Skocz do zawartości
Bourne

Prośba O Sprawdzenie Logów

Przez Bourne, w Centrum Bezpieczeństwa

Rekomendowane odpowiedzi

Bourne Newbie

Bourne

Opublikowano
Opublikowano (edytowane)

Wczoraj zaczął dziwnie zachowywać się komp tzn: wzrosło obciążenie pamięci i procka, do tego rzeźbi coś na dysku. Menadżer zadań wykazuje 12 svchostów 8O

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix"
ComboFix 08-09-16.05 - dell 2008-09-18 9:34:03.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1033.18.422 [GMT 2:00]

Running from: C:\Users\dell\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\PROGRA~2\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

C:\PROGRA~2\ZangoSA

C:\PROGRA~2\ZangoSA\ZangoSA.dat

C:\PROGRA~2\ZangoSA\ZangoSA_kyf_update.dat

C:\PROGRA~2\ZangoSA\ZangoSAAbout.mht

C:\PROGRA~2\ZangoSA\ZangoSAau.dat

C:\PROGRA~2\ZangoSA\ZangoSAEula.mht

C:\Program Files\PCHealthCenter

C:\Program Files\PCHealthCenter\0.exe

C:\Program Files\PCHealthCenter\0.gif

C:\Program Files\PCHealthCenter\1.exe

C:\Program Files\PCHealthCenter\1.gif

C:\Program Files\PCHealthCenter\2.exe

C:\Program Files\PCHealthCenter\2.gif

C:\Program Files\PCHealthCenter\3.exe

C:\Program Files\PCHealthCenter\3.gif

C:\Program Files\PCHealthCenter\4.exe

C:\Program Files\PCHealthCenter\sc.html

C:\Users\dell\AppData\Roaming\WeatherDPA

C:\Users\dell\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml

C:\Users\dell\AppData\Roaming\Zango

C:\Windows\eleo.exe

C:\Windows\vmgspntbgft.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_PACKET

-------\Service_Packet

 

 

((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-18 07:45 53,948 ----a-w C:\Users\dell\AppData\Roaming\nvModes.dat

2008-09-18 07:44 --------- d---a-w C:\PROGRA~2\TEMP

2008-09-17 13:11 --------- d-----w C:\Program Files\Picasa2

2008-09-13 20:05 --------- d-----w C:\Users\dell\AppData\Roaming\Leadertech

2008-09-13 20:01 --------- d-----w C:\Program Files\NovaLogic

2008-09-10 20:18 --------- d-----w C:\Users\dell\AppData\Roaming\MapInfo

2008-09-10 20:09 --------- d-----w C:\Program Files\MapInfo

2008-09-09 18:27 --------- d-----w C:\Program Files\Cossacks

2008-09-09 06:10 --------- d-----w C:\Program Files\AirNav Systems

2008-09-08 07:36 --------- d-----w C:\Program Files\FlashGet

2008-08-30 12:08 --------- d-----w C:\Users\dell\AppData\Roaming\Tlen.pl

2008-08-28 05:49 --------- d-----w C:\Users\dell\AppData\Roaming\Skype

2008-08-28 05:42 --------- d-----w C:\Users\dell\AppData\Roaming\skypePM

2008-08-27 13:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-27 13:00 --------- d-----w C:\PROGRA~2\Codemasters

2008-08-20 19:40 --------- d-----w C:\Program Files\Lineage II

2008-08-20 13:03 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-08-20 12:03 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-08-20 12:03 --------- d-----w C:\Program Files\3GP Player

2008-08-20 09:05 --------- d-----w C:\Program Files\Reganam

2008-08-20 09:05 --------- d-----w C:\Program Files\Conduit

2008-08-18 19:52 --------- d-----w C:\Users\dell\AppData\Roaming\Xilisoft Corporation

2008-08-18 19:09 --------- d-----w C:\Program Files\FDRLab

2008-08-18 14:27 --------- d-----w C:\Program Files\Windows Mail

2008-08-17 18:14 --------- d-----w C:\Program Files\MyOrgan

2008-08-13 19:41 --------- d-----w C:\PROGRA~2\BVRP Software

2008-08-13 18:10 --------- d-----w C:\Program Files\Sony Ericsson

2008-08-13 18:10 --------- d-----w C:\PROGRA~2\Sony Ericsson

2008-08-13 10:07 --------- d-----w C:\Program Files\Softland

2008-08-09 16:40 --------- d-----w C:\Program Files\Heresy War Demo

2008-08-08 21:11 --------- d-----w C:\Program Files\OpenAL

2008-08-07 20:23 161,710,253 ----a-w C:\Windows\DUMPd393.tmp

2008-08-07 20:23 --------- d-----w C:\Program Files\Google

2008-08-07 08:38 --------- d-----w C:\Program Files\AtomixMP3

2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-07-14 10:12 174 --sha-w C:\Program Files\desktop.ini

2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-24 07:19 413,696 ----a-w C:\Users\dell\Downloader_for_MSDN_Lib_for_VS2008.exe

2008-02-21 19:49 732,279 ----a-w C:\Users\dell\spolszczeniePS-pro.zip

2008-02-12 17:04 413,696 ----a-w C:\Users\dell\Windows_XP_Professional_w_SP2.exe

2007-12-05 21:16 32 ----a-w C:\Users\All Users\ezsid.dat

2007-12-05 21:16 32 ----a-w C:\PROGRA~2\ezsid.dat

2007-11-29 17:21 0 ----a-w C:\Users\dell\AppData\Roaming\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbRega.dll" [2008-04-03 1523736]

 

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

2008-04-03 10:40 1523736 --a------ C:\Program Files\Reganam\tbRega.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "C:\Program Files\Reganam\tbRega.dll" [2008-04-03 1523736]

 

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "C:\Program Files\Reganam\tbRega.dll" [2008-04-03 1523736]

 

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-11-07 6234624]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]

"3gp Player"="C:\Program Files\3gp Player\3gpPlayer.exe" [2007-09-20 634368]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 1548288]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-17 184320]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-14 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-14 8433664]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-14 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 67584]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-11 1838592]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

 

C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Diino.lnk - C:\Program Files\Diino\Diino.exe [2008-07-01 4516776]

Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2007-11-29 845584]

 

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Dell Network Assistant.lnk - C:\Windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-11-15 7168]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-11-15 45056]

 

C:\Users\dell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\

Diino.lnk - C:\Program Files\Diino\Diino.exe [2008-07-01 4516776]

Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2007-11-29 845584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{7544E726-19ED-4F4C-89E7-8FE7E145B587}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema

"{E4BA5AD8-9D0C-4381-9D02-EE4F01C67D70}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{BF81B48B-2DF3-41D8-8FEA-DA229D98AA12}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{BA7C0905-789C-4003-AA45-1273999B2D62}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{84B6222F-8E37-41D8-85C9-46B57AF63968}"= TCP:10421:SingleClick Discovery Protocol

"{04115F11-73FE-4D3D-8D5B-6F9E10B96ACE}"= UDP:139:NetBIOS File/Printer Sharing

"{B9DEFE0A-6CD8-46A4-877B-8B416E1C6DEE}"= TCP:10426:SingleClick ICC

"{3F764E36-B312-45EC-9BF3-8C5694433FC0}"= UDP:445:Microsoft Directory Services

"{CAB14961-1FC5-4892-B49E-32DFB863FC59}"= TCP:138:NetBIOS Datagram Service

"{3DD4DD95-D20F-42E0-9241-5A3F08CB3EE7}"= TCP:137:NetBIOS Name Service

"TCP Query User{93760F27-57D0-4079-AF88-269E1F4971BD}C:\\program files\\tlen.pl\\tlen.exe"= UDP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

"UDP Query User{17146987-44F6-4174-AAC3-8FBCA732D125}C:\\program files\\tlen.pl\\tlen.exe"= TCP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

"{BE8D9E27-FC9A-4EB1-8322-625D2BDA85F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{B0DA8C33-2189-489B-99B1-9391CE9EB119}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{281B40FD-E8E0-4D4B-AC4F-4A36017FFACA}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{4CDFE5E3-1BE1-46A9-BC8A-30D3115CA7ED}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6449DE84-4E92-4705-AC71-7B8F954AF2BD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{A1934E9B-4150-4132-9DF5-F693C12A8FF8}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{71BCE740-2B5D-4B3A-B5B8-729508AA7669}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet

"TCP Query User{DA37EBAC-C775-45D0-94E7-A097EB0DE4A3}C:\\gry\\valve\\hl.exe"= UDP:C:\gry\valve\hl.exe:Half-Life Launcher

"UDP Query User{A24BB0BB-4993-4FA5-AB47-EF1C3D8A414C}C:\\gry\\valve\\hl.exe"= TCP:C:\gry\valve\hl.exe:Half-Life Launcher

"TCP Query User{2E1AABD2-726B-459C-98D8-1D21F85AB2CF}C:\\program files\\wysigot\\wysigot.exe"= UDP:C:\program files\wysigot\wysigot.exe:Wysigot Web Browser

"UDP Query User{137C638B-D045-4EFD-A9B1-7848B21CA6C7}C:\\program files\\wysigot\\wysigot.exe"= TCP:C:\program files\wysigot\wysigot.exe:Wysigot Web Browser

"TCP Query User{C505A173-9A62-4FF3-8240-C006C1A5F32B}C:\\program files\\tlen.pl\\tlen.exe"= UDP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

"UDP Query User{7809F39F-C08C-4FFF-A962-99ABFDA8237A}C:\\program files\\tlen.pl\\tlen.exe"= TCP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

"TCP Query User{806F3666-69A6-4C8B-B87F-EB6468173A02}C:\\gry\\valve\\hl.exe"= UDP:C:\gry\valve\hl.exe:Half-Life Launcher

"UDP Query User{F970E26D-E864-4700-A7C4-81794D5908AC}C:\\gry\\valve\\hl.exe"= TCP:C:\gry\valve\hl.exe:Half-Life Launcher

"TCP Query User{8B6A5BE5-F257-4909-985D-5D71FAD72880}C:\\gry\\conflict desert storm pl\\desertstorm.exe"= UDP:C:\gry\conflict desert storm pl\desertstorm.exe:Conflict:Desert Storm

"UDP Query User{54491B69-6CD1-4922-A80A-A3BD7AA29755}C:\\gry\\conflict desert storm pl\\desertstorm.exe"= TCP:C:\gry\conflict desert storm pl\desertstorm.exe:Conflict:Desert Storm

"TCP Query User{02214234-AE07-40BF-9429-4FA76B38CB77}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{42504ADA-4645-444D-AED4-6AAE0B45947C}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet

"{49D57F84-4E30-43D3-84D3-EA793D5A50F0}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{88083CDE-A0AE-46A1-8ECD-061AC2934273}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"TCP Query User{B079C5DE-A527-4621-8C19-E2978992C600}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows

"UDP Query User{D05C41EA-3DFC-4031-A182-A852D4A85998}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows

"TCP Query User{50F66CF0-5A30-4B12-8E22-FCE9B04F5E1C}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny

"UDP Query User{D4B9B2EB-A8CC-4379-BEFD-3D73EFAC8EA0}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny

"{2155E6B6-3517-45FD-B1A2-F7BC0F0465C6}"= TCP:10421:SingleClick Discovery Protocol

"{FD93B860-FC54-471A-9603-42D318203304}"= TCP:10426:SingleClick ICC

"{17A76749-5C6F-477C-8280-6383AF2DB67D}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{3B464988-37F4-4B59-B689-7621D9162352}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{58C8BE92-230E-41F5-8204-C3092303ADD4}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows

"UDP Query User{D0AC2819-C8A0-4A7C-837D-25ADD879F827}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows

"TCP Query User{D1B4A246-4185-41EC-A397-7C9E810E8E8A}C:\\gry\\flightgear\\bin\\win32\\fgfs.exe"= UDP:C:\gry\flightgear\bin\win32\fgfs.exe:fgfs

"UDP Query User{9179ECE2-FBD3-41B7-8938-B50B43C4B52B}C:\\gry\\flightgear\\bin\\win32\\fgfs.exe"= TCP:C:\gry\flightgear\bin\win32\fgfs.exe:fgfs

"TCP Query User{ED04091C-B014-4009-A721-36D5CFA0CD37}C:\\gry\\ut2003\\system\\ut2003.exe"= UDP:C:\gry\ut2003\system\ut2003.exe:UT2003

"UDP Query User{EC712CD6-707F-404E-8D44-63F81CA2CA66}C:\\gry\\ut2003\\system\\ut2003.exe"= TCP:C:\gry\ut2003\system\ut2003.exe:UT2003

"TCP Query User{AB8441E3-4FC1-4F89-94B1-B35A8790757C}C:\\gry\\ut2003\\system\\ut2003.exe"= UDP:C:\gry\ut2003\system\ut2003.exe:UT2003

"UDP Query User{E0E10871-DE3C-49EA-B10C-092B08664DD7}C:\\gry\\ut2003\\system\\ut2003.exe"= TCP:C:\gry\ut2003\system\ut2003.exe:UT2003

"TCP Query User{B68728CC-B67F-4362-AC60-791820B21A68}C:\\gry\\flightgear\\bin\\win32\\fgfs.exe"= UDP:C:\gry\flightgear\bin\win32\fgfs.exe:fgfs

"UDP Query User{3354E1D5-192C-4A49-A7AA-9E217288F435}C:\\gry\\flightgear\\bin\\win32\\fgfs.exe"= TCP:C:\gry\flightgear\bin\win32\fgfs.exe:fgfs

"{5C51325D-64DD-4F3E-BBFC-DCB61318444D}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant

"{B794334E-D9DB-49DC-B9A2-2FF6DCC354AD}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant

"TCP Query User{E8A2FA75-901D-4316-B497-06A6B78C7EF9}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC

"UDP Query User{A10940E1-5482-4377-B71F-FBA69ABAA3FD}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC

"TCP Query User{B1793553-2C37-4662-AF6E-C7F612F91EC3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{4FC1F2ED-496F-43D6-AFBF-336C8E6D502A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{A617D40E-6AA1-4AAB-A8D3-B5F20194513B}C:\\acars\\acarsd.exe"= UDP:C:\acars\acarsd.exe:acarsd

"UDP Query User{D8EA5EEE-0562-4526-9FE5-D7E7E545BD72}C:\\acars\\acarsd.exe"= TCP:C:\acars\acarsd.exe:acarsd

"TCP Query User{6E53DAE6-A557-4403-B7D9-E42E50DD10DD}C:\\acars\\acarsds.exe"= UDP:C:\acars\acarsds.exe:acarsds

"UDP Query User{64CF6C35-742F-4BF6-BDF5-96CCFEE23863}C:\\acars\\acarsds.exe"= TCP:C:\acars\acarsds.exe:acarsds

"TCP Query User{FEE97B5A-2B6F-4504-B546-BF67F2C3792B}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"UDP Query User{263EB4F3-6309-4F6C-9F12-828035BB9AC1}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"TCP Query User{D3FAEE78-35CC-4BBC-8350-2C3384173744}C:\\program files\\cossacks\\dmcr.exe"= UDP:C:\program files\cossacks\dmcr.exe:dmcr

"UDP Query User{03968CB9-4A59-4E5B-A4F3-3AE382C3C580}C:\\program files\\cossacks\\dmcr.exe"= TCP:C:\program files\cossacks\dmcr.exe:dmcr

"{0696369B-6894-4F45-A943-C86BE32A7C57}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{48FB7E6A-EB02-4BE3-9DD6-65E510A92A22}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{E1983842-C82E-4CF4-BDC9-5DD311549C21}"= UDP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant

"{9B694C1C-F297-43EC-B65F-0E30FD8080B0}"= TCP:C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-09-20 73728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\shell\AutoRun\command - F:\autorun\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - G:\autorun\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6a4aa0-f8a4-11dc-967a-001c238ed75e}]

\shell\AutoRun\command - G:\ezifplbh.exe

\shell\explore\Command - G:\ezifplbh.exe

\shell\open\Command - G:\ezifplbh.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99ed81f3-62a9-11dd-9103-001c238ed75e}]

\shell\Auto\command - F:\Start.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{3FFBF7F4-CE7B-4462-A920-422AC5A31F72} - C:\Windows\vmgspntbgft.dll

Toolbar-{E7B781BF-C1BE-41AB-BE83-ECA71A575F97} - (no file)

HKCU-Run-Twoje TVN24 - C:\Program Files\Pasek TVN24\tvn-ustawienia.exe

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe

HKLM-Run-MSServer - C:\Windows\system32\wvUkLBtU.dll

ShellExecuteHooks-{ADEFCC73-BD41-44F8-8A2F-5DFB45EBD59B} - C:\Windows\system32\wvUkLBtU.dll

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\8z3qduuh.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl

FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPSOCCER.dll

FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll

FF -: plugin - C:\Users\dell\AppData\Roaming\Mozilla\plugins\npPxPlay.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-18 09:44:54

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\BCMWLTRY.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Photodex\ProShowGold\scsiaccess.exe

C:\Windows\System32\stacsv.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

.

**************************************************************************

.

Completion time: 2008-09-18 9:54:59 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-18 07:54:23

 

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.

Post-Run: 16,377,782,272 bytes free

 

295 --- E O F --- 2008-09-17 16:11:33

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HijackThis"
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:26:07, on 2008-09-18

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\3GP Player\3gpPlayer.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.reganam.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [3gp Player] "C:\Program Files\3gp Player\3gpPlayer.exe" hmw

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Startup: Diino.lnk = C:\Program Files\Diino\Diino.exe

O4 - Startup: Microsoft Office Outlook 2007.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm

O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O13 - Gopher Prefix:

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209381782561

O16 - DPF: {9C3EFB8A-DC20-484B-B905-5E337A988C5D} (LNCActiveX Control) - http://aeroklubcz.dyndns.org:101/LNetCam.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9913 bytes

Edytowane przez Bourne

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
Kolobos Newbie

Kolobos

Opublikowano
Opublikowano

Usun z dysku:

C:\Windows\DUMPd393.tmp

 

Wklej do notatnika:

REGEDIT4

 

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6a4aa0-f8a4-11dc-967a-001c238ed75e}]

 

Zapisz jako fix.reg i uruchom.

 

W hjt usun:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.reganam.com

R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll

O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll

 

Pomysl tez o wylaczeniu czesci programow z autostartu.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

Dołącz do dyskusji

Możesz dodać zawartość już teraz a zarejestrować się później. Jeśli posiadasz już konto, zaloguj się aby dodać zawartość za jego pomocą.

Gość
Dodaj odpowiedź do tematu...

×   Wklejono zawartość z formatowaniem.   Przywróć formatowanie

  Dozwolonych jest tylko 75 emoji.

×   Odnośnik został automatycznie osadzony.   Przywróć wyświetlanie jako odnośnik

×   Przywrócono poprzednią zawartość.   Wyczyść edytor

×   Nie możesz bezpośrednio wkleić grafiki. Dodaj lub załącz grafiki z adresu URL.

Ładowanie
×
Tematy
×
×
  • Dodaj nową pozycję...