Wštki
mateusz x man - Czw Kwi 10, 2008 2:22 pm
ComboFix 08-04-09.9 - Mateusz P 2008-04-10 16:18:45.26 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1564 [GMT 2:00]
Running from: D:\Programy\INSTALKI\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.
2008-04-09 21:12 . 2008-04-09 21:12 <DIR> d-------- C:\Program Files\QuickTime
2008-04-09 21:12 . 2008-04-09 21:12 <DIR> d-------- C:\Program Files\ImTOO
2008-04-09 18:45 . 2008-01-03 22:10 105,856 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-04-09 16:55 . 2007-03-23 19:19 9,715,200 --a------ C:\WINDOWS\RTLCPL.exe
2008-04-09 16:55 . 2007-11-20 18:15 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2008-04-09 16:55 . 2007-11-07 17:31 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2008-04-09 16:55 . 2006-08-18 06:58 282,624 --a------ C:\WINDOWS\system32\RTSndMgr.cpl
2008-04-09 16:55 . 2006-07-21 16:14 86,016 --a------ C:\WINDOWS\SoundMan.exe
2008-04-09 16:55 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-09 16:55 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-04-09 16:54 . 2008-04-09 18:45 <DIR> d-------- C:\Program Files\Realtek
2008-04-09 16:54 . 2008-02-13 14:31 16,857,600 --a------ C:\WINDOWS\RTHDCPL.exe
2008-04-09 16:54 . 2008-02-14 17:04 4,676,096 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-09 16:54 . 2006-05-04 16:26 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2008-04-09 16:54 . 2007-06-28 16:44 2,165,760 --a------ C:\WINDOWS\MicCal.exe
2008-04-09 16:54 . 2007-07-26 17:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-04-09 16:54 . 2005-09-21 10:25 299,008 --a------ C:\WINDOWS\system32\ALSndMgr.cpl
2008-04-09 16:54 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-04-09 16:42 . 2008-04-09 23:06 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Cool Record Edit Pro
2008-04-09 16:40 . 2008-04-09 16:41 <DIR> d-------- C:\Program Files\Free Sound Recorder
2008-04-09 00:31 . 2008-04-09 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-04-08 19:53 . 2008-04-10 00:55 <DIR> d-------- C:\Program Files\FotkaPRO
2008-04-04 00:58 . 2008-04-04 00:58 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Desktopicon
2008-04-02 21:38 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-02 21:38 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-04-02 21:38 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-02 21:38 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-04-02 17:16 . 2004-08-03 23:08 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-02 17:16 . 2004-08-03 23:08 57,600 --a--c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2008-04-02 17:15 . 2008-04-02 17:15 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-02 17:12 . 2008-04-09 16:55 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-04-02 05:38 . 2008-04-02 05:38 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-02 05:38 . 2008-04-02 05:38 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-02 05:36 . 2008-04-02 05:36 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-02 05:34 . 2008-04-02 05:34 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-04-02 05:34 . 2007-12-12 15:56 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-03-29 01:47 . 2008-03-29 01:47 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Media Player Classic
2008-03-29 01:46 . 2008-03-29 01:46 <DIR> d-------- C:\Program Files\Real Alternative
2008-03-28 00:49 . 2008-03-28 00:49 140,288 --a------ C:\WINDOWS\~GLC0000.TMP
2008-03-26 19:19 . 2008-03-26 19:19 <DIR> d-------- C:\Program Files\Avanquest update
2008-03-26 19:16 . 2008-03-26 19:16 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 14:10 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-04-09 21:25 --------- d-----w C:\Program Files\Unlocker
2008-04-09 21:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-09 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 14:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 11:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-03 18:46 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 22:49 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP
2008-03-27 22:48 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-25 21:50 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-29 14:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 01:29 --------- d-----w C:\Program Files\Winamp
2008-02-16 21:44 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-15 21:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-02-15 18:12 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-15 17:44 --------- d-----w C:\Program Files\Deluxe Ski Jump 3
2008-02-15 16:32 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-15 16:32 --------- d-----w C:\Program Files\RALINK
2008-02-15 16:28 --------- d-----w C:\Program Files\ESET
2008-02-15 16:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-02-15 16:19 --------- d-----w C:\Documents and Settings\Mateusz P\Dane aplikacji\Moyea
2008-01-26 17:38 2,276,864 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-01-22 11:54 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 22:51 1410304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18712:TCP"= 18712:TCP:BitComet 18712 TCP
"18712:UDP"= 18712:UDP:BitComet 18712 UDP
"80:TCP"= 80:TCP:BitComet 80 TCP
"80:UDP"= 80:UDP:BitComet 80 UDP
"9039:TCP"= 9039:TCP:BitComet 9039 TCP
"9039:UDP"= 9039:UDP:BitComet 9039 UDP
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 22:52]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-12-20 22:47]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S2 AVKProxy;G DATA AntiVirus Proxy;"C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe" []
S2 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe []
S2 AVKWCtl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe []
S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-12-20 22:47]
S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-12-20 22:47]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-15 20:12]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]
S4 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e29ac05-9a15-11dc-9035-cb0cd1d44cd0}]
\Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
\Shell\configure\command - F:\SETUP.EXE
\Shell\install\command - F:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 15:15:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-04-08 12:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 16:19:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\MATEUS~1\USTAWI~1\Temp\ASFWHide"
.
Completion time: 2008-04-10 16:20:01
ComboFix-quarantined-files.txt 2008-04-10 14:19:56
Pre-Run: 42,094,661,632 bajtów wolnych
Post-Run: 42,081,935,360 bajtów wolnych
.
2008-04-09 14:16:53 --- E O F ---
huber2t - Czw Kwi 10, 2008 2:29 pm
Logi czyste
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Kod: Zaznacz wszystkoRegistry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Plik
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
mateusz x man - Czw Kwi 10, 2008 3:33 pm
ComboFix 08-04-09.9 - Mateusz P 2008-04-10 17:29:01.27 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1571 [GMT 2:00]
Running from: D:\Programy\INSTALKI\ComboFix.exe
Command switches used :: D:\Programy\INSTALKI\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.
2008-04-09 21:12 . 2008-04-09 21:12 <DIR> d-------- C:\Program Files\QuickTime
2008-04-09 21:12 . 2008-04-09 21:12 <DIR> d-------- C:\Program Files\ImTOO
2008-04-09 18:45 . 2008-01-03 22:10 105,856 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-04-09 16:55 . 2007-03-23 19:19 9,715,200 --a------ C:\WINDOWS\RTLCPL.exe
2008-04-09 16:55 . 2007-11-20 18:15 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2008-04-09 16:55 . 2007-11-07 17:31 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2008-04-09 16:55 . 2006-08-18 06:58 282,624 --a------ C:\WINDOWS\system32\RTSndMgr.cpl
2008-04-09 16:55 . 2006-07-21 16:14 86,016 --a------ C:\WINDOWS\SoundMan.exe
2008-04-09 16:55 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-09 16:55 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-04-09 16:54 . 2008-04-09 18:45 <DIR> d-------- C:\Program Files\Realtek
2008-04-09 16:54 . 2008-02-13 14:31 16,857,600 --a------ C:\WINDOWS\RTHDCPL.exe
2008-04-09 16:54 . 2008-02-14 17:04 4,676,096 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-09 16:54 . 2006-05-04 16:26 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2008-04-09 16:54 . 2007-06-28 16:44 2,165,760 --a------ C:\WINDOWS\MicCal.exe
2008-04-09 16:54 . 2007-07-26 17:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-04-09 16:54 . 2005-09-21 10:25 299,008 --a------ C:\WINDOWS\system32\ALSndMgr.cpl
2008-04-09 16:54 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-04-09 16:42 . 2008-04-09 23:06 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Cool Record Edit Pro
2008-04-09 16:40 . 2008-04-09 16:41 <DIR> d-------- C:\Program Files\Free Sound Recorder
2008-04-09 00:31 . 2008-04-09 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-04-08 19:53 . 2008-04-10 00:55 <DIR> d-------- C:\Program Files\FotkaPRO
2008-04-04 00:58 . 2008-04-04 00:58 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Desktopicon
