proboblem przy podłączeniu neta

[cysiowy]

Witam.

Mój kolega ma następujący problem. Pewnego pieknego dnia wyłączył kasperskiego i zawirusował czymś kompa. Po włączeniu i zneutralizowaniu ataków nie działa mu net. Występuje dziwny problem. Gdy włącza aplikacje dialnet.exe nawiązuje połączenie z internetem ale za 5 sekund wyskakuje pusta tabelka z możliwością kliknięcia anuluj i rozłącza mu neta. Po formatowaniu dysku c, oraz po blokowaniu portów programem wwdc błąd występuje nadal. Nie wiem co z tym zrobić, grzebałem mu troche w ustawieniach i nic nie pomagało. Załączam logi i czekam na wasza pomoc

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:40, on 2008-05-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\DialNet\winpppoverethernet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [] "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"
O4 - HKLM\..\Run: [z-wrdialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

--
End of file - 4323 bytes




Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"a-winpoet-service" = ""C:\Program Files\DialNet\winpppoverethernet.exe"" ["Fine Point Technologies, Inc."]
"(Default)" = ""C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"" ["Fine Point Technologies, Inc."]
"z-wrdialer" = ""C:\Program Files\DialNet\wrdialer.exe"" ["Fine Point Technologies, Inc."]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
  -> {HKLM...CLSID} = "History Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"
  -> {HKLM...CLSID} = "Statystyki dla ochrony WWW"
                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
  -> {HKLM...CLSID} = "WPDShextAutoplay"
                   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statystyki dla ochrony WWW"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Kaspersky Internet Security 7.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]
WinPPPoverEthernet, WinPPPoverEthernet, "C:\Program Files\DialNet\WrOS.EXE" ["Fine Point Technologies, Inc."]


---------- (launch time: 2008-05-21 19:26:10)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 39 seconds, including 8 seconds for message boxes)



[Okocza]

daj log z Combofixa

[cysiowy]

Kod: Zaznacz wszystko

ComboFix 08-05-20.5 - Karolka 2008-05-21 19:56:17.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.570 [GMT 2:00]
Running from: F:\scan\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-21 to 2008-05-21  )))))))))))))))))))))))))))))))
.

2008-05-21 18:46 . 2008-05-21 18:46   <DIR>   d--------   C:\Documents and Settings\Karolka\Dane aplikacji\InstallShield
2008-05-21 18:46 . 1999-09-08 14:06   1,056,768   --a------   C:\WINDOWS\system32\ROBOEX32.DLL
2008-05-21 18:46 . 2002-10-28 17:42   65,604   --a------   C:\WINDOWS\system32\drivers\WrKPoETNic2000.sys
2008-05-21 18:46 . 2004-09-16 17:56   52,214   --a------   C:\WINDOWS\system32\drivers\WrKPoET2000.sys
2008-05-21 18:46 . 2003-04-04 15:07   30,336   --a------   C:\WINDOWS\system32\drivers\fpd.sys
2008-05-21 18:45 . 2008-05-21 18:45   2,572   --a------   C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-21 18:23 . 2008-05-21 18:23   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-21 18:20 . 2008-05-21 19:53   <DIR>   d--------   C:\Program Files\DialNet
2008-05-21 18:14 . 2008-05-21 19:12   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-05-21 18:13 . 2008-05-21 19:08   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-05-21 18:10 . 2008-05-21 18:10   <DIR>   d--------   C:\Program Files\nVIDIA
2008-05-21 18:10 . 1998-10-29 16:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-05-21 18:10 . 2003-12-23 13:37   8,576   -ra------   C:\WINDOWS\system32\drivers\nvp2p.sys
2008-05-21 18:09 . 2000-10-25 14:27   3,000   -ra------   C:\WINDOWS\system32\SetupNT.sys
2008-05-21 18:08 . 2008-05-21 18:08   <DIR>   d--------   C:\WINDOWS\system32\URTTemp
2008-05-21 18:08 . 2008-05-21 18:08   9   --a------   C:\WINDOWS\system32\BSETUP.TMP
2008-05-21 18:07 . 2005-06-28 21:05   516,096   ---------   C:\WINDOWS\system32\ati2sgag.exe
2008-05-21 18:07 . 2005-06-29 07:41   307,200   -ra------   C:\WINDOWS\system32\atiiiexx.dll
2008-05-21 18:06 . 2008-05-21 18:20   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-05-21 18:06 . 2008-05-21 18:07   <DIR>   d--------   C:\Program Files\ATI Technologies
2008-05-21 18:06 . 2005-04-07 17:20   524,850   -ra------   C:\WINDOWS\system32\drivers\ativcaxx.cpa
2008-05-21 18:06 . 2005-06-10 22:59   95,617   -ra------   C:\WINDOWS\system32\atiicdxx.dat
2008-05-21 18:06 . 2005-03-10 16:52   58,521   -ra------   C:\WINDOWS\system32\drivers\ativckxx.vp
2008-05-21 18:06 . 2005-06-29 08:15   21,472   -ra------   C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-05-21 18:06 . 2005-05-10 02:47   5,396   -ra------   C:\WINDOWS\system32\atifglpf.xml
2008-05-21 18:06 . 2005-04-07 17:20   900   -ra------   C:\WINDOWS\system32\drivers\ativcaxx.vp
2008-05-21 18:05 . 2008-05-21 18:05   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-05-21 18:02 . 2008-05-21 19:59   <DIR>   d--h-----   C:\Documents and Settings\Karolka\Ustawienia lokalne
2008-05-21 18:02 . 2008-05-21 18:03   <DIR>   dr-------   C:\Documents and Settings\Karolka\Ulubione
2008-05-21 18:02 . 2008-05-21 17:52   <DIR>   d--h-----   C:\Documents and Settings\Karolka\Szablony
2008-05-21 18:02 . 2008-05-21 19:26   <DIR>   d--------   C:\Documents and Settings\Karolka\Pulpit
2008-05-21 18:02 . 2008-05-21 18:03   <DIR>   dr-------   C:\Documents and Settings\Karolka\Moje dokumenty
2008-05-21 18:02 . 2008-05-21 19:44   <DIR>   dr-------   C:\Documents and Settings\Karolka\Menu Start
2008-05-21 18:02 . 2008-05-21 18:12   <DIR>   dr-h-----   C:\Documents and Settings\Karolka\Dane aplikacji
2008-05-21 18:02 . 2008-05-21 18:40   <DIR>   d--------   C:\Documents and Settings\Karolka
2008-05-21 18:00 . 2008-05-21 18:00   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-05-21 18:00 . 2008-05-21 19:59   <DIR>   d--h-----   C:\Documents and Settings\NetworkService\Ustawienia lokalne
2008-05-21 18:00 . 2008-05-21 18:00   <DIR>   d--------   C:\Documents and Settings\NetworkService\Dane aplikacji
2008-05-21 18:00 . 2008-05-21 18:40   <DIR>   d--hs----   C:\Documents and Settings\NetworkService
2008-05-21 18:00 . 2008-05-21 19:59   <DIR>   d--h-----   C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-05-21 18:00 . 2008-05-21 18:00   <DIR>   d--------   C:\Documents and Settings\LocalService\Dane aplikacji
2008-05-21 18:00 . 2008-05-21 18:40   <DIR>   d--hs----   C:\Documents and Settings\LocalService
2008-05-21 18:00 . 2008-05-21 18:00   8,192   --a------   C:\WINDOWS\REGLOCS.OLD
2008-04-25 16:09 . 2008-04-25 16:09   1,571,840   --a------   C:\WINDOWS\system32\sfcfiles.dll
2008-04-25 16:09 . 2008-04-25 16:09   999,936   --a------   C:\WINDOWS\system32\syssetup.dll
2008-04-25 16:07 . 2008-04-25 16:07   2,603,008   --a------   C:\WINDOWS\system32\wpdshext.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 18:00   4,896   --sha-w   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-21 18:00   177,440   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-21 17:53   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-21 17:27   4,088   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-21 17:27   1,340   --sha-w   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-21 17:12   91,700   ----a-w   C:\WINDOWS\system32\drivers\klin.dat
2008-05-21 17:12   85,860   ----a-w   C:\WINDOWS\system32\drivers\klick.dat
2008-05-21 15:56   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-05-21 15:55   ---------   d-----w   C:\Program Files\Usługi online
2008-05-21 15:52   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-04-25 14:07   991,744   ----a-w   C:\WINDOWS\system32\drmv2clt.dll
2008-04-15 01:04   1,246,357   ----a-r   C:\WINDOWS\SET3.tmp
2008-04-15 00:56   16,825   ----a-r   C:\WINDOWS\SET8.tmp
2008-04-15 00:56   1,088,840   ----a-r   C:\WINDOWS\SET4.tmp
2008-04-14 23:16   1,804   ----a-w   C:\WINDOWS\system32\Dcache.bin
2008-04-14 22:56   332,288   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 22:52   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 22:52   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 22:52   299,520   ----a-w   C:\WINDOWS\system32\drmclien.dll
2008-04-14 22:52   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 22:52   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 22:52   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 22:52   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 22:50   997,888   ----a-w   C:\WINDOWS\system32\setupapi.dll
2008-04-14 22:49   98,304   ----a-w   C:\WINDOWS\system32\actxprxy.dll
2008-04-14 22:48   5,632   ----a-w   C:\WINDOWS\system32\wmi.dll
2008-04-14 22:48   1,449,472   ----a-w   C:\WINDOWS\system32\winntbbu.dll
2008-04-14 22:47   57,375   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 22:47   103,424   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-14 22:43   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 22:42   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-14 22:36   3,584   ----a-w   C:\WINDOWS\system32\icmp.dll
2008-04-14 22:35   9,344   ----a-w   C:\WINDOWS\system32\framebuf.dll
2008-04-14 22:35   569,856   ----a-w   C:\WINDOWS\system32\gpedit.dll
2008-04-14 22:33   3,072   ----a-w   C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 22:33   3,072   ----a-w   C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 22:33   24,064   ----a-w   C:\WINDOWS\system32\pidgen.dll
2008-04-14 22:31   16,896   ----a-w   C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 22:30   285,696   ----a-w   C:\WINDOWS\system32\atmfd.dll
2008-04-14 22:04   73,472   ----a-w   C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 22:03   68,608   ----a-w   C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 22:03   120,320   ----a-w   C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 22:00   2,190,336   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 21:55   4,096   ----a-w   C:\WINDOWS\system32\dsprpres.dll
2008-04-14 21:52   89,600   ----a-w   C:\WINDOWS\system32\msxml6r.dll
2008-04-14 21:52   800,000   ----a-w   C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 21:52   153,856   ----a-w   C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 21:50   80,896   ----a-w   C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 21:50   24,960   ----a-w   C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 21:50   14,720   ----a-w   C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 21:48   37,632   ----a-w   C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 21:46   40,448   ----a-w   C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 21:45   49,664   ----a-w   C:\WINDOWS\system32\inetres.dll
2008-04-14 21:43   563,200   ----a-w   C:\WINDOWS\system32\shdoclc.dll
2008-04-14 21:41   65,280   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 21:41   53,248   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 21:37   10,240   ----a-w   C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 21:35   67,584   ----a-w   C:\WINDOWS\system32\browselc.dll
2008-04-14 21:35   58,880   ----a-w   C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 21:35   1,845,888   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-14 21:33   44,672   ----a-w   C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 21:31   52,864   ----a-w   C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 21:24   69,552   ----a-w   C:\WINDOWS\system32\mmsystem.dll
2008-04-14 21:24   188,544   ----a-w   C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 20:52   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:51   294,912   ----a-w   C:\WINDOWS\system32\msh263.drv
2008-04-14 00:58   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 00:51   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 00:50   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 00:50   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 00:50   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 00:49   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 00:49   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 00:49   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 00:49   146,048   ----a-w   C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 00:49   138,112   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 00:47   83,072   ----a-w   C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 00:47   456,576   ----a-w   C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 00:47   105,344   ----a-w   C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 00:46   49,536   ----a-w   C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 00:45   60,800   ----a-w   C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 00:45   574,976   ----a-w   C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 00:45   334,848   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 00:44   63,744   ----a-w   C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 00:44   143,744   ----a-w   C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 00:30   225,664   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 00:30   19,072   ----a-w   C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 00:27   41,472   ----a-w   C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 00:27   40,576   ----a-w   C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 00:27   34,560   ----a-w   C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 00:27   20,864   ----a-w   C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 00:27   152,832   ----a-w   C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 00:27   14,336   ----a-w   C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 00:27   10,112   ----a-w   C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 00:26   88,320   ----a-w   C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 00:26   69,120   ----a-w   C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 00:26   35,072   ----a-w   C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 00:26   34,688   ----a-w   C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 00:26   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 00:26   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 00:51 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-01-18 10:26 405504]
"z-wrdialer"="C:\Program Files\DialNet\wrdialer.exe" [2007-01-18 13:18 483328]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 00:51 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 nvp2p;NVIDIA PCI to PCI Bridge Filter;C:\WINDOWS\system32\DRIVERS\nvp2p.sys [2003-12-23 13:37]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2004-09-16 17:56]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2003-04-04 15:07]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2004-09-16 17:56]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 17:42]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 20:00:14
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-21 20:01:31
ComboFix-quarantined-files.txt  2008-05-21 18:01:28

Pre-Run: 17,932,251,136 bajtów wolnych
Post-Run: 17,943,957,504 bajtów wolnych

204


[Okocza]

Wykonaj to co jest podane w tym temacie


1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[cysiowy]

niestety nie pomaga

[Okocza]

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt