Settings\Maciek\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))

.

2008-09-04 21:41 . 2008-09-04 21:41

2008-09-04 14:15 . 2008-09-04 14:15

2008-09-04 14:15 . 2008-09-04 14:15

2008-09-04 14:15 . 2008-09-04 14:15

2008-09-04 14:15 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys

2008-09-04 14:15 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys

2008-09-04 10:19 . 2008-09-04 10:19 91,700 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat

2008-09-04 10:19 . 2008-09-04 10:19 85,860 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat

2008-09-04 10:17 . 2008-09-04 10:17

2008-09-04 10:17 . 2008-09-04 10:17

2008-09-04 10:17 . 2008-09-04 21:57 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx

2008-09-04 10:17 . 2008-09-04 21:57 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat

2008-09-04 10:17 . 2008-09-04 21:57 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx

2008-09-04 10:17 . 2008-09-04 21:57 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat

2008-09-04 10:15 . 2008-09-04 10:15

2008-09-04 08:22 . 2008-09-04 08:22

2008-08-27 08:50 . 2008-08-27 08:50

2008-08-26 23:55 . 2008-08-26 23:55

2008-08-25 18:44 . 2008-08-25 18:44

2008-08-25 16:40 . 2008-08-25 16:40

2008-08-25 13:32 . 2008-08-25 13:32

2008-08-25 13:32 . 2008-08-25 13:32

2008-08-25 13:31 . 2008-08-25 13:31

2008-08-25 11:36 . 2008-08-25 11:36

2008-08-25 11:27 . 2008-08-25 11:27

2008-08-24 20:56 . 2008-09-02 11:48 13,880 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\COMFiltr.sys

2008-08-24 20:52 . 2008-08-24 20:52

2008-08-24 20:43 . 2008-08-24 20:43

2008-08-24 20:42 . 2003-10-22 18:23 446,464 --a------ C:\WINDOWS\SYSTEM32\HHActiveX.dll

2008-08-24 20:42 . 2007-04-24 15:43 142,128 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\netimflt.sys

2008-08-24 20:42 . 2007-03-15 19:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl

2008-08-24 20:42 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll

2008-08-24 20:42 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\net_m32.inf

2008-08-24 20:35 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys

2008-08-24 20:29 . 2008-08-24 20:30

2008-08-24 20:17 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys

2008-08-24 20:17 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\SYSTEM32\dllcache\bthport.sys

2008-08-24 20:04 . 2008-08-24 20:04

2008-08-24 20:04 . 2008-08-24 20:04

2008-08-17 08:50 . 2008-08-17 08:50 59,176 --a------ C:\WINDOWS\SYSTEM32\sbbd.exe

2008-08-06 09:44 . 2008-08-06 09:44

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-06 06:30 90,112 ----a-w C:\WINDOWS\DUMP1510.tmp

2008-07-19 16:18 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\Gadu-Gadu

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll

2008-07-17 06:37 0 —ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-07-17 06:37 0 —ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-07-17 06:29 --------- d-----w C:\Program Files\Common Files\PCSuite

2008-07-17 06:29 --------- d-----w C:\Program Files\Common Files\Nokia

2008-07-17 06:22 --------- d-----w C:\Program Files\PC Connectivity Solution

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\SYSTEM32\dllcache\es.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mscms.dll

2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mswsock.dll

2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\SYSTEM32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip6.sys

2004-02-20 17:34 266 --sh–w C:\Program Files\desktop.ini

2004-02-20 17:34 11,232 —h–w C:\Program Files\folder.htt

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 15360]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 1667584]

“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe” [2008-06-17 1249280]

“PC Suite Tray”=“C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” [2008-06-18 1122816]

“Gadu-Gadu”=“C:\PROGRA~1\GADU-G~1\gg.exe” [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-04-01 36352]

“SBAMTray”=“C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe” [2008-08-17 660776]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-11 962667]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.ac3filter”= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@=“Service”

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\GG.EXE”=

“C:\Program Files\PPMate\ppmate.exe”=

R2 SBAMSvc;Sunbelt VIPRE Antivirus Service;C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-08-17 849192]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 142128]

S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [2008-09-02 13880]

S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [2007-11-06 87848]

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/

R0 -: HKLM-Main,Start Page = hxxp://www.google.com

O17 -: HKLM\CCS\Interface{4B1C84A8-1BD8-4639-8CEF-F71A3993806D}: NameServer = 83.238.255.76 213.241.79.37

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-04 22:11:24

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-04 22:14:53

ComboFix-quarantined-files.txt 2008-09-04 20:14:42

Pre-Run: 1,115,824,128 bajtów wolnych

Post-Run: 1,126,416,384 bajtów wolnych

145 — E O F — 2008-08-25 14:40:06

i co teraz?:(:((((

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& … It!+4.44.5

te skanery nic nie daja non stop mnie rozl;acza z netem:(((( co jest grane???

Ustaw ponownie łącze internetowe, skonsultuj sie z dostawca internetu