|
TwojePC.pl © 2001 - 2025
|
 |
A R C H I W A L N A W I A D O M O Ś Ć |
 |
| |
|
Malware Doctor jak to usunąć ? , EmCe 25/05/09 09:45
witam złapałem w/w syfa oto log z combofixa pomoże mi ktos to usunąć ? probowałem juz chyba wszystkiego z góry dzieki za pomoc
ComboFix 09-05-22.07 - EmCe NiemCe 2009-05-25 8:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.2038.1401 [GMT 2:00]
Uruchomiony z: c:\documents and settings\EmCe NiemCe\Moje dokumenty\Mozilla\Mozilla\CF\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Dane aplikacji\916653139.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-25 do 2009-05-25 )))))))))))))))))))))))))))))))
.
2009-05-23 06:56 . 2009-05-23 06:56 -------- d-----w c:\documents and settings\EmCe NiemCe\Dane aplikacji\Malwarebytes
2009-05-23 06:56 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 06:56 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 06:56 . 2009-05-23 06:56 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 06:56 . 2009-05-23 06:56 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-05-22 12:06 . 2009-05-22 12:06 32768 ----a-w c:\windows\system32\avast!Antivirus.exe
2009-05-20 05:17 . 2009-05-20 05:17 -------- d-----w c:\documents and settings\EmCe NiemCe\Dane aplikacji\Silver Style Entertainment
2009-05-16 23:55 . 2009-05-25 06:34 117214 ----a-w c:\windows\system32\drivers\110aa1e3.sys
2009-05-16 23:55 . 2009-05-16 23:55 32 --s-a-w c:\windows\system32\3491776463.dat
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 00:00 . 2008-09-16 10:23 -------- d-----w c:\program files\VS Online
2009-05-25 05:22 . 2008-10-28 20:08 22528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-05-23 15:16 . 2007-07-06 15:18 12 ----a-w c:\windows\bthservsdp.dat
2009-05-22 05:10 . 2008-09-30 13:00 -------- d-----w c:\program files\HO 1420
2009-05-19 06:02 . 2007-04-26 06:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-18 22:04 . 2007-07-10 09:25 -------- d-----w c:\documents and settings\EmCe NiemCe\Dane aplikacji\uTorrent
2009-04-28 05:13 . 2007-04-25 15:44 92238 ----a-w c:\windows\system32\perfc015.dat
2009-04-28 05:13 . 2007-04-25 15:44 506952 ----a-w c:\windows\system32\perfh015.dat
2009-04-19 20:22 . 2008-10-28 20:08 -------- d-----w c:\program files\Notebook Hardware Control
2009-04-17 06:42 . 2008-04-06 18:10 -------- d-----w c:\documents and settings\EmCe NiemCe\Dane aplikacji\BESTplayer
2009-04-09 09:33 . 2009-04-09 09:33 -------- d-----w c:\program files\Bethesda Softworks
2009-04-09 09:32 . 2009-02-22 18:51 -------- d-----w c:\program files\Zeallsoft
2009-04-08 07:39 . 2007-09-25 14:39 -------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-04-08 07:03 . 2008-06-24 22:19 -------- d-----w c:\program files\SkanerOnline
2009-04-08 06:33 . 2009-04-08 06:33 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-04-06 16:00 . 2007-08-20 08:00 -------- d-----w c:\program files\Ahead
2009-04-06 15:59 . 2007-04-25 15:46 -------- d-----w c:\program files\Common Files\Ahead
2009-04-06 15:23 . 2007-09-05 16:28 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ahead
2009-04-06 10:47 . 2009-04-06 09:10 -------- d-----w c:\program files\HDD Regenerator
2009-04-01 21:00 . 2009-03-03 08:13 -------- d-----w c:\program files\Pity 2008
2009-04-01 11:00 . 2009-04-01 11:00 57344 ----a-w c:\documents and settings\EmCe NiemCe\Dane aplikacji\Sun\Java\Deployment\cache\6.0\50\5b902232-2dea7a78-n\Decora-SSE.dll
2009-04-01 11:00 . 2009-04-01 11:00 24064 ----a-w c:\documents and settings\EmCe NiemCe\Dane aplikacji\Sun\Java\Deployment\cache\6.0\15\4e09eacf-31dccc47-n\Decora-D3D.dll
2009-04-01 11:00 . 2009-04-01 11:00 499712 ----a-w c:\documents and settings\EmCe NiemCe\Dane aplikacji\Sun\Java\Deployment\cache\6.0\33\258cea61-52c44ace-n\msvcp71.dll
2009-04-01 11:00 . 2009-04-01 11:00 499712 ----a-w c:\documents and settings\EmCe NiemCe\Dane aplikacji\Sun\Java\Deployment\cache\6.0\33\258cea61-52c44ace-n\jmc.dll
2009-04-01 11:00 . 2009-04-01 11:00 348160 ----a-w c:\documents and settings\EmCe NiemCe\Dane aplikacji\Sun\Java\Deployment\cache\6.0\33\258cea61-52c44ace-n\msvcr71.dll
2009-04-01 11:00 . 2007-07-11 05:55 -------- d-----w c:\program files\Java
2009-04-01 10:59 . 2009-04-01 10:59 152576 ----a-w c:\documents and settings\EmCe NiemCe\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-27 02:42 . 2009-02-27 10:21 -------- d-----w c:\program files\HAM
