Z 7.2Mb mam 200pare kb + 3 wirusy ktorych ESET nie usunie


(Roznow11) #1

ComboFix 09-02-02.03 - ADAM 2009-02-02 23:17:55.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1045.18.2047.1064 [GMT 1:00]

Running from: c:\documents and settings\ADAM\Pulpit\ComboFix.exe

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)

FW: Zapora osobista *enabled*

* Created a new restore point

* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))))

.

2009-02-02 21:24 . 2009-02-02 21:24

2009-02-01 13:48 . 2009-02-01 13:48

2009-01-31 12:53 . 2009-01-31 12:54

2009-01-27 20:32 . 2009-01-31 09:18

2009-01-27 20:32 . 2009-01-31 09:26

2009-01-24 17:32 . 2009-01-24 17:32

2009-01-23 07:53 . 2009-01-23 07:53

2009-01-18 22:16 . 2008-03-03 15:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg

2009-01-18 22:16 . 2008-03-03 19:21 568 --ah----- c:\windows\nod32fixtemdono.reg

2009-01-18 22:15 . 2009-01-18 22:15

2009-01-17 16:12 . 2009-01-24 18:18

2009-01-17 15:57 . 2009-01-17 16:04

2009-01-17 15:41 . 2009-02-01 13:02

2009-01-17 09:47 . 2009-01-17 09:47

2009-01-16 21:20 . 2009-01-26 23:07

2009-01-16 21:15 . 2009-01-16 21:15

2009-01-16 21:15 . 2009-01-16 21:15

2009-01-16 21:15 . 2009-01-16 21:15

2009-01-14 18:08 . 2009-01-14 18:08 118 --a------ c:\windows\system32\MRT.INI

2009-01-14 10:54 . 2009-01-14 10:54

2009-01-11 20:10 . 2009-02-02 16:01

2009-01-11 20:10 . 2009-01-11 20:10 56 --ah----- c:\windows\system32\ezsidmv.dat

2009-01-11 20:04 . 2009-02-02 21:44

2009-01-11 20:03 . 2009-01-11 20:03

2009-01-11 20:03 . 2009-01-11 20:03

2009-01-11 20:03 . 2009-01-11 20:03

2009-01-11 19:16 . 2008-04-14 18:20 159,232 --a------ c:\windows\system32\ptpusd.dll

2009-01-11 19:16 . 2001-10-26 18:29 5,632 --a------ c:\windows\system32\ptpusb.dll

2009-01-11 19:08 . 2009-01-11 19:08

2009-01-11 19:08 . 2009-01-11 19:08

2009-01-11 17:45 . 2009-01-11 17:46

2009-01-09 22:15 . 2009-01-09 22:15

2009-01-09 21:42 . 2006-07-22 08:40 143,360 --a------ c:\windows\system32\RtlCPAPI.dll

2009-01-09 21:42 . 2006-08-01 16:02 49,152 --a------ c:\windows\system32\ChCfg.exe

2009-01-09 21:36 . 2009-01-09 21:36

2009-01-09 21:36 . 2005-04-16 23:20 487,424 --a------ c:\windows\RtlExUpd.dll

2009-01-09 19:42 . 2009-01-09 19:43

2009-01-09 15:35 . 2006-03-29 18:36 133,632 -ra------ c:\windows\system32\drivers\m3aux.sys

2009-01-09 15:32 . 2006-04-06 14:58 2,633,728 -ra------ c:\windows\system32\w39MLRes.dll

2009-01-09 15:32 . 2006-04-03 20:17 1,429,632 -ra------ c:\windows\system32\drivers\w39n51.sys

2009-01-09 15:32 . 2006-04-06 14:58 491,520 -ra------ c:\windows\system32\w39NCPA.dll

2009-01-09 15:08 . 2009-01-09 15:08

2009-01-09 15:07 . 2009-02-01 13:05

2009-01-09 15:07 . 2009-01-09 15:08

2009-01-09 15:07 . 2008-03-05 18:11

2009-01-09 15:07 . 2009-02-02 21:37

2009-01-09 15:07 . 2009-01-17 19:14

2009-01-09 15:07 . 2009-01-11 17:45

2009-01-09 15:07 . 2009-01-30 23:07

2009-01-09 15:07 . 2009-02-02 15:59

2009-01-09 15:05 . 2008-10-03 11:04 247,326 --------- c:\windows\system32\dllcache\strmdll.dll

2009-01-05 21:07 . 2009-01-05 21:07

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-29 17:11 --------- d-----w c:\program files\iTunes

2009-01-26 19:48 --------- d-----w c:\program files\DAEMON Tools Pro

2009-01-18 21:13 --------- d-----w c:\program files\ESET

2009-01-17 15:12 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-14 17:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-01-09 20:36 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-09 14:23 --------- d-----w c:\program files\MegaSpoof

2009-01-09 14:21 --------- d-----w c:\program files\Photomatix

2009-01-09 14:16 --------- d-----w c:\program files\IrfanView

2008-12-13 06:28 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="c:\windows\ATK0100\HControl.exe" [2007-10-17 110592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-17 7561216]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-17 86016]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]

"nwiz"="nwiz.exe" [2006-03-17 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 c:\windows\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-06-04 786432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"c:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"=

"c:\Program Files\Gadu-Gadu\gg.exe"=

"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=

"c:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=

"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

"c:\WINDOWS\system32\dpvsetup.exe"=

"c:\Program Files\iTunes\iTunes.exe"=

"c:\Program Files\Skype\Phone\Skype.exe"=

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]

R2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 196704]

R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-02-18 106624]

R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-02-08 59648]

R3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-03-30 8064]

R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2008-03-05 841110]

R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-03-05 8278]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]

S3 CM1063264;C-Media CM106 Like Sound UDAX Interface;c:\windows\system32\drivers\CM106.sys [2008-03-06 1306112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{26f0c2b6-e221-11dd-ae5c-0018de78c2d1}]

\Shell\AutoRun\command - G:\setup.exe AUTORUN=1

.

Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job

  • c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-01-19 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

  • c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:42]

2008-03-05 c:\windows\Tasks\Uniblue SpeedUpMyPC.job

  • c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:42]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

FF - ProfilePath - c:\documents and settings\ADAM\Dane aplikacji\Mozilla\Firefox\Profiles\t0odubdm.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://pl.start2.mozilla.com/firefox?cl ... l:official

FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-02 23:19:05

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{33455A87-EC18-3D7A-3D7249C0BA41BFCD}{E1E7777D-A2E0-3590-68879D33FAB4B890}{0DF25B16-A097-561D-C33793AF098BCDB4}*]

"JWOYTVPITEDJCHYUGDR5XL6BSC1"=hex:01,00,01,00,00,00,00,00,b1,dc,8a,ef,e5,23,43,

80,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{C19175F0-6343-C058-D551EA9B69721CA5}{44B8D0A6-F0B8-27D0-3AB262946B96BF2A}{D0951FF3-5F85-5129-204F105C4943049E}*]

"JWOYTVPITEDJCHYUGDR5XL6BSC1"=hex:01,00,01,00,00,00,00,00,b1,dc,8a,ef,e5,23,43,

80,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{E4568B1F-886D-9AB5-1E4B01E7F0FA32FF}{B2981650-D0BF-E14F-9D9AB95C0FC2939B}{CDC4F2F4-402E-87A1-4EFD68E3BEB8F4B3}*]

"JWOYTVPITEDJCHYUGDR5XL6BSC1"=hex:01,00,01,00,00,00,00,00,b1,dc,8a,ef,e5,23,43,

80,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

Completion time: 2009-02-02 23:20:13

ComboFix-quarantined-files.txt 2009-02-02 22:20:11

Pre-Run: 12 133 429 248 bajtów wolnych

Post-Run: 12,122,288,128 bajtów wolnych

185 --- E O F --- 2009-01-14 17:10:24


(huber2t) #2

W logu nic nie widzę

usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.

Przeczyść system Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum