Wiosenne porządki-logi

[mateusz x man]

ComboFix 08-04-09.9 - Mateusz P 2008-04-10 16:18:45.26 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1564 [GMT 2:00]
Running from: D:\Programy\INSTALKI\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-09 21:12 . 2008-04-09 21:12 <DIR> d-------- C:\Program Files\QuickTime
2008-04-09 21:12 . 2008-04-09 21:12 <DIR> d-------- C:\Program Files\ImTOO
2008-04-09 18:45 . 2008-01-03 22:10 105,856 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-04-09 16:55 . 2007-03-23 19:19 9,715,200 --a------ C:\WINDOWS\RTLCPL.exe
2008-04-09 16:55 . 2007-11-20 18:15 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2008-04-09 16:55 . 2007-11-07 17:31 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2008-04-09 16:55 . 2006-08-18 06:58 282,624 --a------ C:\WINDOWS\system32\RTSndMgr.cpl
2008-04-09 16:55 . 2006-07-21 16:14 86,016 --a------ C:\WINDOWS\SoundMan.exe
2008-04-09 16:55 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-09 16:55 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-04-09 16:54 . 2008-04-09 18:45 <DIR> d-------- C:\Program Files\Realtek
2008-04-09 16:54 . 2008-02-13 14:31 16,857,600 --a------ C:\WINDOWS\RTHDCPL.exe
2008-04-09 16:54 . 2008-02-14 17:04 4,676,096 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-09 16:54 . 2006-05-04 16:26 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2008-04-09 16:54 . 2007-06-28 16:44 2,165,760 --a------ C:\WINDOWS\MicCal.exe
2008-04-09 16:54 . 2007-07-26 17:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-04-09 16:54 . 2005-09-21 10:25 299,008 --a------ C:\WINDOWS\system32\ALSndMgr.cpl
2008-04-09 16:54 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-04-09 16:42 . 2008-04-09 23:06 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Cool Record Edit Pro
2008-04-09 16:40 . 2008-04-09 16:41 <DIR> d-------- C:\Program Files\Free Sound Recorder
2008-04-09 00:31 . 2008-04-09 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-04-08 19:53 . 2008-04-10 00:55 <DIR> d-------- C:\Program Files\FotkaPRO
2008-04-04 00:58 . 2008-04-04 00:58 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Desktopicon
2008-04-02 21:38 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-02 21:38 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-04-02 21:38 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-02 21:38 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-04-02 17:16 . 2004-08-03 23:08 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-02 17:16 . 2004-08-03 23:08 57,600 --a--c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2008-04-02 17:15 . 2008-04-02 17:15 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-02 17:12 . 2008-04-09 16:55 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-04-02 05:38 . 2008-04-02 05:38 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-02 05:38 . 2008-04-02 05:38 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-02 05:36 . 2008-04-02 05:36 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-02 05:34 . 2008-04-02 05:34 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-04-02 05:34 . 2007-12-12 15:56 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-03-29 01:47 . 2008-03-29 01:47 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Media Player Classic
2008-03-29 01:46 . 2008-03-29 01:46 <DIR> d-------- C:\Program Files\Real Alternative
2008-03-28 00:49 . 2008-03-28 00:49 140,288 --a------ C:\WINDOWS\~GLC0000.TMP
2008-03-26 19:19 . 2008-03-26 19:19 <DIR> d-------- C:\Program Files\Avanquest update
2008-03-26 19:16 . 2008-03-26 19:16 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 14:10 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-04-09 21:25 --------- d-----w C:\Program Files\Unlocker
2008-04-09 21:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-09 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 14:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 11:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-03 18:46 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 22:49 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP
2008-03-27 22:48 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-25 21:50 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-29 14:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 01:29 --------- d-----w C:\Program Files\Winamp
2008-02-16 21:44 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-15 21:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-02-15 18:12 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-15 17:44 --------- d-----w C:\Program Files\Deluxe Ski Jump 3
2008-02-15 16:32 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-15 16:32 --------- d-----w C:\Program Files\RALINK
2008-02-15 16:28 --------- d-----w C:\Program Files\ESET
2008-02-15 16:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-02-15 16:19 --------- d-----w C:\Documents and Settings\Mateusz P\Dane aplikacji\Moyea
2008-01-26 17:38 2,276,864 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-01-22 11:54 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 22:51 1410304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18712:TCP"= 18712:TCP:BitComet 18712 TCP
"18712:UDP"= 18712:UDP:BitComet 18712 UDP
"80:TCP"= 80:TCP:BitComet 80 TCP
"80:UDP"= 80:UDP:BitComet 80 UDP
"9039:TCP"= 9039:TCP:BitComet 9039 TCP
"9039:UDP"= 9039:UDP:BitComet 9039 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 22:52]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-12-20 22:47]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S2 AVKProxy;G DATA AntiVirus Proxy;"C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe" []
S2 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe []
S2 AVKWCtl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe []
S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-12-20 22:47]
S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-12-20 22:47]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-15 20:12]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]
S4 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e29ac05-9a15-11dc-9035-cb0cd1d44cd0}]
\Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
\Shell\configure\command - F:\SETUP.EXE
\Shell\install\command - F:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 15:15:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-04-08 12:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 16:19:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\MATEUS~1\USTAWI~1\Temp\ASFWHide"
.
Completion time: 2008-04-10 16:20:01
ComboFix-quarantined-files.txt 2008-04-10 14:19:56
Pre-Run: 42,094,661,632 bajtów wolnych
Post-Run: 42,081,935,360 bajtów wolnych
.
2008-04-09 14:16:53 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21, on 2008-04-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WapSter\AQQ\AQQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - Unknown owner - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (file missing)
O23 - Service: G DATA Scheduler (AVKService) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe (file missing)
O23 - Service: Strażnik AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4941 bytes

[huber2t]

Logi czyste

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

[mateusz x man]

ComboFix 08-04-09.9 - Mateusz P 2008-04-10 17:29:01.27 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1571 [GMT 2:00]
Running from: D:\Programy\INSTALKI\ComboFix.exe
Command switches used :: D:\Programy\INSTALKI\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-09 21:12 . 2008-04-09 21:12 <DIR> d-------- C:\Program Files\QuickTime
2008-04-09 21:12 . 2008-04-09 21:12 <DIR> d-------- C:\Program Files\ImTOO
2008-04-09 18:45 . 2008-01-03 22:10 105,856 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-04-09 16:55 . 2007-03-23 19:19 9,715,200 --a------ C:\WINDOWS\RTLCPL.exe
2008-04-09 16:55 . 2007-11-20 18:15 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2008-04-09 16:55 . 2007-11-07 17:31 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2008-04-09 16:55 . 2006-08-18 06:58 282,624 --a------ C:\WINDOWS\system32\RTSndMgr.cpl
2008-04-09 16:55 . 2006-07-21 16:14 86,016 --a------ C:\WINDOWS\SoundMan.exe
2008-04-09 16:55 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-09 16:55 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-04-09 16:54 . 2008-04-09 18:45 <DIR> d-------- C:\Program Files\Realtek
2008-04-09 16:54 . 2008-02-13 14:31 16,857,600 --a------ C:\WINDOWS\RTHDCPL.exe
2008-04-09 16:54 . 2008-02-14 17:04 4,676,096 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-09 16:54 . 2006-05-04 16:26 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2008-04-09 16:54 . 2007-06-28 16:44 2,165,760 --a------ C:\WINDOWS\MicCal.exe
2008-04-09 16:54 . 2007-07-26 17:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-04-09 16:54 . 2005-09-21 10:25 299,008 --a------ C:\WINDOWS\system32\ALSndMgr.cpl
2008-04-09 16:54 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-04-09 16:42 . 2008-04-09 23:06 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Cool Record Edit Pro
2008-04-09 16:40 . 2008-04-09 16:41 <DIR> d-------- C:\Program Files\Free Sound Recorder
2008-04-09 00:31 . 2008-04-09 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-04-08 19:53 . 2008-04-10 00:55 <DIR> d-------- C:\Program Files\FotkaPRO
2008-04-04 00:58 . 2008-04-04 00:58 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Desktopicon
2008-04-02 21:38 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-02 21:38 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys
2008-04-02 21:38 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-02 21:38 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-04-02 17:16 . 2004-08-03 23:08 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-02 17:16 . 2004-08-03 23:08 57,600 --a--c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2008-04-02 17:15 . 2008-04-02 17:15 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-02 17:12 . 2008-04-09 16:55 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-04-02 05:38 . 2008-04-02 05:38 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-02 05:38 . 2008-04-02 05:38 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-02 05:36 . 2008-04-02 05:36 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-02 05:34 . 2008-04-02 05:34 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-04-02 05:34 . 2007-12-12 15:56 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-03-29 01:47 . 2008-03-29 01:47 <DIR> d-------- C:\Documents and Settings\Mateusz P\Dane aplikacji\Media Player Classic
2008-03-29 01:46 . 2008-03-29 01:46 <DIR> d-------- C:\Program Files\Real Alternative
2008-03-28 00:49 . 2008-03-28 00:49 140,288 --a------ C:\WINDOWS\~GLC0000.TMP
2008-03-26 19:19 . 2008-03-26 19:19 <DIR> d-------- C:\Program Files\Avanquest update
2008-03-26 19:16 . 2008-03-26 19:16 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 15:26 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-04-09 21:25 --------- d-----w C:\Program Files\Unlocker
2008-04-09 21:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-09 14:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 14:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 11:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-03 18:46 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 22:49 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP
2008-03-27 22:48 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-25 21:50 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-29 14:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 01:29 --------- d-----w C:\Program Files\Winamp
2008-02-16 21:44 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-15 21:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-02-15 18:12 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-15 17:44 --------- d-----w C:\Program Files\Deluxe Ski Jump 3
2008-02-15 16:32 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-15 16:32 --------- d-----w C:\Program Files\RALINK
2008-02-15 16:28 --------- d-----w C:\Program Files\ESET
2008-02-15 16:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-02-15 16:19 --------- d-----w C:\Documents and Settings\Mateusz P\Dane aplikacji\Moyea
2008-01-26 17:38 2,276,864 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-01-22 11:54 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-10_16.19.51.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-10 14:19:40 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-10 15:30:14 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtek HD Audio Control Panel"="C:\WINDOWS\RTHDCPL.exe" [2008-02-13 14:31 16857600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 22:51 1410304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18712:TCP"= 18712:TCP:BitComet 18712 TCP
"18712:UDP"= 18712:UDP:BitComet 18712 UDP
"80:TCP"= 80:TCP:BitComet 80 TCP
"80:UDP"= 80:UDP:BitComet 80 UDP
"9039:TCP"= 9039:TCP:BitComet 9039 TCP
"9039:UDP"= 9039:UDP:BitComet 9039 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 22:52]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-12-20 22:47]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S2 AVKProxy;G DATA AntiVirus Proxy;"C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe" []
S2 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe []
S2 AVKWCtl;Strażnik AntiVirus;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe []
S3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2007-12-20 22:47]
S3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2007-12-20 22:47]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-15 20:12]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]
S4 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e29ac05-9a15-11dc-9035-cb0cd1d44cd0}]
\Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
\Shell\configure\command - F:\SETUP.EXE
\Shell\install\command - F:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 15:15:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-04-08 12:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 17:30:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\MATEUS~1\USTAWI~1\Temp\ASFWHide"
.
Completion time: 2008-04-10 17:30:39
ComboFix-quarantined-files.txt 2008-04-10 15:30:34
ComboFix2.txt 2008-04-10 14:20:01
Pre-Run: 42,066,550,784 bajtów wolnych
Post-Run: 42,052,632,576 bajtów wolnych
.
2008-04-09 14:16:53 --- E O F ---

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\~GLC0000.TMP


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox


otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

zapisz jako typ wszystkie pliki i pod nazwą plik.reg

Uruchom ten plik, uruchom ponownie komputer