2009-03-25 10:12 . 2009-03-25 10:12 243222 ----a-w c:\windows\uninstall 13Aquari.exe
2009-03-25 10:12 . 2009-03-25 10:12 66062699 ----a-w c:\windows\13Aquari.scr
2009-03-25 08:48 . 2008-07-11 13:37 10368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-03-10 09:23 . 2007-07-06 14:18 326032 ----a-w c:\documents and settings\EmCe NiemCe\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-10 08:59 . 2009-03-10 08:58 2516 --sha-w c:\documents and settings\All Users\Dane aplikacji\KGyGaAvL.sys
2009-03-10 08:59 . 2009-03-10 08:58 2516 --sha-w c:\documents and settings\All Users\Dane aplikacji\KGyGaAvL.sys
2009-03-10 08:58 . 2009-03-10 08:58 8 --sh--r c:\documents and settings\All Users\Dane aplikacji\2EFF6E5AB8.sys
2009-03-10 08:58 . 2009-03-10 08:58 8 --sh--r c:\documents and settings\All Users\Dane aplikacji\2EFF6E5AB8.sys
2009-03-09 03:19 . 2009-01-16 12:38 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 09:31 . 2009-03-03 09:31 81920 ----a-w c:\windows\ALCFDRTM.EXE
2009-02-27 10:21 . 2009-02-27 10:21 152129 ----a-w c:\windows\HAM Uninstaller.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"BySoft FreeRAM"="c:\program files\BySoft FreeRAM\FreeRAM.exe" [2004-12-17 318976]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BEWINTERNET-PL-IEWSessionManager"="c:\program files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe" [2008-01-21 107248]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2006-03-02 110592]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-03 544768]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\documents and settings\EmCe NiemCe\Menu Start\Programy\Autostart\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^EmCe NiemCe^Menu Start^Programy^Autostart^0pop.lnk]
path=c:\documents and settings\EmCe NiemCe\Menu Start\Programy\Autostart\[u]0[/u]pop.lnk
backup=c:\windows\pss\[u]0[/u]pop.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HAM\\ham.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternet-PL-IEW\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\BearShare\\BearShare.exe"=
"d:\\Gry\\Installed\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"d:\\Gry\\Installed\\DS\\DS.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-02-20 29056]
R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
R2 avast!antivirus;avast!antivirus;c:\windows\System32\avast!Antivirus.exe -k netsvcs --> c:\windows\System32\avast!Antivirus.exe -k netsvcs [?]
R2 Notebook Hardware Control Service;Notebook Hardware Control Service;c:\program files\Notebook Hardware Control\nhcservice.exe [2009-04-19 77824]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-03-02 3584]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-15 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-AutoConnect - c:\program files\AutoConnect\AutoConnect.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
SafeBoot-procexp90.sys
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.interia.pl/
uInternet Settings,ProxyOverride = *.local
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - c:\program files\Techland\Common\InternetTranslator\InternetTranslator.dll
Trusted Zone: mks.com.pl\www
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\EmCe NiemCe\Dane aplikacji\Mozilla\Firefox\Profiles\sunjumuz.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 08:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\110aa1e3]
"ImagePath"="\SystemRoot\System32\drivers\110aa1e3.sys"
.
Czas ukończenia: 2009-05-25 8:35
ComboFix-quarantined-files.txt 2009-05-25 06:35
Przed: 14 620 794 880 bajtów wolnych
Po: 14 620 160 000 bajtów wolnych
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
198-==ogłaszam alarm==- - ... , reev 25/05/09 10:17
http://www.spywares-remove.com/...e-malware-doctor - to coś da może...Kore5Trio, ATI-GF X jakieś tam
cyferki, za dużo ramu, dysk
holograficzny, elektrownia jądrowa - niestety , EmCe 25/05/09 11:33
nic nie dało-==ogłaszam alarm==- - a przywracanie systemu , elliot_pl 25/05/09 13:19
wylaczone?momtoronomyotypaldollyochagi... - odpal mbam'a... , Trancer 25/05/09 20:24
u mnie pomogło. - niestety , EmCe 28/05/09 18:44
wyłączone mam przywracanie;/-==ogłaszam alarm==-
|
|
|
|
 |
All rights reserved ® Copyright and Design 2001-2025, TwojePC.PL |
 |
|
|
|
