Jak usunąć malware doctor?

Witam,

tez mam problem z tym virem

ComboFix 09-04-21.A2 - HBOSAK 2009-04-21 16:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1013.345 [GMT 2:00]

Uruchomiony z: c:\documents and settings\HBOSAK\Moje dokumenty\Downloads\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\1012341539.exe

c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\951323796.exe

c:\program files\Internet Explorer\setupapi.dll

c:\program files\Mozilla Firefox\setupapi.dll

.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))

.

2020-11-28 10:23 . 2020-11-28 10:23 -------- d-----w c:\program files\PROKOM Software SA

2009-04-21 10:08 . 2009-02-20 17:13 268288 -c----w c:\windows\system32\dllcache\iertutil.dll

2009-04-21 10:08 . 2009-02-20 17:13 63488 -c----w c:\windows\system32\dllcache\icardie.dll

2009-04-21 10:08 . 2009-02-20 17:13 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

2009-04-21 10:08 . 2009-02-20 17:13 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll

2009-04-21 10:08 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe

2009-04-21 10:08 . 2009-02-20 17:13 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

2009-04-21 10:08 . 2008-07-09 14:30 1036288 -c----w c:\windows\system32\dllcache\ieframe.dll.mui

2009-04-21 10:08 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat

2009-04-21 10:07 . 2009-02-20 17:13 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll

2009-04-21 09:14 . 2009-04-21 09:14 -------- d-----w c:\documents and settings\HBOSAK\Dane aplikacji\Malwarebytes

2009-04-21 09:14 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-21 09:14 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-21 09:14 . 2009-04-21 09:14 -------- d-----w c:\program files\Malwarebytes’ Anti-Malware

2009-04-21 09:14 . 2009-04-21 09:14 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes

2009-04-20 11:53 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys

2009-04-20 11:53 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys

2009-04-20 11:53 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys

2009-04-20 11:53 . 2009-04-20 11:56 -------- d-----w c:\program files\Common Files\PC Tools

2009-04-20 11:53 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys

2009-04-20 11:53 . 2009-04-21 09:41 -------- d-----w c:\program files\Spyware Doctor

2009-04-20 11:53 . 2009-04-20 11:53 -------- d-----w c:\documents and settings\HBOSAK\Dane aplikacji\PC Tools

2009-04-20 11:53 . 2009-04-20 11:53 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\PC Tools

2009-04-18 23:07 . 2008-06-14 17:36 273024 -c----w c:\windows\system32\dllcache\bthport.sys

2009-04-18 23:06 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys

2009-04-18 23:03 . 2009-02-10 17:09 2067328 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe

2009-04-18 23:03 . 2009-02-09 11:26 2190336 -c----w c:\windows\system32\dllcache\ntoskrnl.exe

2009-04-18 23:03 . 2009-02-09 11:26 2025472 -c----w c:\windows\system32\dllcache\ntkrpamp.exe

2009-04-18 23:03 . 2009-02-09 11:26 2146816 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe

2009-04-18 10:50 . 2007-08-24 03:03 180224 ----a-r c:\windows\system32\igfxres.dll

2009-04-18 10:35 . 2008-04-15 12:00 7680 -c–a-w c:\windows\system32\dllcache\pwsdata.dll

2009-04-18 10:34 . 2008-04-15 12:00 8192 -c–a-w c:\windows\system32\dllcache\httpmb51.dll

2009-04-18 10:32 . 2009-04-18 10:32 488 —ha-r c:\windows\system32\logonui.exe.manifest

2009-04-18 10:32 . 2009-04-18 10:32 749 —ha-r c:\windows\WindowsShell.Manifest

2009-04-18 10:32 . 2009-04-18 10:32 749 —ha-r c:\windows\system32\wuaucpl.cpl.manifest

2009-04-18 10:32 . 2009-04-18 10:32 749 —ha-r c:\windows\system32\sapi.cpl.manifest

2009-04-18 10:32 . 2009-04-18 10:32 749 —ha-r c:\windows\system32\nwc.cpl.manifest

2009-04-18 10:32 . 2009-04-18 10:32 749 —ha-r c:\windows\system32\ncpa.cpl.manifest