2008-04-02 21:38 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-02 21:38 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-04-02 21:38 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-02 21:38 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-04-02 17:16 . 2004-08-03 23:08 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-02 17:16 . 2004-08-03 23:08 57,600 --a--c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2008-04-02 17:15 . 2008-04-02 17:15 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-02 17:12 . 2008-04-09 16:55 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-04-02 05:38 . 2008-04-02 05:38 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-02 05:38 . 2008-04-02 05:38 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-02 05:36 . 2008-04-02 05:36 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-02 05:34 . 2008-04-02 05:34 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-04-02 05:34 . 2007-12-12 15:56 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-03-29 01:47 . 2008-03-29 01:47 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Media Player Classic
2008-03-29 01:46 . 2008-03-29 01:46 <DIR> d-------- C:\Program Files\Real Alternative
2008-03-28 00:49 . 2008-03-28 00:49 140,288 --a------ C:\WINDOWS\~GLC0000.TMP
2008-03-26 19:19 . 2008-03-26 19:19 <DIR> d-------- C:\Program Files\Avanquest update
2008-03-26 19:16 . 2008-03-26 19:16 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 15:26 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-04-09 21:25 --------- d-----w C:\Program Files\Unlocker
2008-04-09 21:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-09 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 14:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 11:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-03 18:46 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 22:49 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP
2008-03-27 22:48 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-25 21:50 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-29 14:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 01:29 --------- d-----w C:\Program Files\Winamp
2008-02-16 21:44 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-15 21:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-02-15 18:12 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-15 17:44 --------- d-----w C:\Program Files\Deluxe Ski Jump 3
2008-02-15 16:32 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-15 16:32 --------- d-----w C:\Program Files\RALINK
2008-02-15 16:28 --------- d-----w C:\Program Files\ESET
2008-02-15 16:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-02-15 16:19 --------- d-----w C:\Documents and Settings\Mateusz P\Dane aplikacji\Moyea
2008-01-26 17:38 2,276,864 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-01-22 11:54 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-04-10_16.19.51.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-10 14:19:40 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-10 15:30:14 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtek HD Audio Control Panel"="C:\WINDOWS\RTHDCPL.exe" [2008-02-13 14:31 16857600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 22:51 1410304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18712:TCP"= 18712:TCP:BitComet 18712 TCP
"18712:UDP"= 18712:UDP:BitComet 18712 UDP
"80:TCP"= 80:TCP:BitComet 80 TCP
"80:UDP"= 80:UDP:BitComet 80 UDP
"9039:TCP"= 9039:TCP:BitComet 9039 TCP
"9039:UDP"= 9039:UDP:BitComet 9039 UDP
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 22:52]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-12-20 22:47]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S2 AVKProxy;G DATA AntiVirus Proxy;"C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe" []
S2 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe []
S2 AVKWCtl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe []
S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-12-20 22:47]
S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-12-20 22:47]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-15 20:12]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]
S4 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e29ac05-9a15-11dc-9035-cb0cd1d44cd0}]
\Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
\Shell\configure\command - F:\SETUP.EXE
\Shell\install\command - F:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 15:15:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-04-08 12:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 17:30:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\MATEUS~1\USTAWI~1\Temp\ASFWHide"
.
Completion time: 2008-04-10 17:30:39
ComboFix-quarantined-files.txt 2008-04-10 15:30:34
ComboFix2.txt 2008-04-10 14:20:01
Pre-Run: 42,066,550,784 bajtów wolnych
Post-Run: 42,052,632,576 bajtów wolnych
.
2008-04-09 14:16:53 --- E O F ---
huber2t - Czw Kwi 10, 2008 4:59 pm
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Kod: Zaznacz wszystkoFile::
C:\WINDOWS\~GLC0000.TMP
Plik
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
otwórz notatnik i wklej
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]