Ms antivirus

[Mac'Hashyk]

Tym razem ja namieszałem

Dziś rano po uruchomieniu systemu pojawiło mi się okienko MS Antivirus z informacją, że wykryto na dysku zagrożenia. Wyłączyło mi zapore systemu, antywirka i możliwość uruchamiania internetu, po czym zresetowało system. Po restarcie internet i antywirek (Kaspersky 7) działał już ok. Hijackiem zfixowałem 2 wpisy o tym MSA, które znalazłem, a po zrobieniu loga ComboFixem MSA w ogóle się wyłączył.
Logi:

*HijackThis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21, on 2008-09-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sleepy\service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\svchost.exe
C:\Documents and Settings\All Users\Dane aplikacji\ofmjwngx\gxkrglqf.exe
C:\Program Files\Sleepy\monitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [AdmTask] C:\Program Files\AdmTask\admtask.exe /m
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKLM\..\Policies\Explorer\Run: [ABYaLfoqcr] C:\Documents and Settings\All Users\Dane aplikacji\ofmjwngx\gxkrglqf.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: StrUtilAdm - {6C9612A1-0E14-6FCB-B3DE-0554E4DCE40B} - C:\Program Files\xymyvkc\StrUtilAdm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sleepy - Unknown owner - C:\Program Files\Sleepy\service.exe

--
End of file - 4401 bytes


*combofix:

Kod: Zaznacz wszystko

ComboFix 08-09-01.05 - Marcin 2008-09-03 10:15:11.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.510 [GMT 2:00]
Running from: C:\Documents and Settings\Marcin\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\5.exe
C:\WINDOWS\svchost.exe
E:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-08-03 to 2008-09-03  )))))))))))))))))))))))))))))))
.

2008-09-03 10:07 . 2008-09-03 10:07   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-03 09:27 . 2008-08-28 14:57   167,424   --a------   C:\WINDOWS\system32\MSA.cpl
2008-09-03 09:27 . 2008-08-28 15:57   3,262   --a------   C:\WINDOWS\system32\1.ico
2008-09-01 00:01 . 2008-09-01 00:01   <DIR>   d--------   C:\Program Files\xymyvkc
2008-09-01 00:01 . 2008-09-01 00:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ofmjwngx
2008-08-27 20:59 . 2008-08-27 21:05   34   --a------   C:\WINDOWS\cdplayer.ini
2008-08-26 03:50 . 2008-08-26 03:50   <DIR>   d--------   C:\Downloads
2008-08-23 16:32 . 2008-08-23 16:32   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\TransRu2
2008-08-21 21:58 . 2008-08-21 21:58   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\InterVideo
2008-08-21 03:57 . 2008-08-21 03:57   <DIR>   d--------   C:\Program Files\DVD Shrink
2008-08-21 03:57 . 2008-08-21 03:57   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink
2008-08-20 23:14 . 2008-08-20 23:14   <DIR>   d--------   C:\Program Files\Ventrilo
2008-08-20 23:14 . 2008-08-20 23:16   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Ventrilo
2008-08-20 23:13 . 2008-08-20 23:13   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 22:47 . 2008-08-20 22:47   <DIR>   d--------   C:\Program Files\SlySoft
2008-08-20 22:45 . 2008-08-20 22:45   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Elaborate Bytes
2008-08-20 22:42 . 2008-08-20 22:42   <DIR>   d--------   C:\Program Files\Elaborate Bytes
2008-08-20 10:59 . 2008-08-20 11:01   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\BESTplayer
2008-08-18 23:22 . 2008-08-18 23:22   <DIR>   d--------   C:\Program Files\Borland
2008-08-16 21:53 . 2007-04-13 08:50   90,888   -ra------   C:\WINDOWS\system32\drivers\zebrsce.sys
2008-08-16 21:52 . 2007-04-13 08:50   108,424   -ra------   C:\WINDOWS\system32\drivers\zebrmdmc.sys
2008-08-16 21:52 . 2007-04-13 08:50   108,296   -ra------   C:\WINDOWS\system32\drivers\zebrmdm.sys
2008-08-16 21:52 . 2007-04-13 08:50   83,080   -ra------   C:\WINDOWS\system32\drivers\zebrbus.sys
2008-08-16 21:52 . 2007-04-13 08:50   15,112   -ra------   C:\WINDOWS\system32\drivers\zebrmdfl.sys
2008-08-16 21:52 . 2007-04-13 08:50   12,424   -ra------   C:\WINDOWS\system32\drivers\zebrcmnt.sys
2008-08-16 21:52 . 2007-04-13 08:50   12,424   -ra------   C:\WINDOWS\system32\drivers\zebrcm.sys
2008-08-16 20:57 . 2008-08-16 21:53   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Teleca
2008-08-16 20:56 . 2007-04-13 08:50   62,984   -ra------   C:\WINDOWS\system32\drivers\zebrceb.sys
2008-08-16 20:56 . 2007-04-13 08:50   12,424   -ra------   C:\WINDOWS\system32\drivers\zebrwhnt.sys
2008-08-16 20:56 . 2007-04-13 08:50   12,424   -ra------   C:\WINDOWS\system32\drivers\zebrwh.sys
2008-08-16 20:55 . 2008-08-16 20:55   <DIR>   d--------   C:\Program Files\Symbian
2008-08-16 20:55 . 2008-08-16 20:55   <DIR>   d--------   C:\Program Files\Intuwave
2008-08-16 20:55 . 2008-08-16 20:55   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Sony Ericsson
2008-08-16 20:55 . 2005-06-08 15:53   288   --a------   C:\WINDOWS\mrinstu.iss
2008-08-16 20:54 . 2008-08-16 20:54   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-08-16 20:54 . 2008-08-16 20:56   <DIR>   d--------   C:\Program Files\Sony Ericsson
2008-08-16 20:54 . 2008-08-16 20:54   <DIR>   d--------   C:\Program Files\Common Files\Teleca Shared
2008-08-16 20:54 . 2008-08-16 20:54   <DIR>   d--------   C:\Program Files\Common Files\Sony Ericsson Shared
2008-08-16 20:54 . 2008-08-16 20:54   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-08-16 20:54 . 2008-08-16 20:54   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-08-07 20:04 . 2008-08-10 12:02   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-07 01:55 . 2008-08-07 01:55   <DIR>   d--------   C:\Program Files\Real Alternative
2008-08-07 00:17 . 2008-08-07 00:17   20   --a------   C:\WINDOWS\naglos.INI
2008-08-06 23:04 . 2008-08-06 23:04   <DIR>   d--------   C:\Program Files\AdmTask
2008-08-06 23:03 . 2008-08-06 23:04   <DIR>   d--------   C:\Program Files\Sleepy
2008-08-06 16:01 . 2008-08-21 21:59   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-08-06 00:52 . 2008-08-06 00:52   <DIR>   d--------   C:\Program Files\PhotoFiltre Studio
2008-08-06 00:52 . 2008-08-06 00:52   45   ---h-----   C:\WINDOWS\dsez2536.dat
2008-08-06 00:00 . 2008-08-06 00:00   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\AdobeUM
2008-08-05 18:16 . 2005-12-09 03:03   71,168   --a------   C:\WINDOWS\system32\E_FLBBEE.DLL
2008-08-05 18:16 . 2005-04-11 03:01   62,976   --a------   C:\WINDOWS\system32\E_FD4BBEE.DLL
2008-08-05 18:16 . 2004-09-10 22:12   49,152   --a------   C:\WINDOWS\system32\E_DCINST.DLL
2008-08-05 18:15 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-05 18:15 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-05 18:15 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-05 18:15 . 2004-08-03 23:01   25,856   --a--c---   C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-05 18:15 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-05 18:15 . 2004-08-03 22:58   15,104   --a--c---   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-05 18:12 . 2008-08-05 18:14   <DIR>   d--------   C:\Program Files\epson
2008-08-05 18:12 . 2005-02-25 00:00   46,080   --a------   C:\WINDOWS\system32\escimgd.dll
2008-08-05 18:12 . 2005-02-25 00:00   29,696   --a------   C:\WINDOWS\system32\escwiad.dll
2008-08-05 18:12 . 2005-02-25 00:00   22,016   --a------   C:\WINDOWS\system32\esccmd.dll
2008-08-05 15:55 . 2008-08-05 15:56   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Tibia
2008-08-05 15:16 . 2008-08-05 15:16   <DIR>   d--------   C:\Program Files\Microsoft.NET
2008-08-05 15:12 . 2008-08-05 15:13   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2008-08-05 15:11 . 2008-08-05 15:20   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-05 15:06 . 2008-08-05 15:06   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Ahead
2008-08-05 14:51 . 2008-08-30 13:10   <DIR>   d--------   C:\Documents and Settings\Marcin\Gadu-Gadu
2008-08-05 14:49 . 2008-08-28 09:38   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-08-05 14:48 . 2008-08-05 14:48   38   --a------   C:\WINDOWS\avisplitter.INI
2008-08-05 14:46 . 2008-08-05 14:46   <DIR>   d--------   C:\Program Files\K-Lite Codec Pack
2008-08-05 14:41 . 2008-08-05 14:41   <DIR>   d--------   C:\Program Files\MarBit
2008-08-05 14:39 . 2008-09-02 17:30   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2008-08-05 14:36 . 2008-09-01 00:13   <DIR>   d--------   C:\Program Files\Unlocker
2008-08-05 14:30 . 2008-08-05 14:30   0   --a------   C:\WINDOWS\nsreg.dat
2008-08-05 14:23 . 2008-08-05 14:23   <DIR>   d--------   C:\Program Files\DAEMON Tools
2008-08-05 14:19 . 2008-08-05 14:19   639,224   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-08-05 14:18 . 2008-08-05 14:18   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Lavasoft
2008-08-05 14:14 . 2008-08-05 16:28   <DIR>   d--------   C:\Program Files\Winamp
2008-08-05 14:14 . 2006-08-25 05:47   129,784   ---------   C:\WINDOWS\system32\pxafs.dll
2008-08-05 14:14 . 2006-08-25 05:47   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-08-05 14:14 . 2006-08-25 05:47   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-08-05 14:11 . 2008-08-05 14:11   <DIR>   d--------   C:\Program Files\Lavasoft
2008-08-05 13:52 . 2008-08-05 13:52   <DIR>   d--------   C:\Program Files\Nero
2008-08-05 13:52 . 2008-08-05 13:58   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-08-05 13:22 . 2005-07-13 16:37   260,608   --a------   C:\WINDOWS\system32\drivers\WlanUZXP.sys
2008-08-05 13:21 . 2005-06-17 10:27   379,456   --a------   C:\WINDOWS\system32\drivers\WlanUIG.sys
2008-08-05 13:21 . 2005-06-17 10:26   114,688   --a------   C:\WINDOWS\system32\WLANUTL.dll
2008-08-05 13:21 . 2005-06-17 10:26   61,440   --a------   C:\WINDOWS\system32\W32N50.dll
2008-08-05 12:47 . 2001-10-26 16:57   12,160   --a------   C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-05 12:47 . 2001-08-17 22:02   9,600   --a------   C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-05 12:22 . 2008-08-05 12:22   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-08-05 12:22 . 2008-09-03 09:33   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-08-05 12:22 . 2008-09-03 11:14   15,880,736   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-05 12:22 . 2008-09-03 11:14   349,984   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-05 12:22 . 2008-09-03 11:13   218,912   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-05 12:22 . 2008-08-06 18:56   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-08-05 12:22 . 2008-08-05 12:29   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-08-05 12:22 . 2008-09-03 11:13   36,944   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-05 12:15 . 2008-08-05 12:15   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-08-05 11:56 . 2004-08-20 11:05   3,072,054   --a------   C:\WINDOWS\TOSHIBA SATELLITE.bmp
2008-08-05 11:55 . 2008-08-05 11:55   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Intel
2008-08-05 11:55 . 2008-08-05 11:55   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Intel
2008-08-05 11:55 . 2008-08-05 11:55   21,275   --a------   C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-05 11:55 . 2008-08-05 11:55   0   -rahs----   C:\WINDOWS\system32\drivers\TOSHIBA_SATELLITE M100_04143-PL_PSMA1E-01W00.MRK
2008-08-05 11:54 . 2008-08-05 11:54   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-08-05 11:53 . 2008-08-05 20:14   <DIR>   d--------   C:\Documents and Settings\Marcin\WINDOWS
2008-08-05 11:53 . 2008-09-03 10:26   <DIR>   d--h-----   C:\Documents and Settings\Marcin\Ustawienia lokalne
2008-08-05 11:53 . 2008-08-05 11:56   <DIR>   dr-------   C:\Documents and Settings\Marcin\Ulubione
2008-08-05 11:53 . 2008-08-05 20:14   <DIR>   d--h-----   C:\Documents and Settings\Marcin\Szablony
2008-08-05 11:53 . 2008-09-03 11:12   <DIR>   d--------   C:\Documents and Settings\Marcin\Pulpit
2008-08-05 11:53 . 2008-09-01 21:29   <DIR>   dr-------   C:\Documents and Settings\Marcin\Moje dokumenty
2008-08-05 11:53 . 2008-08-05 14:49   <DIR>   dr-------   C:\Documents and Settings\Marcin\Menu Start
2008-08-05 11:53 . 2008-08-05 20:14   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\toshiba
2008-08-05 11:53 . 2008-08-05 20:14   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Sonic
2008-08-05 11:53 . 2008-08-05 20:14   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\ATI
2008-08-05 11:53 . 2008-08-27 20:52   <DIR>   dr-h-----   C:\Documents and Settings\Marcin\Dane aplikacji
2008-08-05 11:53 . 2008-08-21 14:37   <DIR>   d--------   C:\Documents and Settings\Marcin
2008-08-05 11:52 . 2008-08-05 20:14   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-08-05 11:52 . 2008-08-05 20:14   <DIR>   d--------   C:\Documents and Settings\Default User\WINDOWS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 18:55   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-05 18:27   ---------   d-----w   C:\Program Files\Usługi online
2008-08-05 18:26   ---------   d-----w   C:\Program Files\Sonic
2008-08-05 18:25   ---------   d-----w   C:\Program Files\Realtek
2008-08-05 18:25   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-08-05 18:25   ---------   d-----w   C:\Program Files\ltmoh
2008-08-05 18:22   ---------   d-----w   C:\Program Files\Common Files\Java
2008-08-05 18:22   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-08-05 18:22   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-08-05 18:21   ---------   d-----w   C:\Program Files\Apoint2K
2008-08-05 10:29   112,144   ----a-w   C:\WINDOWS\system32\drivers\kl1.sys
2008-08-05 10:14   ---------   d-----w   C:\Program Files\Toshiba
2008-08-05 10:11   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-08-05 10:11   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-08-05 09:55   ---------   d-----w   C:\Program Files\Intel
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 16:58 1716224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdmTask"="C:\Program Files\AdmTask\admtask.exe" [2002-05-06 10:26 20480]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ABYaLfoqcr"="C:\Documents and Settings\All Users\Dane aplikacji\ofmjwngx\gxkrglqf.exe" [2008-09-01 00:01 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"StrUtilAdm"= {6C9612A1-0E14-6FCB-B3DE-0554E4DCE40B} - C:\Program Files\xymyvkc\StrUtilAdm.dll [2008-09-01 00:01 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdmTask]
--a------ 2002-05-06 10:26 20480 C:\Program Files\AdmTask\admtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-03-24 07:40 196608 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 15:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
--a------ 2005-12-01 12:13 671744 C:\Program Files\Toshiba\E-KEY\CeEKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-10-06 06:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
--a------ 2004-05-01 14:45 28672 C:\Program Files\Toshiba\TOSHIBA Applet\HWSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2005-11-28 11:41 602182 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2005-12-05 12:37 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 2005-12-22 16:34 1077329 C:\Program Files\Toshiba\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
-ra------ 2007-05-28 10:14 528384 C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2004-05-01 14:45 65536 C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2005-04-12 13:04 65536 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
--a------ 2005-12-13 17:28 53248 C:\Program Files\Toshiba\TouchPad\TPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2005-11-30 13:25 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-04 03:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
--a------ 2005-12-05 15:50 28672 C:\WINDOWS\system32\TCtrlIOHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
--a------ 2005-12-27 14:06 73728 C:\WINDOWS\system32\TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2005-09-13 11:01 266240 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
--a------ 2005-06-06 10:58 24576 C:\WINDOWS\system32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"E:\\By$try\\Tibia\\Tibia.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28 24592]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-04-13 08:50 62984]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 08:50 83080]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-04-13 08:50 15112]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-04-13 08:50 108296]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-04-13 08:50 108424]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-04-13 08:50 90888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f5c784a-632b-11dd-8a4b-000fb0e580f3}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SmoothView - C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-TFncKy - TFncKy.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\9t6s0t5g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.wp.pl
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 11:15:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sleepy\service.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sleepy\monitor.exe
.
**************************************************************************
.
Completion time: 2008-09-03 11:20:15 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-03 09:20:04

Pre-Run: 3,935,395,840 bajtów wolnych
Post-Run: 4,026,884,096 bajt˘w wolnych

303


Help please

[djarta]

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\MSA.cpl
C:\WINDOWS\system32\1.ico

Folder::
C:\Program Files\xymyvkc
"C:\Documents and Settings\All Users\Dane aplikacji\ofmjwngx

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ABYaLfoqcr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"StrUtilAdm"=-


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.


Powinno się polepszyć.


==============================
K.

[Mac'Hashyk]

łap loga XD

Kod: Zaznacz wszystko

ComboFix 08-09-01.05 - Marcin 2008-09-03 17:17:42.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.630 [GMT 2:00]
Running from: C:\Documents and Settings\Marcin\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marcin\Pulpit\CFScript.txt.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dane aplikacji\ofmjwngx
C:\Documents and Settings\All Users\Dane aplikacji\ofmjwngx\gxkrglqf.exe
C:\Program Files\xymyvkc
C:\Program Files\xymyvkc\StrUtilAdm.dll
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\MSA.cpl
.
---- Previous Run -------
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0[/u].gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\5.exe
C:\WINDOWS\svchost.exe
E:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-08-03 to 2008-09-03  )))))))))))))))))))))))))))))))
.

2008-09-03 10:07 . 2008-09-03 10:07   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-27 20:59 . 2008-08-27 21:05   34   --a------   C:\WINDOWS\cdplayer.ini
2008-08-26 03:50 . 2008-08-26 03:50   <DIR>   d--------   C:\Downloads
2008-08-23 16:32 . 2008-08-23 16:32   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\TransRu2
2008-08-21 21:58 . 2008-08-21 21:58   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\InterVideo
2008-08-21 03:57 . 2008-08-21 03:57   <DIR>   d--------   C:\Program Files\DVD Shrink
2008-08-21 03:57 . 2008-08-21 03:57   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink
2008-08-20 23:14 . 2008-08-20 23:14   <DIR>   d--------   C:\Program Files\Ventrilo
2008-08-20 23:14 . 2008-08-20 23:16   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Ventrilo
2008-08-20 23:13 . 2008-08-20 23:13   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 22:47 . 2008-08-20 22:47   <DIR>   d--------   C:\Program Files\SlySoft
2008-08-20 22:45 . 2008-08-20 22:45   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Elaborate Bytes
2008-08-20 22:42 . 2008-08-20 22:42   <DIR>   d--------   C:\Program Files\Elaborate Bytes
2008-08-20 10:59 . 2008-08-20 11:01   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\BESTplayer
2008-08-18 23:22 . 2008-08-18 23:22   <DIR>   d--------   C:\Program Files\Borland
2008-08-16 21:53 . 2007-04-13 08:50   90,888   -ra------   C:\WINDOWS\system32\drivers\zebrsce.sys
2008-08-16 21:52 . 2007-04-13 08:50   108,424   -ra------   C:\WINDOWS\system32\drivers\zebrmdmc.sys
2008-08-16 21:52 . 2007-04-13 08:50   108,296   -ra------   C:\WINDOWS\system32\drivers\zebrmdm.sys
2008-08-16 21:52 . 2007-04-13 08:50   83,080   -ra------   C:\WINDOWS\system32\drivers\zebrbus.sys
2008-08-16 21:52 . 2007-04-13 08:50   15,112   -ra------   C:\WINDOWS\system32\drivers\zebrmdfl.sys
2008-08-16 21:52 . 2007-04-13 08:50   12,424   -ra------   C:\WINDOWS\system32\drivers\zebrcmnt.sys
2008-08-16 21:52 . 2007-04-13 08:50   12,424   -ra------   C:\WINDOWS\system32\drivers\zebrcm.sys
2008-08-16 20:57 . 2008-08-16 21:53   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Teleca
2008-08-16 20:56 . 2007-04-13 08:50   62,984   -ra------   C:\WINDOWS\system32\drivers\zebrceb.sys
2008-08-16 20:56 . 2007-04-13 08:50   12,424   -ra------   C:\WINDOWS\system32\drivers\zebrwhnt.sys
2008-08-16 20:56 . 2007-04-13 08:50   12,424   -ra------   C:\WINDOWS\system32\drivers\zebrwh.sys
2008-08-16 20:55 . 2008-08-16 20:55   <DIR>   d--------   C:\Program Files\Symbian
2008-08-16 20:55 . 2008-08-16 20:55   <DIR>   d--------   C:\Program Files\Intuwave
2008-08-16 20:55 . 2008-08-16 20:55   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Sony Ericsson
