nath1453 utworzono 23 sierpnia 2009 utworzono 23 sierpnia 2009 Witam proszę o sprawdzenie mojego loga z Combofix.. Log do sprawdzenia ComboFix 09-08-22.06 - Bartek 2009-08-23 14:24.1.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.3070.2171 [GMT 2:00] Uruchomiony z: c:\users\Bartek\Desktop\ComboFix.exe AV: BitDefender Antywirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Zapora Sieciowa *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} SP: BitDefender Antyspyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-189434787-129872340-3242204373-500 c:\users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ikowin32.exe c:\users\Bartek\AppData\Roaming\wiaserva.log c:\users\Bartek\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\Installer\WMEncoder.msi c:\windows\system32\share.exe c:\windows\system32\WINSPOOL.EXE c:\windows\system32\xvid-uninstall.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-07-23 do 2009-08-23 ))))))))))))))))))))))))))))))) . 2009-08-23 12:33 . 2009-08-23 12:33 -------- d-----w- c:\users\Bartek\AppData\Local\temp 2009-08-23 12:33 . 2009-08-23 12:33 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2009-08-23 12:33 . 2009-08-23 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-08-23 11:43 . 2009-08-23 11:43 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-08-23 11:43 . 2009-08-23 11:43 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-08-23 11:43 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll 2009-08-23 11:43 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll 2009-08-23 10:24 . 2009-08-23 10:37 -------- d--h--w- C:\$AVG8.VAULT$ 2009-08-23 09:52 . 2009-07-24 07:55 1090816 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll 2009-08-23 09:52 . 2009-08-23 09:52 -------- d-----w- c:\users\Bartek\AppData\Local\AVG Security Toolbar 2009-08-23 09:50 . 2009-08-23 09:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-23 09:50 . 2009-08-23 09:50 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-23 09:50 . 2009-08-23 09:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-23 09:50 . 2009-08-23 09:54 -------- d-----w- c:\windows\system32\drivers\Avg 2009-08-23 09:50 . 2009-08-23 09:52 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-08-23 09:49 . 2009-08-23 09:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-08-23 09:49 . 2009-08-23 09:49 -------- d-----w- c:\program files\AVG 2009-08-23 09:49 . 2009-08-23 09:49 -------- d-----w- c:\programdata\avg8 2009-08-12 11:06 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 11:06 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 11:06 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-12 11:06 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-12 11:05 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-12 11:05 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-12 11:05 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-12 11:05 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-03 08:13 . 2009-08-07 14:10 -------- d-----w- c:\users\Bartek\AppData\Local\Microsoft Games 2009-08-02 21:58 . 2003-03-10 22:12 59632 ----a-w- c:\windows\system32\drivers\qcusbser.sys 2009-08-02 21:56 . 2003-03-10 22:12 59632 ----a-w- c:\windows\system32\drivers\qcusbmdm.sys 2009-07-29 11:48 . 2009-07-29 11:48 -------- d-----w- c:\users\Bartek\AppData\Roaming\Ahead 2009-07-29 11:47 . 2007-04-20 00:27 364544 ----a-w- c:\windows\system32\TwnLib4.dll 2009-07-29 11:47 . 2007-04-20 00:27 476320 ----a-w- c:\windows\system32\imagXpr7.dll 2009-07-29 11:47 . 2007-04-20 00:27 471040 ----a-w- c:\windows\system32\imagXRA7.dll 2009-07-29 11:47 . 2007-04-20 00:27 262144 ----a-w- c:\windows\system32\imagXR7.dll 2009-07-29 11:47 . 2007-04-20 00:27 1568768 ----a-w- c:\windows\system32\imagX7.dll 2009-07-29 11:47 . 2009-07-29 11:47 -------- d-----w- c:\program files\Common Files\Ahead 2009-07-29 11:47 . 2009-07-29 11:47 -------- d-----w- c:\program files\Nero 2009-07-29 11:40 . 2009-07-29 11:40 -------- d-----w- c:\windows\Nero Lite 9.2.6 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-23 12:27 . 2006-12-05 05:22 662112 ----a-w- c:\windows\system32\perfh015.dat 2009-08-23 12:27 . 2006-12-05 05:22 126908 ----a-w- c:\windows\system32\perfc015.dat 2009-08-23 11:42 . 2009-06-28 09:26 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-08-23 11:33 . 2009-04-06 11:01 -------- d-----w- c:\users\Bartek\AppData\Roaming\uTorrent 2009-08-23 11:18 . 2009-04-05 17:45 114336 ----a-w- c:\users\Bartek\AppData\Local\GDIPFONTCACHEV1.DAT 2009-08-23 09:30 . 2009-06-15 06:31 -------- d-----w- c:\users\Bartek\AppData\Roaming\FileZilla 2009-08-23 09:27 . 2007-04-24 07:54 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-22 22:48 . 2009-06-18 09:14 -------- d-----w- c:\users\Bartek\AppData\Roaming\Skype 2009-08-22 22:28 . 2009-06-18 09:16 -------- d-----w- c:\users\Bartek\AppData\Roaming\skypePM 2009-08-22 21:46 . 2009-06-30 14:38 -------- d-----w- c:\program files\Steam 2009-08-19 21:30 . 2009-06-15 06:31 -------- d-----w- c:\program files\FileZilla FTP Client 2009-08-18 19:36 . 2009-06-30 14:38 -------- d-----w- c:\program files\Common Files\Steam 2009-08-09 08:11 . 2009-07-03 12:45 -------- d-----w- c:\program files\abgx360 2009-07-29 14:43 . 2009-04-05 19:12 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-07-18 16:06 . 2009-07-29 07:33 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-29 07:33 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-29 07:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-13 12:10 . 2009-07-13 12:10 -------- d-----w- c:\users\Bartek\AppData\Roaming\Ubisoft 2009-07-13 12:01 . 2009-07-13 12:01 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-07-13 12:01 . 2009-07-13 12:01 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-06-30 14:32 . 2009-06-27 18:01 -------- d-----w- c:\program files\Common Files\BitDefender 2009-06-30 14:31 . 2009-06-28 21:19 815 ----a-w- C:\rtsr_eml_sr.dat 2009-06-30 14:31 . 2009-06-28 21:19 141 ----a-w- C:\dwl.dat 2009-06-30 14:31 . 2009-06-28 21:19 132 ----a-w- C:\httpdwl.dat 2009-06-30 14:31 . 2009-06-28 12:28 81984 ----a-w- c:\windows\system32\bdod.bin 2009-06-29 14:59 . 2009-06-29 14:59 -------- d-----w- c:\program files\Valve 2009-06-28 19:01 . 2009-06-28 19:01 16 ----a-w- C:\asdict.dat 2009-06-28 09:27 . 2009-06-28 09:27 -------- d-----w- c:\users\Bartek\AppData\Roaming\TuneUp Software 2009-06-28 09:26 . 2009-06-28 09:26 -------- d-----w- c:\programdata\TuneUp Software 2009-06-28 09:25 . 2009-06-28 09:25 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-06-27 19:25 . 2009-05-05 16:44 -------- d-----w- c:\programdata\Microsoft Help 2009-06-27 19:13 . 2009-06-27 18:02 -------- d-----w- c:\programdata\BitDefender 2009-06-27 18:05 . 2007-04-24 08:55 -------- d-----w- c:\programdata\Symantec 2009-06-27 18:05 . 2007-04-24 08:54 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-25 16:46 . 2009-06-16 19:36 -------- d-----w- c:\users\Bartek\AppData\Roaming\Image Zone Express 2009-06-18 09:16 . 2009-06-18 09:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-06-17 16:27 . 2009-06-17 16:27 22328 ----a-w- c:\users\Bartek\AppData\Roaming\PnkBstrK.sys 2009-06-17 16:27 . 2009-06-17 16:27 22328 ----a-w- c:\users\Bartek\AppData\Roaming\PnkBstrK.sys 2009-06-15 15:24 . 2009-07-15 06:55 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-15 06:55 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-15 06:55 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-15 06:55 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\users\Bartek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-05-26 15:12 . 2009-05-26 15:12 11264 ----a-w- c:\users\Bartek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinMem"="c:\program files\WinCleaner Memory Optimizer\WinMemOpt.exe" [2007-04-03 507392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-23 2007832] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208] c:\users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ mIRC Updater.exe [2008-12-30 33982] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer6"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk] backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{5E09D8A2-8AE9-465D-A353-4F21BEBA73B4}"= Disabled:UDP:40000:bitcomet1 "{ED14A90B-233B-4A97-8FE0-0E1CE881613F}"= Disabled:UDP:12242:bitcomet3 "{E466CEF4-385D-4F24-9B41-D8A2F1C3B8DB}"= Disabled:UDP:12550:BitComet 12550 TCP "{CDEC0393-A2B5-4932-8F10-255E75F92921}"= Disabled:TCP:12550:BitComet 12550 UDP "{F0A13C3B-4969-4E74-AFC8-B2A5CB6D42E9}"= Disabled:UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{520526DC-250E-43CC-9FB5-118E026ABF17}"= Disabled:TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{B3700474-EDAB-4983-82C9-C2128BDD4C8A}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu "UDP Query User{ED4A1E4A-C222-4D98-9908-D83BF570E72D}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu "{C4C807B5-6F0B-4F3F-824F-A76EA8542B83}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{C5D3CC0E-EB3C-4C7A-889A-6DEFD33B8693}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{8EDB71D9-C530-4158-997E-678651C40AA7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FCD9F5EC-BB8B-4C1A-B889-AA51D49A607F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F541C4E8-2381-4F43-B3F7-00BC1CC45385}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F904C048-7B63-480C-B5FC-2DBBA0866CDC}"= UDP:c:\users\Bartek\Downloads\utorrent.exe:µTorrent (TCP-In) "{EB7B88C1-4A54-4987-B319-ED2B259BC1FC}"= TCP:c:\users\Bartek\Downloads\utorrent.exe:µTorrent (UDP-In) "{89AC956D-E001-4CD8-9650-1DE2876AA90F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{6D1765F6-B154-4413-83BA-1626C5F6E91B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{0F2B4A7C-EAA2-45B2-A619-D30220E0F84D}"= UDP:64364:port viptracker "{FE27C2AB-163B-4F9B-B202-6FEE312F4A95}"= UDP:12798:vip "{3709E5C1-E2BB-4334-A15A-15D100882522}"= UDP:12798:torrent "{46794972-A7C9-4CA6-821E-E98AA920DBE0}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent "{6509A0FF-79E5-491D-B87F-174745C68553}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent "{B9B85C64-63C6-4901-A267-D8512C06F165}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{3086B84B-D9D1-4DE4-9692-547341C9CFEA}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{BBFB5002-4872-4861-B0AD-EACBB63EA0F7}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{8C69886C-0477-4AB0-975F-BA8F1DB038BA}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{AD0BDBB7-10E2-4546-A17F-9FDB075BD0C9}"= c:\program files\Skype\Phone\Skype.exe:Skype "{8A101846-7FC3-49C7-9925-DF0E500BE4CA}"= c:\program files\Skype\Phone\Skype.exe:Skype "{98BB3042-6FF9-408D-B1AB-B16C88187D24}"= c:\program files\Skype\Phone\Skype.exe:Skype "{E95B4FCF-C5F9-4621-9059-8CF93E8AE80F}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{AEF8DEDE-1BEE-4A25-A016-E84597AE66AE}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{F2184B47-7743-4A40-BA45-CF4325DB6434}"= c:\program files\Skype\Phone\Skype.exe:Skype "{4248B6CA-EAC5-4A40-B36A-79C6095A5776}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FE36FD33-7A3F-42E4-A1B6-9F23FE7E3882}"= c:\program files\Skype\Phone\Skype.exe:Skype "{F42F2567-F70B-49B9-AE0B-90A5B9C8297C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{29315012-9700-41C3-8183-9837F4D0B389}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{BD393C54-BBBF-465D-8891-C9052C108D53}c:\\program files\\steam\\steamapps\\bartek1453\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\bartek1453\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{E91C8862-3040-4E5E-A728-E2077BC57EAF}c:\\program files\\steam\\steamapps\\bartek1453\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\bartek1453\counter-strike\hl.exe:Half-Life Launcher "{7EFFFF5E-C712-42FE-8B6B-033D4CF9B7EC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{2E745301-ED14-4473-8507-D3BBC8D4F91B}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{BAA0F423-F3CD-417A-91B3-CAA19E22A2DF}c:\\program files\\steam\\steamapps\\bartek1453\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\bartek1453\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{612464CF-E8FD-41F1-82F7-3C223B22DD64}c:\\program files\\steam\\steamapps\\bartek1453\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\bartek1453\counter-strike\hl.exe:Half-Life Launcher "{381A653D-6FA8-4F57-BE90-E0A5B1471DA7}"= c:\program files\Skype\Phone\Skype.exe:Skype "{110F5034-0E74-4B1C-B4F2-18EF0EFD94C2}"= UDP:e:\program files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:ANNO 1404 "{EDCA89F1-47ED-462E-92DC-A7D6E04CB454}"= TCP:e:\program files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:ANNO 1404 "{1DCC11C6-EF66-4C1D-9345-ED8686D53A89}"= UDP:e:\program files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:ANNO 1404 Web "{9A2CB6B2-54AB-463E-A0BA-A8CD1D994002}"= TCP:e:\program files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:ANNO 1404 Web "TCP Query User{3CF865D3-9CA7-431F-B9D0-631478F86D1B}e:\\program files\\ubisoft\\related designs\\anno 1404\\tools\\anno4web.exe"= UDP:e:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe:Anno4Web "UDP Query User{D2D91E0B-AF25-401D-9192-EB4FE5A235DD}e:\\program files\\ubisoft\\related designs\\anno 1404\\tools\\anno4web.exe"= TCP:e:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe:Anno4Web "{52A0AC66-F80A-46C6-BCCD-A0D7BC55F583}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{42B7C0F1-1410-4088-8549-C9EF47C51E68}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{E37C6995-0627-4C98-9B0B-AC657AA52AEF}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{2E2051BF-E9DB-4642-A451-BEEC4F0B3408}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{AE024D03-A3FC-4206-9216-CBD337157CFB}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{C602B27F-6423-42C1-B720-9321A788323C}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu "UDP Query User{B13EAAC2-2701-468B-9847-40C4064E6020}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu "{F45C0DB7-2275-4767-90A8-99C24454E097}"= c:\program files\Skype\Phone\Skype.exe:Skype "{DA0EB0D9-EA7A-47ED-AE16-E65B31140954}"= c:\program files\Skype\Phone\Skype.exe:Skype "{F834A606-383B-4B55-BE35-BCAD93735D6D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{45E1BD63-1F44-4AC6-9875-9C4C1FC569BC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{B3D78471-3ED6-4A62-A870-CFB5072FEA65}"= c:\program files\Skype\Phone\Skype.exe:Skype "{8A7E8103-3D3E-47B5-9064-A84F8726D7B3}"= c:\program files\Skype\Phone\Skype.exe:Skype "{2389554C-DDCC-427F-B281-1A67D3308BCA}"= c:\program files\Skype\Phone\Skype.exe:Skype "{8B7B1A51-D43A-4162-B84C-E8F96557C972}"= c:\program files\Skype\Phone\Skype.exe:Skype "{A44D1E03-A5A0-484E-901D-139F4CF3F969}"= c:\program files\Skype\Phone\Skype.exe:Skype "{131F6768-28D6-49EB-BC13-2F148F8E89E4}"= c:\program files\Skype\Phone\Skype.exe:Skype "{BA7BBBBE-13D6-4C47-BB44-509FD3C68AD3}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C1EFCCF5-597D-4696-A543-13BDA4A11CDF}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6BCEB3AA-4ABF-4925-ACC5-CCBD9F92AF6D}"= UDP:e:\program files\Electronic Arts\Bitwa o Śródziemie II\game.dat:Bitwa o Śródziemie™ II "{4E3CCD00-3954-42A7-A990-E9C35D0AA961}"= TCP:e:\program files\Electronic Arts\Bitwa o Śródziemie II\game.dat:Bitwa o Śródziemie™ II "{AA5F5C77-C053-47CC-85F5-E1EDF64FEB18}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{74193C35-D306-4A1E-9FE0-3437B8B43ABD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E9053E47-ED6E-4C41-B99B-EAD7DE454AFB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{90AA8A4E-6BCB-4555-819E-29D6A0461A56}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{4FA560BE-3916-4C9A-B12C-F0DC4F71B0E3}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{D6F59518-39F2-4BA9-8A4A-6FB83EB14CD8}"= c:\program files\Skype\Phone\Skype.exe:Skype "{0F663661-233D-4D43-AE5F-03CF144D4E50}"= c:\program files\Skype\Phone\Skype.exe:Skype "{1936BFA8-1B92-40B1-8593-FA83E82F3B2A}"= c:\program files\Skype\Phone\Skype.exe:Skype "{1BC2F085-9679-4D87-A094-B7E7E8A4EEBC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{82B8E7E4-EDBE-42EB-9740-5A71F4A2BDD7}"= c:\program files\Skype\Phone\Skype.exe:Skype "{2188C260-47DF-4AC6-B3B3-9992677EE4F0}"= c:\program files\Skype\Phone\Skype.exe:Skype "{1AF194CD-FF24-493F-A899-D24B4C93A42A}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FC9B3EFF-E6BF-4648-8055-020A300BBE36}"= c:\program files\Skype\Phone\Skype.exe:Skype "{51F86EF9-2FAD-4EFA-A43C-FD554D73FE4C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C95130AB-9AA7-4943-ABF3-537EDA029F9C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{633718E5-7E66-44B3-AD2C-714B9A49391F}"= c:\program files\Skype\Phone\Skype.exe:Skype "{2BCEC430-70E9-4E15-8EA6-1F3F9190636A}"= c:\program files\Skype\Phone\Skype.exe:Skype "{03F8A97B-3D04-4745-ADB0-41F44DC47219}"= c:\program files\Skype\Phone\Skype.exe:Skype "{3B1B6399-5207-47A4-8964-D7D315655594}"= c:\program files\Skype\Phone\Skype.exe:Skype "{FE9FE1E4-D5EA-4B96-900B-DE11A181B261}"= c:\program files\Skype\Phone\Skype.exe:Skype "{4DD547DD-932D-466A-9FB5-AF494A82984A}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C1873F0E-52FC-47E6-80FB-F4EA919A4A51}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{44201A87-2F29-4AE7-BFEA-5403A8FC8E78}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{EE3FAA38-DCFD-4403-BCC7-0BC17303EB98}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{34D909D6-C6DB-4936-9E5F-CC5DF2E1637A}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{189FF9A8-54CD-4D91-AF93-CAA7A42DC1DC}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{A5B6FAB8-DA38-4FD2-98DE-BC8C91C1941E}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-08-23 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-08-23 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-08-23 604488] R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [2008-09-10 229648] S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2005-08-02 32512] S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\System32\drivers\qcusbmdm.sys [2009-08-02 59632] S3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\System32\drivers\qcusbser.sys [2009-08-02 59632] S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [2007-03-06 14848] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Zawartość folderu 'Zaplanowane zadania' 2009-08-23 c:\windows\Tasks\Konserwacja 1 kliknięciem.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-17 09:05] 2009-04-19 c:\windows\Tasks\Uniblue DiskRescue 2009.job - c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL FF - ProfilePath - c:\users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\p8jrna14.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - www.onet.pl FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\users\Bartek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-23 14:33 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Czas ukończenia: 2009-08-23 14:37 ComboFix-quarantined-files.txt 2009-08-23 12:37 ComboFix2.txt 2009-06-16 20:19 Przed: 50 784 653 312 bajtów wolnych Po: 50 847 428 608 bajtów wolnych 362 --- E O F --- 2009-08-21 15:44
Gość komentarz 23 sierpnia 2009 komentarz 23 sierpnia 2009 ComboFix usunął całą infekcję - jest w porządku. 1. Usuń szczątki ComboFixa programem OTC. 2. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
nath1453 komentarz 23 sierpnia 2009 Autor komentarz 23 sierpnia 2009 Proszę oto log z Malwarebytes Log do sprawdzenia Malwarebytes' Anti-Malware 1.34Wersja bazy definicji: 1749 Windows 6.0.6001 Service Pack 1 2009-08-23 23:19:38 mbam-log-2009-08-23 (23-19-38).txt Typ skanowania: Pełne skanowanie (C:\|E:\|) Przeskanowane obiekty: 177445 Upłynęło: 2 hour(s), 51 minute(s), 53 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików)
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.