2009-04-18 10:14 . 2009-04-21 10:12 1374 ----a-w c:\windows\imsins.BAK

2009-04-18 09:17 . 2009-04-18 10:58 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\F-Secure

2009-04-18 09:17 . 2009-04-18 10:57 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\fssg

2009-04-18 09:08 . 2009-04-18 11:00 -------- d-----w c:\program files\F-Secure

2009-04-17 10:03 . 2009-04-18 08:18 -------- d-----w c:\documents and settings\HBOSAK\Dane aplikacji\FTWeak

2009-04-16 12:31 . 2009-04-16 12:27 58880 ----a-w c:\windows\system32\56.tmp

2009-04-16 12:10 . 2009-04-16 12:28 -------- d-----w c:\documents and settings\HBOSAK.housecall6.6

2009-04-16 11:42 . 2009-04-16 11:43 85 --s-a-w c:\windows\system32\3370500994.dat

2009-04-16 11:42 . 2009-04-16 11:42 32768 ----a-w c:\windows\system32\AshEvtSvc.exe

2009-04-09 09:08 . 2009-04-09 09:07 73728 ----a-w c:\windows\system32\javacpl.cpl

2009-04-09 09:08 . 2009-04-09 09:07 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-04 08:00 . 2009-04-18 08:18 -------- d-----w c:\program files\Panda Security

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-21 14:07 . 2008-11-26 08:25 -------- d—a-w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP

2009-04-21 06:52 . 2006-11-18 13:31 546 ----a-w C:\WT61US.UWL

2009-04-18 10:48 . 2008-10-09 14:48 -------- d-----w c:\program files\CUAgent

2009-04-18 10:31 . 2004-08-04 12:00 90936 ----a-w c:\windows\system32\perfc015.dat

2009-04-18 10:31 . 2004-08-04 12:00 502848 ----a-w c:\windows\system32\perfh015.dat

2009-04-18 10:30 . 2008-09-22 16:49 23688 ----a-w c:\windows\system32\emptyregdb.dat

2009-04-18 10:30 . 2009-04-18 10:30 1042 ----a-w c:\windows\Inf\COM1FC.tmp

2009-04-18 10:13 . 2009-04-18 10:13 5280 ----a-w c:\windows\system32\PerfStringBackup.TMP

2009-04-18 08:24 . 2007-03-01 11:34 -------- d-----w c:\program files\Google

2009-04-16 11:44 . 2006-11-18 13:33 -------- d-----w c:\program files\Opera

2009-04-09 09:07 . 2006-11-18 13:57 -------- d-----w c:\program files\Java

2009-04-03 10:11 . 2008-09-25 16:05 -------- d-----w c:\documents and settings\HBOSAK\Dane aplikacji\OpenOffice.org2

2009-03-06 14:37 . 2009-03-06 14:37 -------- d-----w c:\documents and settings\HBOSAK\Dane aplikacji\Canneverbe_Limited

2009-03-06 14:36 . 2009-03-06 14:36 -------- d-----w c:\program files\CDBurnerXP

2009-03-06 14:22 . 2008-04-15 12:00 285696 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:10 . 2008-04-15 12:00 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:13 . 2008-04-15 12:00 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-19 15:55 . 2008-09-23 09:31 26472 ----a-w c:\documents and settings\HBOSAK\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-02-19 15:49 . 2009-02-19 15:49 83944 ----a-w c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-02-19 15:49 . 2009-02-19 15:49 83944 ----a-w c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-02-19 15:49 . 2009-02-19 15:49 83944 ----a-w c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-02-19 15:49 . 2009-02-19 15:49 83944 ----a-w c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-02-09 14:07 . 2008-04-15 12:00 1847040 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:26 . 2008-04-14 21:59 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:26 . 2008-04-15 12:00 2146816 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:25 . 2008-04-15 12:00 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:53 . 2008-04-15 12:00 731136 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2008-04-15 12:00 686592 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:53 . 2008-04-15 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:53 . 2008-04-15 12:00 722944 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 10:39 . 2008-04-15 12:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:58 . 2008-04-15 12:00 56832 ----a-w c:\windows\system32\secur32.dll

2008-09-24 12:15 . 2008-09-24 12:15 131 ----a-w c:\documents and settings\HBOSAK\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2008-07-23 11:13 . 2007-10-12 08:55 25976 ----a-w c:\documents and settings\hubi\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-10-04 09:42 . 2006-11-28 11:28 25976 ----a-w c:\documents and settings\kazdy\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-09-14 07:54 . 2007-02-28 16:03 25976 ----a-w c:\documents and settings\hubert\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-02-28 14:48 . 2007-02-28 14:48 20688 ----a-w c:\documents and settings\konrad\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2006-11-28 10:41 . 2006-11-28 10:41 20688 ----a-w c:\documents and settings\jbosak\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-15 15360]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2007-05-10 2111176]

“Google Update”=“c:\documents and settings\HBOSAK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe” [2009-04-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“GEST”="=" [X]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-04-09 148888]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]

“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2007-09-05 141848]

“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2007-09-05 166424]

“Persistence”=“c:\windows\system32\igfxpers.exe” [2007-09-05 137752]

“NWTRAY”=“NWTRAY.EXE” - c:\windows\system32\nwtray.exe [2002-03-12 28672]

“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]

c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]

Powiadomienia GroupWise.lnk - c:\novell\GroupWise\notify.exe [2006-11-18 184378]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“CompatibleRUPSecurity”= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Novell\GroupWise\grpwise.exe”=

“c:\Novell\GroupWise\notify.exe”=

“c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE”=

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]

S2 AshEvtSvc;AshEvtSvc;c:\windows\System32\AshEvtSvc.exe [2009-04-16 32768]

— Inne Usługi/Sterowniki w Pamięci —

*Deregistered* - mchInjDrv

.

Zawartość folderu ‘Zaplanowane zadania’

2009-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-813497703-1417001333-1003.job

  • c:\documents and settings\HBOSAK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-21 09:51]

.

        • USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Malware Doctor - c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\1012341539.exe

HKLM-Run-Malware Doctor - c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\1012341539.exe

HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\HBOSAK\Dane aplikacji\Mozilla\Firefox\Profiles\fjmny84s.default\

FF - prefs.js: browser.startup.homepage - gogle.com

FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-21 16:07

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • > ‘winlogon.exe’(788)

c:\windows\system32\NETWIN32.DLL

c:\windows\system32\NLS\POLSKI\MAPBASER.DLL

              • > ‘Explorer.exe’(3020)

c:\windows\system32\NETWIN32.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Czas ukończenia: 2009-04-21 16:11 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-04-21 14:11

ComboFix2.txt 2009-04-18 08:52

Przed: 22 140 186 624 bajtów wolnych

Po: 22 276 288 512 bajtów wolnych

207 — E O F — 2009-04-19 01:03

Dodane 21.04.2009 (Wt) 16:17

cos jeszcze powinienem zrobic?

założyć swój temat

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:

huggh , na przyszłość nie podpinaj się pod istniejące tematy - jeżeli masz problem, załóż własny temat.

Wydzielono.

Witam ponownie.

Po zrobieniu co mowiliscie log jest taki

ComboFix 09-04-22.A0 - HBOSAK 2009-04-22 11:03.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1013.393 [GMT 2:00]

Uruchomiony z: c:\documents and settings\HBOSAK\Moje dokumenty\Downloads\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\HBOSAK\Moje dokumenty\Downloads\CFScript.txt

* Utworzono nowy punkt przywracania

FILE ::

c:\windows\system32\56.tmp

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\1012341539.exe

c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\951323796.exe

c:\program files\Internet Explorer\setupapi.dll

c:\program files\Mozilla Firefox\setupapi.dll

c:\program files\Spyware Doctor

c:\program files\Spyware Doctor\alert.wav

c:\program files\Spyware Doctor\avdb\av10-000.vdb

c:\program files\Spyware Doctor\avdb\BLST.bin

c:\program files\Spyware Doctor\avdb\info.dbsdk

c:\program files\Spyware Doctor\avdb\SFS2.bin

c:\program files\Spyware Doctor\avdb\vdb.xml

c:\program files\Spyware Doctor\avengine\PCTAVEng.dll

c:\program files\Spyware Doctor\avengine\SDAVgate.dll

c:\program files\Spyware Doctor\BH.dll

c:\program files\Spyware Doctor\bpo-sdhelp.chm

c:\program files\Spyware Doctor\cdialogs.dll

c:\program files\Spyware Doctor\ChineseSimp.lng

c:\program files\Spyware Doctor\ChineseTrad.lng

c:\program files\Spyware Doctor\commhlpr.dll

c:\program files\Spyware Doctor\commlib.dll

c:\program files\Spyware Doctor\CommLibLite.dll

c:\program files\Spyware Doctor\commom.dll

c:\program files\Spyware Doctor\csi-sdhelp.chm

c:\program files\Spyware Doctor\csi-sdhelp_pr.chm

c:\program files\Spyware Doctor\ctr-sdhelp.chm

c:\program files\Spyware Doctor\cze-sdhelp.chm

c:\program files\Spyware Doctor\Czech.lng

c:\program files\Spyware Doctor\dan-sdhelp.chm

c:\program files\Spyware Doctor\Danish.lng

c:\program files\Spyware Doctor\deu-sdhelp.chm

c:\program files\Spyware Doctor\Deutsch.lng

c:\program files\Spyware Doctor\drvctl.exe

c:\program files\Spyware Doctor\Dutch.lng

c:\program files\Spyware Doctor\eng-sdhelp.chm

c:\program files\Spyware Doctor\English.lng

c:\program files\Spyware Doctor\EnglishBritish.lng

c:\program files\Spyware Doctor\esp-sdhelp.chm

c:\program files\Spyware Doctor\euk-sdhelp.chm

c:\program files\Spyware Doctor\filehlpr.dll

c:\program files\Spyware Doctor\FileStorage.sdp

c:\program files\Spyware Doctor\fin-sdhelp.chm

c:\program files\Spyware Doctor\Finnish.lng

c:\program files\Spyware Doctor\fre-sdhelp.chm

c:\program files\Spyware Doctor\French.lng

c:\program files\Spyware Doctor\gre-sdhelp.chm

c:\program files\Spyware Doctor\Greek.lng

c:\program files\Spyware Doctor\history\syslog.dad

c:\program files\Spyware Doctor\history\syslog.das

c:\program files\Spyware Doctor\history\userlog.dad

c:\program files\Spyware Doctor\history\userlog.das

c:\program files\Spyware Doctor\homepage.url

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_ChineseSimp.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_ChineseTrad.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Czech.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Danish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Deutsch.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Dutch.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_English.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_EnglishBritish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Finnish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_French.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Greek.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Italian.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Japanese.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Korean.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Norwegian.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Polski.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Portuguese.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_PortugueseBrazilian.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Russian.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Spanish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Swedish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Thai.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Turkish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SDR_ChineseSimp.html

c:\program files\Spyware Doctor\IDBLib.sdp

c:\program files\Spyware Doctor\Immunizer.sdp

c:\program files\Spyware Doctor\inethlpr.dll

c:\program files\Spyware Doctor\InnoHelpers.dll

c:\program files\Spyware Doctor\ita-sdhelp.chm

c:\program files\Spyware Doctor\Italian.lng

c:\program files\Spyware Doctor\jap-sdhelp.chm

c:\program files\Spyware Doctor\Japanese.lng

c:\program files\Spyware Doctor\KDSInterface.txt

c:\program files\Spyware Doctor\klg.dat

c:\program files\Spyware Doctor\kor-sdhelp.chm

c:\program files\Spyware Doctor\Korean.lng

c:\program files\Spyware Doctor\Languages.xml

c:\program files\Spyware Doctor\Localizer.sdp

c:\program files\Spyware Doctor\LuLng\ChineseSimp.lng

c:\program files\Spyware Doctor\LuLng\ChineseTrad.lng

c:\program files\Spyware Doctor\LuLng\Czech.lng

c:\program files\Spyware Doctor\LuLng\Danish.lng

c:\program files\Spyware Doctor\LuLng\Deutsch.lng

c:\program files\Spyware Doctor\LuLng\Dutch.lng

c:\program files\Spyware Doctor\LuLng\English.lng

c:\program files\Spyware Doctor\LuLng\EnglishBritish.lng

c:\program files\Spyware Doctor\LuLng\Finnish.lng

c:\program files\Spyware Doctor\LuLng\French.lng

c:\program files\Spyware Doctor\LuLng\Greek.lng

c:\program files\Spyware Doctor\LuLng\Italian.lng

c:\program files\Spyware Doctor\LuLng\Japanese.lng

c:\program files\Spyware Doctor\LuLng\Korean.lng

c:\program files\Spyware Doctor\LuLng\Norwegian.lng

c:\program files\Spyware Doctor\LuLng\Polski.lng

c:\program files\Spyware Doctor\LuLng\Portuguese.lng

c:\program files\Spyware Doctor\LuLng\PortugueseBrazilian.lng

c:\program files\Spyware Doctor\LuLng\Russian.lng

c:\program files\Spyware Doctor\LuLng\Spanish.lng

c:\program files\Spyware Doctor\LuLng\Swedish.lng

c:\program files\Spyware Doctor\LuLng\Thai.lng

c:\program files\Spyware Doctor\LuLng\Turkish.lng

c:\program files\Spyware Doctor\ned-sdhelp.chm

c:\program files\Spyware Doctor\NetworkLayer\blacklistlsp.txt

c:\program files\Spyware Doctor\NetworkLayer\blacklistlsp.txt.sig

c:\program files\Spyware Doctor\NetworkLayer\InstSGTool.dll

c:\program files\Spyware Doctor\NetworkLayer\Microsoft.VC80.CRT.manifest

c:\program files\Spyware Doctor\NetworkLayer\msvcm80.dll

c:\program files\Spyware Doctor\NetworkLayer\msvcp80.dll

c:\program files\Spyware Doctor\NetworkLayer\msvcr80.dll

c:\program files\Spyware Doctor\NetworkLayer\PCTCFFix.exe

c:\program files\Spyware Doctor\NetworkLayer\PCTCFHook.dll

c:\program files\Spyware Doctor\NetworkLayer\PCTLsp.dll

c:\program files\Spyware Doctor\NetworkLayer\PCTSecUtility.dll

c:\program files\Spyware Doctor\NetworkLayer\PluginDllSG.dll

c:\program files\Spyware Doctor\NfyMan.sdp

c:\program files\Spyware Doctor\nor-sdhelp.chm

c:\program files\Spyware Doctor\Norwegian.lng

c:\program files\Spyware Doctor\PCTGMhk.dll

c:\program files\Spyware Doctor\PCTMime.dll

c:\program files\Spyware Doctor\PCToolsComponents.bpl

c:\program files\Spyware Doctor\pctsAuxs.exe

c:\program files\Spyware Doctor\PCTSDInj32.sys

c:\program files\Spyware Doctor\pctsGui.exe

c:\program files\Spyware Doctor\pctsSvc.exe

c:\program files\Spyware Doctor\pctsTray.exe

c:\program files\Spyware Doctor\PCTWSC.dll

c:\program files\Spyware Doctor\PDialogs.dll

c:\program files\Spyware Doctor\plugins\Behavior.sdp

c:\program files\Spyware Doctor\plugins\Browsers.SDP

c:\program files\Spyware Doctor\plugins\cookie.sdp

c:\program files\Spyware Doctor\plugins\email.sdp

c:\program files\Spyware Doctor\plugins\grAV.sdp

c:\program files\Spyware Doctor\plugins\grfiles.SDP

c:\program files\Spyware Doctor\plugins\grImmunizer.SDP

c:\program files\Spyware Doctor\plugins\grregistry.SDP

c:\program files\Spyware Doctor\plugins\KLGuard.SDP

c:\program files\Spyware Doctor\plugins\Network.SDP

c:\program files\Spyware Doctor\plugins\Process.SDP

c:\program files\Spyware Doctor\plugins\ScriptEngine.SDP

c:\program files\Spyware Doctor\plugins\SDNET.SDP

c:\program files\Spyware Doctor\plugins\Site.sdp

c:\program files\Spyware Doctor\plugins\StartUp.SDP

c:\program files\Spyware Doctor\pol-sdhelp.chm

c:\program files\Spyware Doctor\Polski.lng

c:\program files\Spyware Doctor\por-sdhelp.chm

c:\program files\Spyware Doctor\Portuguese.lng

c:\program files\Spyware Doctor\PortugueseBrazilian.lng

c:\program files\Spyware Doctor\PWindow.dll

c:\program files\Spyware Doctor\quarantine.sdp

c:\program files\Spyware Doctor\RebootManager.sdp

c:\program files\Spyware Doctor\RefDB.bin6

c:\program files\Spyware Doctor\RefDB.old

c:\program files\Spyware Doctor\RegHelper.dll

c:\program files\Spyware Doctor\rtl100.bpl

c:\program files\Spyware Doctor\rus-sdhelp.chm

c:\program files\Spyware Doctor\Russian.lng

c:\program files\Spyware Doctor\scaneng.sdp

c:\program files\Spyware Doctor\SDContextExt.dll

c:\program files\Spyware Doctor\sdcore.dll

c:\program files\Spyware Doctor\sdextra.sdp

c:\program files\Spyware Doctor\SDInfo.sdp

c:\program files\Spyware Doctor\sdinvoker.exe

c:\program files\Spyware Doctor\sdloader.exe

c:\program files\Spyware Doctor\sdnet\MANIFEST.1

c:\program files\Spyware Doctor\SDNetPlugin.dll

c:\program files\Spyware Doctor\SDNetPlugin.ini

c:\program files\Spyware Doctor\SDNetPlugin.txt

c:\program files\Spyware Doctor\sdSTasks.def

c:\program files\Spyware Doctor\sdwvhlp.dll

c:\program files\Spyware Doctor\Settings.cfg

c:\program files\Spyware Doctor\Settings.sdp

c:\program files\Spyware Doctor\SH.dll

c:\program files\Spyware Doctor\smum32.dll

c:\program files\Spyware Doctor\SOFactory.sdp

c:\program files\Spyware Doctor\Spanish.lng

c:\program files\Spyware Doctor\Sqlite3DB.dll

c:\program files\Spyware Doctor\stasks.sdp

c:\program files\Spyware Doctor\swe-sdhelp.chm

c:\program files\Spyware Doctor\Swedish.lng

c:\program files\Spyware Doctor\SysAccess.dll

c:\program files\Spyware Doctor\SystemMonitor.sdp

c:\program files\Spyware Doctor\TFEngine\MsvcRedist.msi

c:\program files\Spyware Doctor\TFEngine\TFAPI.dll

c:\program files\Spyware Doctor\TFEngine\TFCfg.dll

c:\program files\Spyware Doctor\TFEngine\TFDBM.dll

c:\program files\Spyware Doctor\TFEngine\TFE.dll

c:\program files\Spyware Doctor\TFEngine\TFExt.dll

c:\program files\Spyware Doctor\TFEngine\TFExtCli.dll

c:\program files\Spyware Doctor\TFEngine\TfFsMon.sys

c:\program files\Spyware Doctor\TFEngine\TfKbMon.sys

c:\program files\Spyware Doctor\TFEngine\TFLog.dll

c:\program files\Spyware Doctor\TFEngine\TFMisc.dll

c:\program files\Spyware Doctor\TFEngine\TFMon.dll

c:\program files\Spyware Doctor\TFEngine\TfNetMon.sys

c:\program files\Spyware Doctor\TFEngine\TFNI.dll

c:\program files\Spyware Doctor\TFEngine\TFO.dll

c:\program files\Spyware Doctor\TFEngine\TFQT.dll

c:\program files\Spyware Doctor\TFEngine\TFRK.dll

c:\program files\Spyware Doctor\TFEngine\TFScan.dll

c:\program files\Spyware Doctor\TFEngine\TFServer.dll

c:\program files\Spyware Doctor\TFEngine\TFService.exe

c:\program files\Spyware Doctor\TFEngine\TFSF.dll

c:\program files\Spyware Doctor\TFEngine\TfSysMon.sys

