Mam problem z wirusem:(
przesyłam log z combfix i proszę o pomoc w usunięciu szkodnika(krok po kroku).
jesli ten temat tu nie pasuje to prosze o usuniecie go przez administratora dopiero po rozwiązaniu problemu
pozdrawiam
tomek
ComboFix 09-03-12.01 - Dom 2009-03-14 10:08:50.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1014.690 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Dom\Moje dokumenty\tomek\inne\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA 
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-14 do 2009-03-14 )))))))))))))))))))))))))))))))
.
2009-03-14 08:58 . 2009-03-14 09:45 35,885 --a------ C:\k8m1l3e9f4n7.exe
2009-03-13 17:37 . 2009-03-13 17:45 62 --a------ c:\windows\wininit.ini
2009-03-12 23:16 . 2009-03-12 23:16
2009-03-12 23:08 . 2009-03-12 23:08 73,728 --a----t- c:\windows\system32\DRWEBSP.DLL
2009-03-12 21:06 . 2009-03-12 21:06
2009-03-12 13:00 . 2009-03-12 15:39
2009-03-11 09:04 . 2009-03-11 09:04 744,960 -r-hs---- c:\windows\system32\drivers\DllSrv.exe
2009-03-10 09:11 . 2009-03-10 09:11
2009-03-08 16:11 . 2009-03-08 16:11
2009-03-08 11:48 . 2009-03-08 11:48
2009-03-06 15:43 . 2009-03-06 15:43
2009-03-06 15:36 . 2008-11-24 22:40 175,104 -r-hs---- c:\windows\system32\drivers\servics.exe
2009-03-06 15:27 . 2009-03-10 09:24
2009-03-06 15:27 . 2009-03-09 22:08
2009-03-06 15:25 . 2009-03-09 22:12
2009-02-28 00:02 . 2009-02-28 00:02 848 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-02-28 00:00 . 2009-02-28 00:01
2009-02-27 23:54 . 2009-02-27 23:54
2009-02-27 23:36 . 2009-02-27 23:36
2009-02-27 23:36 . 2007-09-04 18:56 164,352 --a------ c:\windows\system32\unrar.dll
2009-02-27 23:36 . 2007-07-29 17:51 7,680 --a------ c:\windows\system32\ff_vfw.dll
2009-02-27 23:36 . 2007-07-10 18:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-02-27 23:34 . 2009-03-12 13:09 4,046 --a------ c:\windows\unins000.dat
2009-02-21 23:34 . 2009-02-21 23:36
2009-02-16 15:11 . 2009-03-11 07:44 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-16 15:11 . 2009-02-16 15:11 1,409 --a------ c:\windows\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 22:10 --------- d–h--w c:\program files\InstallShield Installation Information
2009-03-11 08:53 44,544 ----a-w c:\windows\system32\ftp.exe
2009-03-06 14:17 --------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-28 17:23 --------- d-----w c:\program files\Google
2009-02-27 22:35 --------- d-----w c:\program files\ffdshow
2009-02-27 22:35 --------- d-----w c:\program files\AC3Filter
2009-02-21 22:24 --------- d-----w c:\program files\NAPI-PROJEKT
2009-02-21 22:24 --------- d-----w c:\program files\ALLPlayer
2009-01-30 21:50 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\foobar2000
2008-09-25 12:16 19,480 ----a-w c:\documents and settings\Dom\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-06-11 11:48 370,328 ----a-w c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-06-10 18:59 4,109,584 ----a-w c:\program files\gg77.exe
2008-11-24 21:40 175,104 --sh–r c:\windows\system32\drivers\servics.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-03 15360]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-06 68856]
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2004-10-13 1694208]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2008-07-17 490952]
“CTZDetec.exe”=“c:\creative\Creative Media Lite\CTZDetec.exe” [2007-12-18 401408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“igfxtray”=“c:\windows\system32\igfxtray.exe” [2005-12-13 98304]
“igfxhkcmd”=“c:\windows\system32\hkcmd.exe” [2005-12-13 77824]
“igfxpers”=“c:\windows\system32\igfxpers.exe” [2005-12-13 118784]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2003-12-13 33792]
“CTSVolFE.exe”=“c:\program files\Creative\Mixer\CTSVolFE.exe” [2005-02-23 57344]
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2007-07-22 98304]
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2007-11-19 180269]
“SigmatelSysTrayApp”=“stsystra.exe” [2006-03-24 c:\windows\stsystra.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“MSACM.msrt24”= msrt24.acm
“msacm.l3codecp”= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“c:\Program Files\Ubisoft\Blue Byte\SETTLERS - Dziedzictwo Królów\extra2\bin\SettlersHoK.exe”=
“c:\Program Files\Kaboodle\Kaboodle.exe”=
“c:\Program Files\Kaboodle\Kaboodle Helper\vncviewer.exe”=
“c:\Program Files\Kaboodle\Kaboodle Helper\WinVNC.exe”=
“c:\Program Files\Kaboodle\Kaboodle Helper\zebedee.exe”=
R2 DllSrv Service Controler;DllSrv Service Controler;c:\windows\system32\drivers\DllSrv.exe [2009-03-11 744960]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{778e5080-34c5-11dd-83e2-dc3e06f6d845}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b85a99ab-c397-11dd-8924-e7d8106ec92a}]
\Shell\AutoRun\command - F:\EmDesk.exe
\Shell\EmDesk\command - F:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f01c3ba4-5a4f-11dd-8545-c804733d7f52}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{67KLN5J0-4OPM-00WE-AAX5-77EF1D187563}]
c:\restore\k-1-3542-4232123213-7676767-8888886\RanDll.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Dodaj do blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000