100 % zużycia procesoru.

[r0tfl]

Log z Combofix-a.

Kod: Zaznacz wszystko

[quote]ComboFix 08-09-05.14 - r0tfl 2008-09-12 14:07:26.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.0.1250.1.1045.18.83 [GMT 2:00]
Running from: C:\Documents and Settings\r0tfl\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Microsoft\backup.ftp

.
(((((((((((((((((((((((((   Files Created from 2008-08-12 to 2008-09-12  )))))))))))))))))))))))))))))))
.

2008-09-12 14:04 . 2008-09-12 14:04   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-11 21:48 . 2008-09-11 21:48   <DIR>   d--------   C:\WINDOWS\Sun
2008-09-11 21:48 . 2008-09-11 21:48   <DIR>   d--------   C:\WINDOWS\.jagex_cache_32
2008-09-11 21:48 . 2008-09-11 21:48   0   --a------   C:\Documents and Settings\r0tfl\jagex_runescape_preferences.dat
2008-09-11 21:46 . 2008-09-11 21:46   <DIR>   d--------   C:\Program Files\Sun
2008-09-11 21:44 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-09-11 21:40 . 2008-09-11 21:44   <DIR>   d--------   C:\Program Files\Java
2008-09-11 21:38 . 2008-09-11 21:38   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-09-11 15:52 . 2008-09-11 15:53   <DIR>   d--------   C:\Documents and Settings\r0tfl\Dane aplikacji\Media Player Classic
2008-09-11 15:37 . 2008-09-11 15:38   <DIR>   d--------   C:\Program Files\Real Alternative
2008-09-11 15:37 . 2003-03-19 05:14   499,712   --a------   C:\WINDOWS\system32\msvcp71.dll
2008-09-11 15:37 . 2004-01-12 00:00   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2008-09-10 21:42 . 2008-09-10 21:42   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-09-10 21:42 . 2008-09-10 21:58   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-09-10 21:08 . 2008-09-10 21:08   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-09-10 21:00 . 2008-09-10 21:01   <DIR>   d--------   C:\Program Files\SkanerOnline
2008-09-10 20:42 . 2008-09-10 21:04   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-09-10 20:42 . 2008-09-10 21:04   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-09-10 20:41 . 2008-09-10 20:41   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-09-10 20:41 . 2008-09-12 14:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-10 20:41 . 2008-09-12 14:23   569,888   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-10 20:41 . 2008-09-12 14:23   19,232   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-10 20:41 . 2008-09-12 14:23   9,584   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-10 20:41 . 2008-09-12 14:23   2,804   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-10 20:40 . 2008-09-10 20:40   <DIR>   d--------   C:\kav
2008-09-10 20:15 . 2008-09-10 20:15   <DIR>   d--------   C:\Documents and Settings\r0tfl\Dane aplikacji\Gadu-Gadu
2008-09-10 19:41 . 2008-09-10 19:41   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-09-10 19:41 . 2008-09-10 20:16   <DIR>   d--------   C:\Documents and Settings\r0tfl\Gadu-Gadu
2008-09-10 17:51 . 2008-09-10 17:31   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-09-10 17:51 . 2008-09-10 17:31   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-09-10 17:51 . 2008-09-10 16:36   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-09-10 17:51 . 2008-09-10 17:31   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-09-10 17:51 . 2008-09-10 17:31   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-09-10 17:51 . 2008-09-10 17:31   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-09-10 17:51 . 2008-09-10 17:31   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-09-10 17:51 . 2008-09-10 17:51   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-09-10 17:49 . 2008-09-10 17:49   316,640   --a------   C:\WINDOWS\WMSysPr9.prx
2008-09-10 17:47 . 2008-09-10 17:47   <DIR>   d--------   C:\Documents and Settings\LocalService\Menu Start
2008-09-10 17:46 . 2008-09-12 14:09   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-09-10 17:44 . 2008-09-10 18:03   5,604   --a------   C:\WINDOWS\system32\spupdsvc.inf
2008-09-10 17:40 . 2008-09-10 17:40   <DIR>   d--------   C:\WINDOWS\provisioning
2008-09-10 17:40 . 2008-09-10 17:53   <DIR>   d--------   C:\WINDOWS\peernet
2008-09-10 17:36 . 2008-09-10 17:39   <DIR>   d--------   C:\Documents and Settings\r0tfl\Dane aplikacji\GetRightToGo
2008-09-10 17:34 . 2004-07-17 11:40   19,528   --a------   C:\WINDOWS\[u]0[/u]02278_.tmp
2008-09-10 17:33 . 2004-08-03 22:43   15,872   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-09-10 17:33 . 2001-08-17 22:59   3,072   --a------   C:\WINDOWS\system32\drivers\audstub.sys
2008-09-10 17:31 . 2008-09-12 14:20   <DIR>   d--------   C:\WINDOWS\system32\CatRoot2
2008-09-10 17:31 . 2008-09-10 17:31   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Ustawienia lokalne
2008-09-10 17:31 . 2008-09-10 17:31   <DIR>   d--------   C:\Documents and Settings\Default User\Ulubione
2008-09-10 17:31 . 2008-09-10 16:36   <DIR>   d--h-----   C:\Documents and Settings\Default User\Szablony
2008-09-10 17:31 . 2008-09-10 17:31   <DIR>   d--------   C:\Documents and Settings\Default User\Pulpit
2008-09-10 17:31 . 2008-09-10 17:31   <DIR>   d--------   C:\Documents and Settings\Default User\Moje dokumenty
2008-09-10 17:31 . 2008-09-10 17:31   <DIR>   dr-------   C:\Documents and Settings\Default User\Menu Start
2008-09-10 17:31 . 2008-09-10 17:31   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Dane aplikacji
2008-09-10 17:31 . 2008-09-10 17:31   <DIR>   d--------   C:\Documents and Settings\All Users\Ulubione
2008-09-10 17:31 . 2008-09-11 21:46   <DIR>   d--h-----   C:\Documents and Settings\All Users\Szablony
2008-09-10 17:31 . 2008-09-11 21:46   <DIR>   d--------   C:\Documents and Settings\All Users\Pulpit
2008-09-10 17:31 . 2008-09-11 21:46   <DIR>   dr-------   C:\Documents and Settings\All Users\Menu Start
2008-09-10 17:31 . 2008-09-10 17:47   <DIR>   dr-------   C:\Documents and Settings\All Users\Dokumenty
2008-09-10 17:31 . 2008-09-10 21:42   <DIR>   dr-h-----   C:\Documents and Settings\All Users\Dane aplikacji
2008-09-10 17:30 . 2008-09-10 16:45   <DIR>   d--h-----   C:\Documents and Settings\Default User
2008-09-10 17:29 . 2008-09-10 17:53   <DIR>   d--------   C:\WINDOWS\EHome
2008-09-10 17:28 . 2008-09-10 17:29   <DIR>   d--------   C:\Program Files\ATI Technologies
2008-09-10 17:20 . 2008-09-10 17:20   <DIR>   d--------   C:\WINDOWS\system32\Adobe
2008-09-10 17:20 . 2008-09-10 17:20   <DIR>   d--------   C:\WINDOWS\Profiles
2008-09-10 17:20 . 2008-09-10 17:20   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-09-10 17:20 . 2008-09-10 17:20   <DIR>   d--------   C:\Documents and Settings\r0tfl\Dane aplikacji\InterTrust
2008-09-10 17:20 . 1998-10-29 15:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-09-10 17:20 . 2001-10-16 10:23   163,840   --a------   C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2008-09-10 17:20 . 2001-12-12 11:46   131,072   --a------   C:\WINDOWS\system32\Epcmlib.dll
2008-09-10 17:19 . 2008-09-10 17:19   <DIR>   d--------   C:\Program Files\ArcSoft
2008-09-10 17:19 . 1999-05-26 09:46   212,480   --a------   C:\WINDOWS\pcdlib32.dll
2008-09-10 17:18 . 2008-09-10 17:18   <DIR>   d--------   C:\Program Files\Common Files\Python
2008-09-10 17:18 . 2001-10-19 12:18   708,696   --a------   C:\WINDOWS\system32\python21.dll
2008-09-10 17:18 . 2001-10-19 12:18   290,919   --a------   C:\WINDOWS\system32\pythoncom21.dll
2008-09-10 17:18 . 2001-10-19 12:19   57,344   --a------   C:\WINDOWS\system32\PyWinTypes21.dll
2008-09-10 17:16 . 2002-05-10 19:56   122,880   --a------   C:\WINDOWS\system32\EEBAPI.dll
2008-09-10 17:16 . 2002-05-10 19:56   102,400   --a------   C:\WINDOWS\system32\EEBDSCVR.dll
2008-09-10 17:16 . 1999-06-15 11:31   96,768   --a------   C:\WINDOWS\SlantAdj.dll
2008-09-10 17:16 . 1999-12-07 02:03   73,216   --a------   C:\WINDOWS\ADE.DLL
2008-09-10 17:16 . 2002-01-10 19:05   65,536   --a------   C:\WINDOWS\system32\EEBUtil.dll
2008-09-10 17:16 . 2002-01-29 13:33   65,536   --a------   C:\WINDOWS\system32\EBAPI.dll
2008-09-10 17:16 . 2001-08-21 01:00   54,272   --a------   C:\WINDOWS\system32\EEBSDKIF.dll
2008-09-10 17:16 . 1999-04-27 00:17   3,136   --a------   C:\WINDOWS\Ade001.bin
2008-09-10 17:16 . 2000-09-08 13:31   72   -ra------   C:\WINDOWS\system32\epDPE.ini
2008-09-10 17:15 . 2008-09-10 17:15   <DIR>   d--------   C:\Program Files\Common Files\EPSON
2008-09-10 17:15 . 2001-08-23 01:04   139,264   --a------   C:\WINDOWS\system32\EBAPI2.dll
2008-09-10 17:13 . 2008-09-10 17:20   <DIR>   d--------   C:\Program Files\EPSON
2008-09-10 17:13 . 2002-09-23 20:40   70,924   --a------   C:\WINDOWS\system32\EBPMON2.DLL
2008-09-10 17:13 . 2002-09-23 20:39   56,832   --a------   C:\WINDOWS\system32\ECBTEG.DLL
2008-09-10 17:13 . 2002-09-23 20:40   34,304   --a------   C:\WINDOWS\system32\EBPCHP.DLL
2008-09-10 17:13 . 2008-09-10 17:15   12,198   --a------   C:\WINDOWS\EPSTPLOG.BAK
2008-09-10 17:13 . 2002-09-23 20:45   182   --a------   C:\WINDOWS\system32\EBPPORT.DAT
2008-09-10 17:12 . 2008-09-10 17:12   <DIR>   d--------   C:\WUTemp
2008-09-10 17:12 . 2008-09-10 17:12   <DIR>   d--------   C:\EPSON
2008-09-10 17:12 . 2002-06-05 00:00   184,320   --a------   C:\WINDOWS\system32\esdtr.dll
2008-09-10 17:12 . 2003-08-25 18:06   182,880   --a------   C:\WINDOWS\system32\iuenginenew.dll
2008-09-10 17:12 . 2002-02-08 00:00   90,112   --a------   C:\WINDOWS\system32\epcomdd.dll
2008-09-10 17:12 . 2002-06-17 00:00   86,016   --a------   C:\WINDOWS\system32\epfb5cpl.dll
2008-09-10 17:12 . 2000-10-11 00:00   53,248   --a------   C:\WINDOWS\system32\esicm.dll
2008-09-10 17:12 . 2001-11-15 00:00   47,104   --a------   C:\WINDOWS\system32\escimgd.dll
2008-09-10 17:12 . 2002-06-20 00:00   32,256   --a------   C:\WINDOWS\system32\escwiad.dll
2008-09-10 17:12 . 2002-06-20 00:00   22,528   --a------   C:\WINDOWS\system32\esccmd.dll
2008-09-10 17:10 . 2003-09-03 14:58   933,888   -ra------   C:\WINDOWS\system\cmicnfg.cpl
2008-09-10 17:10 . 2003-09-03 14:58   917,504   -ra------   C:\WINDOWS\system\cmids3d.dll
2008-09-10 17:10 . 2003-09-03 14:58   712,704   -ra------   C:\WINDOWS\system32\Audio3D.dll
2008-09-10 17:10 . 2003-09-03 14:58   712,704   -ra------   C:\WINDOWS\system32\a3d.dll
2008-09-10 17:10 . 2003-09-03 14:58   221,184   -ra------   C:\WINDOWS\system32\cmirmdrv.exe
2008-09-10 17:10 . 2003-09-03 14:58   98,304   -ra------   C:\WINDOWS\system32\cmuda.dll
2008-09-10 17:10 . 2003-09-03 14:58   28,672   -ra------   C:\WINDOWS\system32\cmirmdrv.dll
2008-09-10 17:09 . 2003-09-03 14:58   1,900,544   -ra------   C:\WINDOWS\system32\cmiwcnfg.dll
2008-09-10 17:09 . 2003-09-03 14:58   733,248   -ra------   C:\WINDOWS\system32\drivers\cmuda.sys
2008-09-10 17:09 . 2003-09-03 14:58   32,768   -ra------   C:\WINDOWS\system32\udaprop.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 19:05   112,144   ----a-w   C:\WINDOWS\system32\drivers\kl1.sys
2008-09-10 18:44   42,496   ----a-w   C:\WINDOWS\system32\ftp.exe
2008-09-10 17:05   ---------   d-----w   C:\Program Files\Common Files\Softwin
2008-09-10 16:56   ---------   d-----w   C:\Program Files\Softwin
2008-09-10 16:39   133,120   ----a-w   C:\WINDOWS\system32\sfc_os.dll
2008-09-10 16:37   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-09-10 15:29   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-10 14:51   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-09-10 14:40   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-09-10 14:38   ---------   d-----w   C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 1077277]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-09-23 74752]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 227856]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 13312]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 24592]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 14:24:18
Windows 5.1.2600  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
.
**************************************************************************
.
Completion time: 2008-09-12 14:27:36 - machine was rebooted [r0tfl]
ComboFix-quarantined-files.txt  2008-09-12 12:27:21

Pre-Run: 48,893,145,088 bajtów wolnych
Post-Run: 48,984,944,640 bajt˘w wolnych

203
[/quote]

Log z HijackThis.

Kod: Zaznacz wszystko

[quote]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:45, on 12/09/2008
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

--
End of file - 5173 bytes
[/quote]

[djarta]

Wg mnie - czysto.

Wykonaj to co jest podane w tym temacie (jeśli wykonałeś/łaś to wcześniej to nie rób tego).

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.



=============================
K.

[r0tfl]

Raport kaspersky.

Kod: Zaznacz wszystko

[quote]-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
12 wrzesień 2008 17:50:57
System operacyjny: Microsoft Windows XP Professional,  (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.1
Ostatnia aktualizacja Kaspersky Anti-Virus12/09/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus1217084
-------------------------------------------------------------------------------

Ustawienia skanowania:
   Skanowanie przy użyciu następujących baz danych: rozszerzone
   Skanuj archiwa: tak
   Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
   A:\
   C:\
   D:\
   E:\
   F:\

Statystyki skanowania:
   Liczba skanowanych obiektów: 23699
   Liczba wykrytych wirusów: 4
   Liczba zainfekowanych obiektów: 6
   Liczba podejrzanych obiektów: 0
   Czas trwania skanowania: 00:45:00

Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Report\00b6_File_Monitoring_eventlog.rpt   Object is locked   pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Report\00b8_Web_Monitoring_eventlog.rpt   Object is locked   pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Report\00b9_pdm_eventlog_reg.rpt   Object is locked   pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Report\detected.idx   Object is locked   pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Report\detected.rpt   Object is locked   pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Report\eventlog.rpt   Object is locked   pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Report\report.rpt   Object is locked   pominięty
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat   Object is locked   pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat   Object is locked   pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat   Object is locked   pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat   Object is locked   pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Cookies\index.dat   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\cert8.db   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\content-prefs.sqlite   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\cookies.sqlite   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\downloads.sqlite   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\formhistory.sqlite   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\key3.db   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\parent.lock   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\permissions.sqlite   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\places.sqlite   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\places.sqlite-journal   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Dane aplikacji\Mozilla\Firefox\Profiles\slvs0a6x.default\search.sqlite   Object is locked   pominięty
C:\Documents and Settings\r0tfl\NTUSER.DAT   Object is locked   pominięty
C:\Documents and Settings\r0tfl\NTUSER.DAT.LOG   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Pulpit\odk11.3.0808setup_[www.programosy.pl].exe   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Ustawienia lokalne\Historia\History.IE5\index.dat   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Ustawienia lokalne\Historia\History.IE5\MSHist012008091220080913\index.dat   Object is locked   pominięty
C:\Documents and Settings\r0tfl\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat   Object is locked   pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   pominięty
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   pominięty
C:\WINDOWS\Sti_Trace.log   Object is locked   pominięty
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   pominięty
C:\WINDOWS\system32\config\default   Object is locked   pominięty
C:\WINDOWS\system32\config\default.LOG   Object is locked   pominięty
C:\WINDOWS\system32\config\SAM   Object is locked   pominięty
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   pominięty
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   pominięty
C:\WINDOWS\system32\config\SECURITY   Object is locked   pominięty
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   pominięty
C:\WINDOWS\system32\config\software   Object is locked   pominięty
C:\WINDOWS\system32\config\software.LOG   Object is locked   pominięty
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   pominięty
C:\WINDOWS\system32\config\system   Object is locked   pominięty
C:\WINDOWS\system32\config\system.LOG   Object is locked   pominięty
C:\WINDOWS\system32\drivers\fidbox.dat   Object is locked   pominięty
C:\WINDOWS\system32\drivers\fidbox.idx   Object is locked   pominięty
C:\WINDOWS\system32\drivers\fidbox2.dat   Object is locked   pominięty
C:\WINDOWS\system32\drivers\fidbox2.idx   Object is locked   pominięty
C:\WINDOWS\system32\h323log.txt   Object is locked   pominięty
C:\WINDOWS\system32\sfc_os.dll   Zainfekowanych: not-a-virus:RiskTool.Win32.SFCDisable.b   pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   pominięty
C:\WINDOWS\wiadebug.log   Object is locked   pominięty
C:\WINDOWS\wiaservc.log   Object is locked   pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   pominięty
D:\System Volume Information\_restore{A3C46324-FCAF-44D5-BEEF-2B3EE5922BFC}\RP26\A0007653.dll   Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.i   pominięty
D:\System Volume Information\_restore{A3C46324-FCAF-44D5-BEEF-2B3EE5922BFC}\RP26\A0007655.exe   Zainfekowanych: not-a-virus:RiskTool.Win32.Reboot.f   pominięty
D:\System Volume Information\_restore{C88DD381-93C6-4D37-84BD-5C0A3796C2B1}\RP21\A0004124.exe/stream/data0008   Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.621   pominięty
D:\System Volume Information\_restore{C88DD381-93C6-4D37-84BD-5C0A3796C2B1}\RP21\A0004124.exe/stream   Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.621   pominięty
D:\System Volume Information\_restore{C88DD381-93C6-4D37-84BD-5C0A3796C2B1}\RP21\A0004124.exe   NSIS: zainfekowany - 2   pominięty

Proces skanowania został zakończony.[/quote]

FixIEDef

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.6.9.6104                              *
*                                                                              *
********************************************************************************

Created at 15:03:41 on Friday, September 12, 2008

Time Zone         :

Logged On User    : r0tfl

Operating System  : Microsoft Windows XP Professional
OS Version        : 5.1.2600
System Langauge   : Polish
Keyboard Layout   : Polish
Processor         : X86                 Intel(R) Celeron(R) CPU 2.60GHz

System Drive      : C:\
Windows Directory : C:\WINDOWS
System Directory  : C:\WINDOWS\System32

Total Physical Memory : 261616 KB
Free Physical Memory  : 102984 KB
Total Virtual Memory  : 2097024 KB
Free Virtual Memory   : 2024420 KB

Boot State        : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

[djarta]

Pobierz ---> The Avenger

Wklej do niego ten tekst:

Kod: Zaznacz wszystko

Files to delete:
C:\WINDOWS\system32\sfc_os.dll

Folders to delete:
D:\System Volume Information\_restore{A3C46324-FCAF-44D5-BEEF-2B3EE5922BFC}\RP26
D:\System Volume Information\_restore{C88DD381-93C6-4D37-84BD-5C0A3796C2B1}\RP21


Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt


==========================
K.