ok, usunąłem te logi z hijack i combofix, poskanowalem system antywirusami i okienka juz nie wyskakuja, dla pewnosci podaje log do sprawdzenia czy jest czysty:
ComboFix 08-02-16.2 - Baryla 2008-02-16 19:53:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1648 [GMT 1:00]
Running from: C:\Documents and Settings\Baryla\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Baryla\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE
C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe
C:\WINDOWS\admgcx.dll
C:\WINDOWS\bdmanager.dll
C:\WINDOWS\dmdvpnkgn.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\admgcx.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
----- BITS: Possible infected sites -----
hxxp://softworldnetwork.com
.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.
2008-02-16 19:14 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-16 19:14 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-16 19:14 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-16 19:14 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-16 19:14 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-16 19:14 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-16 19:14 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-16 19:14 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-16 18:22 . 2008-02-16 18:22
2008-02-16 18:08 . 2008-02-16 18:08
2008-02-16 18:08 . 2008-02-16 18:09
2008-02-16 18:07 . 2008-02-16 18:07
2008-02-16 17:46 . 2008-02-16 17:46
2008-02-16 17:32 . 2008-02-16 19:35
2008-02-16 17:31 . 2008-02-16 17:31
2008-02-16 17:21 . 2008-02-16 17:21
2008-02-16 13:03 . 2008-02-16 13:03 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-16 12:52 . 2008-02-16 12:52
2008-02-16 12:43 . 2008-02-16 12:43
2008-02-16 12:39 . 2008-02-16 12:39
2008-02-16 12:39 . 2006-09-22 14:06 92,160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-02-16 12:29 . 2008-02-16 05:22 81,920 --a------ C:\WINDOWS\fsxloqf.exe
2008-02-16 12:21 . 2008-02-16 12:34
2008-02-16 12:15 . 2008-02-16 13:14
2008-02-14 17:28 . 2008-02-14 17:28
2008-02-14 17:28 . 2008-02-16 18:16
2008-02-14 17:25 . 2008-02-14 17:25
2008-02-14 17:11 . 2008-02-14 17:11
2008-02-14 17:10 . 2008-02-14 17:10
2008-02-14 17:10 . 2008-02-14 17:10 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-14 16:39 . 2008-02-14 16:39
2008-02-14 16:31 . 2008-02-14 16:36
2008-02-14 16:31 . 2008-02-14 16:31
2008-02-14 16:26 . 2008-02-14 16:26
2008-02-14 16:15 . 2008-02-14 16:15
2008-02-14 16:14 . 2008-02-14 16:14
2008-02-14 16:07 . 2008-02-14 16:07
2008-02-14 16:01 . 2008-02-14 16:01
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 11:35 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-02-14 14:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-14 14:42 --------- d-----w C:\Program Files\totalcmd
2008-02-14 14:35 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-14 14:25 --------- d-----w C:\Program Files\MSECache
2008-02-14 14:25 --------- d-----w C:\Program Files\CyberLink
2008-02-14 14:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Dell
2008-02-14 14:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-02-14 14:24 --------- d-----w C:\Program Files\Dell
2008-02-14 14:15 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_Vostro 1400 .MRK
2008-02-14 14:15 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_Vostro 1400 .MRK
2008-02-14 14:14 0 —ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-14 14:14 0 —ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-02-14 14:13 --------- d-----w C:\Program Files\DellTPad
2008-02-14 14:12 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-02-14 14:11 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-14 14:11 --------- d-----w C:\Program Files\CONEXANT
2008-02-14 14:10 --------- d-----w C:\Program Files\SigmaTel
2008-02-14 14:06 --------- d-----w C:\Documents and Settings\Baryla\Dane aplikacji\InstallShield
2008-02-14 14:06 --------- d-----w C:\Documents and Settings\Baryla\Dane aplikacji\Dell
2008-02-14 14:01 --------- d-----w C:\Program Files\Broadcom
2008-02-14 13:58 --------- d-----w C:\Program Files\Intel
2008-02-14 13:37 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-14 13:35 --------- d-----w C:\Program Files\Usługi online
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 01:08 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54 2131392]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24 1694208]
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-02-14 00:09 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-08-01 13:15 8466432]
“nwiz”=“nwiz.exe” [2007-08-01 13:15 1626112 C:\WINDOWS\system32\nwiz.exe]
“NVHotkey”=“nvHotkey.dll” [2007-08-01 13:15 67584 C:\WINDOWS\system32\nvhotkey.dll]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-08-01 13:15 81920]
“Broadcom Wireless Manager UI”=“C:\WINDOWS\system32\WLTRAY.exe” [2007-03-16 18:10 1392640]
“Dell QuickSet”=“C:\Program Files\Dell\QuickSet\quickset.exe” [2007-09-07 17:49 1236992]
“SigmatelSysTrayApp”=“stsystra.exe” [2007-05-06 17:10 405504 C:\WINDOWS\stsystra.exe]
“Apoint”=“C:\Program Files\DellTPad\Apoint.exe” [2007-07-02 13:29 159744]
“PCMService”=“C:\Program Files\Dell\MediaDirect\PCMService.exe” [2007-11-01 15:39 189736]
“SBI”=“C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe” []
“avast!”=“E:\Programy\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360]
C:\Documents and Settings\Baryla\Menu Start\Programy\Autostart\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-02-16 12:39:51 534016]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-14 15:11:34 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“admgcx”= {06B9D297-E0D8-449D-A372-5496481763E6} - C:\WINDOWS\admgcx.dll []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 19:54:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SBI = C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe? ???"???4?b???|??b??%?|???t?p??B???)??|?6~???| ?b???7~??7~@???t?p???b?x?@?@???
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-16 19:54:42
ComboFix-quarantined-files.txt 2008-02-16 18:54:34
ComboFix2.txt 2008-02-16 18:12:54
ComboFix3.txt 2008-02-16 18:08:32
.
2008-02-16 12:14:23 — E O F —
Logfile of HijackThis v1.99.1
Scan saved at 19:56:09, on 2008-02-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\Programy\Avast4\aswUpdSv.exe
E:\Programy\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
E:\Programy\Avast4\ashMaiSv.exe
E:\Programy\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
E:\Programy\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Baryla\USTAWI~1\Temp\Rar$EX00.141\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM…\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM…\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM…\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM…\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM…\Run: [PCMService] “C:\Program Files\Dell\MediaDirect\PCMService.exe”
O4 - HKLM…\Run: [sBI] C:\Documents and Settings\Baryla\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ST0FGX87\install_sbd_en[1].exe
O4 - HKLM…\Run: [avast!] E:\Programy\Avast4\ashDisp.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O21 - SSODL: admgcx - {06B9D297-E0D8-449D-A372-5496481763E6} - C:\WINDOWS\admgcx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programy\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programy\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programy\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE