x-kom hosting

Log do sprawdzenia

nath1453
utworzono
utworzono

Witam proszę o sprawdzenie mojego loga z Combofix..

Log do sprawdzenia
ComboFix 09-08-22.06 - Bartek 2009-08-23 14:24.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.3070.2171 [GMT 2:00]

Uruchomiony z: c:\users\Bartek\Desktop\ComboFix.exe

AV: BitDefender Antywirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Zapora Sieciowa *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

SP: BitDefender Antyspyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-189434787-129872340-3242204373-500

c:\users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ikowin32.exe

c:\users\Bartek\AppData\Roaming\wiaserva.log

c:\users\Bartek\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\Installer\WMEncoder.msi

c:\windows\system32\share.exe

c:\windows\system32\WINSPOOL.EXE

c:\windows\system32\xvid-uninstall.exe

.

((((((((((((((((((((((((( Pliki utworzone od 2009-07-23 do 2009-08-23 )))))))))))))))))))))))))))))))

.

2009-08-23 12:33 . 2009-08-23 12:33 -------- d-----w- c:\users\Bartek\AppData\Local\temp

2009-08-23 12:33 . 2009-08-23 12:33 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2009-08-23 12:33 . 2009-08-23 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-08-23 11:43 . 2009-08-23 11:43 604488 ----a-w- c:\windows\system32\TUProgSt.exe

2009-08-23 11:43 . 2009-08-23 11:43 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2009-08-23 11:43 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll

2009-08-23 11:43 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll

2009-08-23 10:24 . 2009-08-23 10:37 -------- d--h--w- C:\$AVG8.VAULT$

2009-08-23 09:52 . 2009-07-24 07:55 1090816 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll

2009-08-23 09:52 . 2009-08-23 09:52 -------- d-----w- c:\users\Bartek\AppData\Local\AVG Security Toolbar

2009-08-23 09:50 . 2009-08-23 09:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-23 09:50 . 2009-08-23 09:50 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-23 09:50 . 2009-08-23 09:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-23 09:50 . 2009-08-23 09:54 -------- d-----w- c:\windows\system32\drivers\Avg

2009-08-23 09:50 . 2009-08-23 09:52 -------- d-----w- c:\programdata\AVG Security Toolbar

2009-08-23 09:49 . 2009-08-23 09:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-08-23 09:49 . 2009-08-23 09:49 -------- d-----w- c:\program files\AVG

2009-08-23 09:49 . 2009-08-23 09:49 -------- d-----w- c:\programdata\avg8

2009-08-12 11:06 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

2009-08-12 11:06 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-08-12 11:06 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-08-12 11:06 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-08-12 11:05 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-08-12 11:05 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-08-12 11:05 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-08-12 11:05 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-08-03 08:13 . 2009-08-07 14:10 -------- d-----w- c:\users\Bartek\AppData\Local\Microsoft Games

2009-08-02 21:58 . 2003-03-10 22:12 59632 ----a-w- c:\windows\system32\drivers\qcusbser.sys

2009-08-02 21:56 . 2003-03-10 22:12 59632 ----a-w- c:\windows\system32\drivers\qcusbmdm.sys

2009-07-29 11:48 . 2009-07-29 11:48 -------- d-----w- c:\users\Bartek\AppData\Roaming\Ahead

2009-07-29 11:47 . 2007-04-20 00:27 364544 ----a-w- c:\windows\system32\TwnLib4.dll

2009-07-29 11:47 . 2007-04-20 00:27 476320 ----a-w- c:\windows\system32\imagXpr7.dll

2009-07-29 11:47 . 2007-04-20 00:27 471040 ----a-w- c:\windows\system32\imagXRA7.dll

2009-07-29 11:47 . 2007-04-20 00:27 262144 ----a-w- c:\windows\system32\imagXR7.dll

2009-07-29 11:47 . 2007-04-20 00:27 1568768 ----a-w- c:\windows\system32\imagX7.dll

2009-07-29 11:47 . 2009-07-29 11:47 -------- d-----w- c:\program files\Common Files\Ahead

2009-07-29 11:47 . 2009-07-29 11:47 -------- d-----w- c:\program files\Nero

2009-07-29 11:40 . 2009-07-29 11:40 -------- d-----w- c:\windows\Nero Lite 9.2.6

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-23 12:27 . 2006-12-05 05:22 662112 ----a-w- c:\windows\system32\perfh015.dat

2009-08-23 12:27 . 2006-12-05 05:22 126908 ----a-w- c:\windows\system32\perfc015.dat

2009-08-23 11:42 . 2009-06-28 09:26 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-08-23 11:33 . 2009-04-06 11:01 -------- d-----w- c:\users\Bartek\AppData\Roaming\uTorrent

2009-08-23 11:18 . 2009-04-05 17:45 114336 ----a-w- c:\users\Bartek\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-23 09:30 . 2009-06-15 06:31 -------- d-----w- c:\users\Bartek\AppData\Roaming\FileZilla

2009-08-23 09:27 . 2007-04-24 07:54 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-22 22:48 . 2009-06-18 09:14 -------- d-----w- c:\users\Bartek\AppData\Roaming\Skype

2009-08-22 22:28 . 2009-06-18 09:16 -------- d-----w- c:\users\Bartek\AppData\Roaming\skypePM

2009-08-22 21:46 . 2009-06-30 14:38 -------- d-----w- c:\program files\Steam

2009-08-19 21:30 . 2009-06-15 06:31 -------- d-----w- c:\program files\FileZilla FTP Client

2009-08-18 19:36 . 2009-06-30 14:38 -------- d-----w- c:\program files\Common Files\Steam

2009-08-09 08:11 . 2009-07-03 12:45 -------- d-----w- c:\program files\abgx360

2009-07-29 14:43 . 2009-04-05 19:12 -------- d-----w- c:\program files\Nowe Gadu-Gadu

2009-07-18 16:06 . 2009-07-29 07:33 827904 ----a-w- c:\windows\system32\wininet.dll

2009-07-18 16:01 . 2009-07-29 07:33 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-07-18 09:46 . 2009-07-29 07:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-13 12:10 . 2009-07-13 12:10 -------- d-----w- c:\users\Bartek\AppData\Roaming\Ubisoft

2009-07-13 12:01 . 2009-07-13 12:01 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys

2009-07-13 12:01 . 2009-07-13 12:01 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2009-06-30 14:32 . 2009-06-27 18:01 -------- d-----w- c:\program files\Common Files\BitDefender

2009-06-30 14:31 . 2009-06-28 21:19 815 ----a-w- C:\rtsr_eml_sr.dat

2009-06-30 14:31 . 2009-06-28 21:19 141 ----a-w- C:\dwl.dat

2009-06-30 14:31 . 2009-06-28 21:19 132 ----a-w- C:\httpdwl.dat

2009-06-30 14:31 . 2009-06-28 12:28 81984 ----a-w- c:\windows\system32\bdod.bin

2009-06-29 14:59 . 2009-06-29 14:59 -------- d-----w- c:\program files\Valve

2009-06-28 19:01 . 2009-06-28 19:01 16 ----a-w- C:\asdict.dat

2009-06-28 09:27 . 2009-06-28 09:27 -------- d-----w- c:\users\Bartek\AppData\Roaming\TuneUp Software

2009-06-28 09:26 . 2009-06-28 09:26 -------- d-----w- c:\programdata\TuneUp Software

2009-06-28 09:25 . 2009-06-28 09:25 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}

2009-06-27 19:25 . 2009-05-05 16:44 -------- d-----w- c:\programdata\Microsoft Help

2009-06-27 19:13 . 2009-06-27 18:02 -------- d-----w- c:\programdata\BitDefender

2009-06-27 18:05 . 2007-04-24 08:55 -------- d-----w- c:\programdata\Symantec

2009-06-27 18:05 . 2007-04-24 08:54 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-06-25 16:46 . 2009-06-16 19:36 -------- d-----w- c:\users\Bartek\AppData\Roaming\Image Zone Express

2009-06-18 09:16 . 2009-06-18 09:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-06-17 16:27 . 2009-06-17 16:27 22328 ----a-w- c:\users\Bartek\AppData\Roaming\PnkBstrK.sys

2009-06-17 16:27 . 2009-06-17 16:27 22328 ----a-w- c:\users\Bartek\AppData\Roaming\PnkBstrK.sys

2009-06-15 15:24 . 2009-07-15 06:55 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 15:20 . 2009-07-15 06:55 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 15:20 . 2009-07-15 06:55 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-06-15 12:52 . 2009-07-15 06:55 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\users\Bartek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

2009-05-26 15:12 . 2009-05-26 15:12 11264 ----a-w- c:\users\Bartek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinMem"="c:\program files\WinCleaner Memory Optimizer\WinMemOpt.exe" [2007-04-03 507392]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-23 2007832]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]

c:\users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

mIRC Updater.exe [2008-12-30 33982]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{5E09D8A2-8AE9-465D-A353-4F21BEBA73B4}"= Disabled:UDP:40000:bitcomet1

"{ED14A90B-233B-4A97-8FE0-0E1CE881613F}"= Disabled:UDP:12242:bitcomet3

"{E466CEF4-385D-4F24-9B41-D8A2F1C3B8DB}"= Disabled:UDP:12550:BitComet 12550 TCP

"{CDEC0393-A2B5-4932-8F10-255E75F92921}"= Disabled:TCP:12550:BitComet 12550 UDP

"{F0A13C3B-4969-4E74-AFC8-B2A5CB6D42E9}"= Disabled:UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{520526DC-250E-43CC-9FB5-118E026ABF17}"= Disabled:TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{B3700474-EDAB-4983-82C9-C2128BDD4C8A}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"UDP Query User{ED4A1E4A-C222-4D98-9908-D83BF570E72D}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"{C4C807B5-6F0B-4F3F-824F-A76EA8542B83}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{C5D3CC0E-EB3C-4C7A-889A-6DEFD33B8693}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{8EDB71D9-C530-4158-997E-678651C40AA7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{FCD9F5EC-BB8B-4C1A-B889-AA51D49A607F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F541C4E8-2381-4F43-B3F7-00BC1CC45385}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F904C048-7B63-480C-B5FC-2DBBA0866CDC}"= UDP:c:\users\Bartek\Downloads\utorrent.exe:µTorrent (TCP-In)

"{EB7B88C1-4A54-4987-B319-ED2B259BC1FC}"= TCP:c:\users\Bartek\Downloads\utorrent.exe:µTorrent (UDP-In)

"{89AC956D-E001-4CD8-9650-1DE2876AA90F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{6D1765F6-B154-4413-83BA-1626C5F6E91B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{0F2B4A7C-EAA2-45B2-A619-D30220E0F84D}"= UDP:64364:port viptracker

"{FE27C2AB-163B-4F9B-B202-6FEE312F4A95}"= UDP:12798:vip

"{3709E5C1-E2BB-4334-A15A-15D100882522}"= UDP:12798:torrent

"{46794972-A7C9-4CA6-821E-E98AA920DBE0}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent

"{6509A0FF-79E5-491D-B87F-174745C68553}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent

"{B9B85C64-63C6-4901-A267-D8512C06F165}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{3086B84B-D9D1-4DE4-9692-547341C9CFEA}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{BBFB5002-4872-4861-B0AD-EACBB63EA0F7}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{8C69886C-0477-4AB0-975F-BA8F1DB038BA}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{AD0BDBB7-10E2-4546-A17F-9FDB075BD0C9}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{8A101846-7FC3-49C7-9925-DF0E500BE4CA}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{98BB3042-6FF9-408D-B1AB-B16C88187D24}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{E95B4FCF-C5F9-4621-9059-8CF93E8AE80F}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{AEF8DEDE-1BEE-4A25-A016-E84597AE66AE}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{F2184B47-7743-4A40-BA45-CF4325DB6434}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{4248B6CA-EAC5-4A40-B36A-79C6095A5776}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{FE36FD33-7A3F-42E4-A1B6-9F23FE7E3882}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{F42F2567-F70B-49B9-AE0B-90A5B9C8297C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{29315012-9700-41C3-8183-9837F4D0B389}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{BD393C54-BBBF-465D-8891-C9052C108D53}c:\\program files\\steam\\steamapps\\bartek1453\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\bartek1453\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{E91C8862-3040-4E5E-A728-E2077BC57EAF}c:\\program files\\steam\\steamapps\\bartek1453\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\bartek1453\counter-strike\hl.exe:Half-Life Launcher

"{7EFFFF5E-C712-42FE-8B6B-033D4CF9B7EC}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{2E745301-ED14-4473-8507-D3BBC8D4F91B}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{BAA0F423-F3CD-417A-91B3-CAA19E22A2DF}c:\\program files\\steam\\steamapps\\bartek1453\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\bartek1453\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{612464CF-E8FD-41F1-82F7-3C223B22DD64}c:\\program files\\steam\\steamapps\\bartek1453\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\bartek1453\counter-strike\hl.exe:Half-Life Launcher

"{381A653D-6FA8-4F57-BE90-E0A5B1471DA7}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{110F5034-0E74-4B1C-B4F2-18EF0EFD94C2}"= UDP:e:\program files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:ANNO 1404

"{EDCA89F1-47ED-462E-92DC-A7D6E04CB454}"= TCP:e:\program files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:ANNO 1404

"{1DCC11C6-EF66-4C1D-9345-ED8686D53A89}"= UDP:e:\program files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:ANNO 1404 Web

"{9A2CB6B2-54AB-463E-A0BA-A8CD1D994002}"= TCP:e:\program files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:ANNO 1404 Web

"TCP Query User{3CF865D3-9CA7-431F-B9D0-631478F86D1B}e:\\program files\\ubisoft\\related designs\\anno 1404\\tools\\anno4web.exe"= UDP:e:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe:Anno4Web

"UDP Query User{D2D91E0B-AF25-401D-9192-EB4FE5A235DD}e:\\program files\\ubisoft\\related designs\\anno 1404\\tools\\anno4web.exe"= TCP:e:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe:Anno4Web

"{52A0AC66-F80A-46C6-BCCD-A0D7BC55F583}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{42B7C0F1-1410-4088-8549-C9EF47C51E68}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{E37C6995-0627-4C98-9B0B-AC657AA52AEF}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{2E2051BF-E9DB-4642-A451-BEEC4F0B3408}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{AE024D03-A3FC-4206-9216-CBD337157CFB}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{C602B27F-6423-42C1-B720-9321A788323C}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"UDP Query User{B13EAAC2-2701-468B-9847-40C4064E6020}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"{F45C0DB7-2275-4767-90A8-99C24454E097}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{DA0EB0D9-EA7A-47ED-AE16-E65B31140954}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{F834A606-383B-4B55-BE35-BCAD93735D6D}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{45E1BD63-1F44-4AC6-9875-9C4C1FC569BC}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{B3D78471-3ED6-4A62-A870-CFB5072FEA65}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{8A7E8103-3D3E-47B5-9064-A84F8726D7B3}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{2389554C-DDCC-427F-B281-1A67D3308BCA}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{8B7B1A51-D43A-4162-B84C-E8F96557C972}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{A44D1E03-A5A0-484E-901D-139F4CF3F969}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{131F6768-28D6-49EB-BC13-2F148F8E89E4}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{BA7BBBBE-13D6-4C47-BB44-509FD3C68AD3}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C1EFCCF5-597D-4696-A543-13BDA4A11CDF}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{6BCEB3AA-4ABF-4925-ACC5-CCBD9F92AF6D}"= UDP:e:\program files\Electronic Arts\Bitwa o Śródziemie II\game.dat:Bitwa o Śródziemie™ II

"{4E3CCD00-3954-42A7-A990-E9C35D0AA961}"= TCP:e:\program files\Electronic Arts\Bitwa o Śródziemie II\game.dat:Bitwa o Śródziemie™ II

"{AA5F5C77-C053-47CC-85F5-E1EDF64FEB18}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{74193C35-D306-4A1E-9FE0-3437B8B43ABD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{E9053E47-ED6E-4C41-B99B-EAD7DE454AFB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{90AA8A4E-6BCB-4555-819E-29D6A0461A56}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{4FA560BE-3916-4C9A-B12C-F0DC4F71B0E3}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{D6F59518-39F2-4BA9-8A4A-6FB83EB14CD8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{0F663661-233D-4D43-AE5F-03CF144D4E50}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{1936BFA8-1B92-40B1-8593-FA83E82F3B2A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{1BC2F085-9679-4D87-A094-B7E7E8A4EEBC}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{82B8E7E4-EDBE-42EB-9740-5A71F4A2BDD7}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{2188C260-47DF-4AC6-B3B3-9992677EE4F0}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{1AF194CD-FF24-493F-A899-D24B4C93A42A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{FC9B3EFF-E6BF-4648-8055-020A300BBE36}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{51F86EF9-2FAD-4EFA-A43C-FD554D73FE4C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C95130AB-9AA7-4943-ABF3-537EDA029F9C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{633718E5-7E66-44B3-AD2C-714B9A49391F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{2BCEC430-70E9-4E15-8EA6-1F3F9190636A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{03F8A97B-3D04-4745-ADB0-41F44DC47219}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{3B1B6399-5207-47A4-8964-D7D315655594}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{FE9FE1E4-D5EA-4B96-900B-DE11A181B261}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{4DD547DD-932D-466A-9FB5-AF494A82984A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C1873F0E-52FC-47E6-80FB-F4EA919A4A51}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{44201A87-2F29-4AE7-BFEA-5403A8FC8E78}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"{EE3FAA38-DCFD-4403-BCC7-0BC17303EB98}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{34D909D6-C6DB-4936-9E5F-CC5DF2E1637A}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

"{189FF9A8-54CD-4D91-AF93-CAA7A42DC1DC}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

"{A5B6FAB8-DA38-4FD2-98DE-BC8C91C1941E}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-08-23 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-08-23 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-08-23 604488]

R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [2008-09-10 229648]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2005-08-02 32512]

S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\System32\drivers\qcusbmdm.sys [2009-08-02 59632]

S3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\System32\drivers\qcusbser.sys [2009-08-02 59632]

S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [2007-03-06 14848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Zawartość folderu 'Zaplanowane zadania'

2009-08-23 c:\windows\Tasks\Konserwacja 1 kliknięciem.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-17 09:05]

2009-04-19 c:\windows\Tasks\Uniblue DiskRescue 2009.job

- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4

IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL

FF - ProfilePath - c:\users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\p8jrna14.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - www.onet.pl

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search=

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\users\Bartek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-23 14:33

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Czas ukończenia: 2009-08-23 14:37

ComboFix-quarantined-files.txt 2009-08-23 12:37

ComboFix2.txt 2009-06-16 20:19

Przed: 50 784 653 312 bajtów wolnych

Po: 50 847 428 608 bajtów wolnych

362 --- E O F --- 2009-08-21 15:44

Gość
komentarz
komentarz

ComboFix usunął całą infekcję - jest w porządku. :E

1. Usuń szczątki ComboFixa programem OTC.

2. Użyj programu Malwarebytes.

Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok.

Wrzuć wygenerowany raport po usuwaniu MBAMem.

.

nath1453
komentarz
komentarz

Proszę oto log z Malwarebytes

Log do sprawdzenia
Malwarebytes' Anti-Malware 1.34

Wersja bazy definicji: 1749

Windows 6.0.6001 Service Pack 1

2009-08-23 23:19:38

mbam-log-2009-08-23 (23-19-38).txt

Typ skanowania: Pełne skanowanie (C:\|E:\|)

Przeskanowane obiekty: 177445

Upłynęło: 2 hour(s), 51 minute(s), 53 second(s)

Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 0

Zainfekowane wartości rejestru: 0

Zainfekowane pliki rejestru: 0

Zainfekowane foldery: 0

Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:

(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:

(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:

(Nie wykryto groźnych plików)

Zainfekowane foldery:

(Nie wykryto groźnych plików)

Zainfekowane pliki:

(Nie wykryto groźnych plików)

Gość
komentarz
komentarz

Jest OK.

.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.