2008-08-16 20:55 . 2005-06-08 15:53   288   --a------   C:\WINDOWS\mrinstu.iss
2008-08-16 20:54 . 2008-08-16 20:54   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-08-16 20:54 . 2008-08-16 20:56   <DIR>   d--------   C:\Program Files\Sony Ericsson
2008-08-16 20:54 . 2008-08-16 20:54   <DIR>   d--------   C:\Program Files\Common Files\Teleca Shared
2008-08-16 20:54 . 2008-08-16 20:54   <DIR>   d--------   C:\Program Files\Common Files\Sony Ericsson Shared
2008-08-16 20:54 . 2008-08-16 20:54   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-08-16 20:54 . 2008-08-16 20:54   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-08-07 20:04 . 2008-08-10 12:02   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-07 01:55 . 2008-08-07 01:55   <DIR>   d--------   C:\Program Files\Real Alternative
2008-08-07 00:17 . 2008-08-07 00:17   20   --a------   C:\WINDOWS\naglos.INI
2008-08-06 23:04 . 2008-08-06 23:04   <DIR>   d--------   C:\Program Files\AdmTask
2008-08-06 23:03 . 2008-08-06 23:04   <DIR>   d--------   C:\Program Files\Sleepy
2008-08-06 16:01 . 2008-08-21 21:59   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-08-06 00:52 . 2008-08-06 00:52   <DIR>   d--------   C:\Program Files\PhotoFiltre Studio
2008-08-06 00:52 . 2008-08-06 00:52   45   ---h-----   C:\WINDOWS\dsez2536.dat
2008-08-06 00:00 . 2008-08-06 00:00   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\AdobeUM
2008-08-05 18:16 . 2005-12-09 03:03   71,168   --a------   C:\WINDOWS\system32\E_FLBBEE.DLL
2008-08-05 18:16 . 2005-04-11 03:01   62,976   --a------   C:\WINDOWS\system32\E_FD4BBEE.DLL
2008-08-05 18:16 . 2004-09-10 22:12   49,152   --a------   C:\WINDOWS\system32\E_DCINST.DLL
2008-08-05 18:15 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-05 18:15 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-05 18:15 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-05 18:15 . 2004-08-03 23:01   25,856   --a--c---   C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-05 18:15 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-05 18:15 . 2004-08-03 22:58   15,104   --a--c---   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-05 18:12 . 2008-08-05 18:14   <DIR>   d--------   C:\Program Files\epson
2008-08-05 18:12 . 2005-02-25 00:00   46,080   --a------   C:\WINDOWS\system32\escimgd.dll
2008-08-05 18:12 . 2005-02-25 00:00   29,696   --a------   C:\WINDOWS\system32\escwiad.dll
2008-08-05 18:12 . 2005-02-25 00:00   22,016   --a------   C:\WINDOWS\system32\esccmd.dll
2008-08-05 15:55 . 2008-08-05 15:56   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Tibia
2008-08-05 15:16 . 2008-08-05 15:16   <DIR>   d--------   C:\Program Files\Microsoft.NET
2008-08-05 15:12 . 2008-08-05 15:13   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2008-08-05 15:11 . 2008-08-05 15:20   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-05 15:06 . 2008-08-05 15:06   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Ahead
2008-08-05 14:51 . 2008-08-30 13:10   <DIR>   d--------   C:\Documents and Settings\Marcin\Gadu-Gadu
2008-08-05 14:49 . 2008-08-28 09:38   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-08-05 14:48 . 2008-08-05 14:48   38   --a------   C:\WINDOWS\avisplitter.INI
2008-08-05 14:46 . 2008-08-05 14:46   <DIR>   d--------   C:\Program Files\K-Lite Codec Pack
2008-08-05 14:41 . 2008-08-05 14:41   <DIR>   d--------   C:\Program Files\MarBit
2008-08-05 14:39 . 2008-09-02 17:30   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2008-08-05 14:36 . 2008-09-01 00:13   <DIR>   d--------   C:\Program Files\Unlocker
2008-08-05 14:30 . 2008-08-05 14:30   0   --a------   C:\WINDOWS\nsreg.dat
2008-08-05 14:23 . 2008-08-05 14:23   <DIR>   d--------   C:\Program Files\DAEMON Tools
2008-08-05 14:19 . 2008-08-05 14:19   639,224   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-08-05 14:18 . 2008-08-05 14:18   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Lavasoft
2008-08-05 14:14 . 2008-08-05 16:28   <DIR>   d--------   C:\Program Files\Winamp
2008-08-05 14:14 . 2006-08-25 05:47   129,784   ---------   C:\WINDOWS\system32\pxafs.dll
2008-08-05 14:14 . 2006-08-25 05:47   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-08-05 14:14 . 2006-08-25 05:47   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-08-05 14:11 . 2008-08-05 14:11   <DIR>   d--------   C:\Program Files\Lavasoft
2008-08-05 13:52 . 2008-08-05 13:52   <DIR>   d--------   C:\Program Files\Nero
2008-08-05 13:52 . 2008-08-05 13:58   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-08-05 13:22 . 2005-07-13 16:37   260,608   --a------   C:\WINDOWS\system32\drivers\WlanUZXP.sys
2008-08-05 13:21 . 2005-06-17 10:27   379,456   --a------   C:\WINDOWS\system32\drivers\WlanUIG.sys
2008-08-05 13:21 . 2005-06-17 10:26   114,688   --a------   C:\WINDOWS\system32\WLANUTL.dll
2008-08-05 13:21 . 2005-06-17 10:26   61,440   --a------   C:\WINDOWS\system32\W32N50.dll
2008-08-05 12:47 . 2001-10-26 16:57   12,160   --a------   C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-05 12:47 . 2001-08-17 22:02   9,600   --a------   C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-05 12:22 . 2008-08-05 12:22   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-08-05 12:22 . 2008-09-03 11:20   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-08-05 12:22 . 2008-09-03 17:30   16,092,192   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-05 12:22 . 2008-09-03 17:29   355,360   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-05 12:22 . 2008-09-03 11:13   218,912   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-05 12:22 . 2008-08-06 18:56   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-08-05 12:22 . 2008-08-05 12:29   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-08-05 12:22 . 2008-09-03 11:13   36,944   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-05 12:15 . 2008-08-05 12:15   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-08-05 11:56 . 2004-08-20 11:05   3,072,054   --a------   C:\WINDOWS\TOSHIBA SATELLITE.bmp
2008-08-05 11:55 . 2008-08-05 11:55   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Intel
2008-08-05 11:55 . 2008-08-05 11:55   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Intel
2008-08-05 11:55 . 2008-08-05 11:55   21,275   --a------   C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-05 11:55 . 2008-08-05 11:55   0   -rahs----   C:\WINDOWS\system32\drivers\TOSHIBA_SATELLITE M100_04143-PL_PSMA1E-01W00.MRK
2008-08-05 11:54 . 2008-08-05 11:54   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-08-05 11:53 . 2008-08-05 20:14   <DIR>   d--------   C:\Documents and Settings\Marcin\WINDOWS
2008-08-05 11:53 . 2008-09-03 17:28   <DIR>   d--h-----   C:\Documents and Settings\Marcin\Ustawienia lokalne
2008-08-05 11:53 . 2008-08-05 11:56   <DIR>   dr-------   C:\Documents and Settings\Marcin\Ulubione
2008-08-05 11:53 . 2008-08-05 20:14   <DIR>   d--h-----   C:\Documents and Settings\Marcin\Szablony
2008-08-05 11:53 . 2008-09-03 17:17   <DIR>   d--------   C:\Documents and Settings\Marcin\Pulpit
2008-08-05 11:53 . 2008-09-01 21:29   <DIR>   dr-------   C:\Documents and Settings\Marcin\Moje dokumenty
2008-08-05 11:53 . 2008-08-05 14:49   <DIR>   dr-------   C:\Documents and Settings\Marcin\Menu Start
2008-08-05 11:53 . 2008-08-05 20:14   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\toshiba
2008-08-05 11:53 . 2008-08-05 20:14   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\Sonic
2008-08-05 11:53 . 2008-08-05 20:14   <DIR>   d--------   C:\Documents and Settings\Marcin\Dane aplikacji\ATI
2008-08-05 11:53 . 2008-08-27 20:52   <DIR>   dr-h-----   C:\Documents and Settings\Marcin\Dane aplikacji
2008-08-05 11:53 . 2008-08-21 14:37   <DIR>   d--------   C:\Documents and Settings\Marcin
2008-08-05 11:52 . 2008-08-05 20:14   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-08-05 11:52 . 2008-08-05 20:14   <DIR>   d--------   C:\Documents and Settings\Default User\WINDOWS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 18:55   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-05 18:27   ---------   d-----w   C:\Program Files\Usługi online
2008-08-05 18:26   ---------   d-----w   C:\Program Files\Sonic
2008-08-05 18:25   ---------   d-----w   C:\Program Files\Realtek
2008-08-05 18:25   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-08-05 18:25   ---------   d-----w   C:\Program Files\ltmoh
2008-08-05 18:22   ---------   d-----w   C:\Program Files\Common Files\Java
2008-08-05 18:22   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-08-05 18:22   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-08-05 18:21   ---------   d-----w   C:\Program Files\Apoint2K
2008-08-05 10:29   112,144   ----a-w   C:\WINDOWS\system32\drivers\kl1.sys
2008-08-05 10:14   ---------   d-----w   C:\Program Files\Toshiba
2008-08-05 10:11   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-08-05 10:11   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-08-05 09:55   ---------   d-----w   C:\Program Files\Intel
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 1716224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdmTask"="C:\Program Files\AdmTask\admtask.exe" [2002-05-06 20480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdmTask]
--a------ 2002-05-06 10:26 20480 C:\Program Files\AdmTask\admtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-03-24 07:40 196608 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 15:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
--a------ 2005-12-01 12:13 671744 C:\Program Files\Toshiba\E-KEY\CeEKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-10-06 06:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
--a------ 2004-05-01 14:45 28672 C:\Program Files\Toshiba\TOSHIBA Applet\HWSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2005-11-28 11:41 602182 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2005-12-05 12:37 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 2005-12-22 16:34 1077329 C:\Program Files\Toshiba\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
-ra------ 2007-05-28 10:14 528384 C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-05-13 12:03 118784 C:\Program Files\Toshiba\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2004-05-01 14:45 65536 C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2005-04-12 13:04 65536 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
--a------ 2005-12-13 17:28 53248 C:\Program Files\Toshiba\TouchPad\TPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2005-11-30 13:25 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-04 03:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
--a------ 2005-12-05 15:50 28672 C:\WINDOWS\system32\TCtrlIOHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
--a------ 2005-12-27 14:06 73728 C:\WINDOWS\system32\TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2005-09-13 11:01 266240 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
--a------ 2005-06-06 10:58 24576 C:\WINDOWS\system32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"E:\\By$try\\Tibia\\Tibia.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-04-13 62984]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 83080]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-04-13 15112]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-04-13 108296]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-04-13 108424]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-04-13 90888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f5c784a-632b-11dd-8a4b-000fb0e580f3}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-@ - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 17:29:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-03 17:33:40
ComboFix-quarantined-files.txt  2008-09-03 15:33:34

Pre-Run: 3,887,796,224 bajtów wolnych
Post-Run: 3,912,585,216 bajtów wolnych

279


Na dobrą sprawę, to po zfixowaniu tych dwóch procesów jeszcze przed umieszczeniem tu loga z HJT i po przeskanowaniu Combofixem ten śmieć mi zniknął xD
Ale... Może coś jeszcze zostało

[djarta]

Ja nie widzę tu nic ciekawego.

Wykonaj to co jest podane w tym temacie (jeśli wykonałeś/łaś to wcześniej to nie rób tego).

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.



========================
K.