c:\program files\Spyware Doctor\TFEngine\TFTM.dll

c:\program files\Spyware Doctor\TFEngine\TFUndo.dll

c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

c:\program files\Spyware Doctor\TFEngine\TFWS.dll

c:\program files\Spyware Doctor\tha-sdhelp.chm

c:\program files\Spyware Doctor\Thai.lng

c:\program files\Spyware Doctor\tur-sdhelp.chm

c:\program files\Spyware Doctor\Turkish.lng

c:\program files\Spyware Doctor\ugLng\ChineseSimp.lng

c:\program files\Spyware Doctor\ugLng\ChineseTrad.lng

c:\program files\Spyware Doctor\ugLng\Czech.lng

c:\program files\Spyware Doctor\ugLng\Danish.lng

c:\program files\Spyware Doctor\ugLng\Deutsch.lng

c:\program files\Spyware Doctor\ugLng\Dutch.lng

c:\program files\Spyware Doctor\ugLng\English.lng

c:\program files\Spyware Doctor\ugLng\EnglishBritish.lng

c:\program files\Spyware Doctor\ugLng\Finnish.lng

c:\program files\Spyware Doctor\ugLng\French.lng

c:\program files\Spyware Doctor\ugLng\Greek.lng

c:\program files\Spyware Doctor\ugLng\Italian.lng

c:\program files\Spyware Doctor\ugLng\Japanese.lng

c:\program files\Spyware Doctor\ugLng\Korean.lng

c:\program files\Spyware Doctor\ugLng\Norwegian.lng

c:\program files\Spyware Doctor\ugLng\Polski.lng

c:\program files\Spyware Doctor\ugLng\Portuguese.lng

c:\program files\Spyware Doctor\ugLng\PortugueseBrazilian.lng

c:\program files\Spyware Doctor\ugLng\Russian.lng

c:\program files\Spyware Doctor\ugLng\Spanish.lng

c:\program files\Spyware Doctor\ugLng\Swedish.lng

c:\program files\Spyware Doctor\ugLng\Thai.lng

c:\program files\Spyware Doctor\ugLng\Turkish.lng

c:\program files\Spyware Doctor\ugLng\Ukrainian.lng

c:\program files\Spyware Doctor\UmInject32.exe

c:\program files\Spyware Doctor\unins000.dat

c:\program files\Spyware Doctor\unins000.exe

c:\program files\Spyware Doctor\unins000.msg

c:\program files\Spyware Doctor\Update.exe

c:\program files\Spyware Doctor\UpdateHlpr.dll

c:\program files\Spyware Doctor\Upgrade.exe

c:\program files\Spyware Doctor\upgrade.ini

c:\program files\Spyware Doctor\vcl100.bpl

c:\program files\Spyware Doctor\whitelist.sdp

c:\program files\Spyware Doctor\wlDefines.cfg

c:\windows\system32\56.tmp

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SDAUXSERVICE

-------\Service_sdAuxService

((((((((((((((((((((((((( Pliki utworzone od 2009-03-22 do 2009-04-22 )))))))))))))))))))))))))))))))

.

2020-11-28 10:23 . 2020-11-28 10:23 -------- d-----w c:\program files\PROKOM Software SA

2009-04-21 10:08 . 2009-02-20 17:13 268288 -c----w c:\windows\system32\dllcache\iertutil.dll

2009-04-21 10:08 . 2009-02-20 17:13 63488 -c----w c:\windows\system32\dllcache\icardie.dll

2009-04-21 10:08 . 2009-02-20 17:13 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

2009-04-21 10:08 . 2009-02-20 17:13 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll

2009-04-21 10:08 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe

2009-04-21 10:08 . 2009-02-20 17:13 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

2009-04-21 10:08 . 2008-07-09 14:30 1036288 -c----w c:\windows\system32\dllcache\ieframe.dll.mui

2009-04-21 10:08 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat

2009-04-21 10:07 . 2009-02-20 17:13 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll

2009-04-21 09:14 . 2009-04-21 09:14 -------- d-----w c:\documents and settings\HBOSAK\Dane aplikacji\Malwarebytes

2009-04-21 09:14 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-21 09:14 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-21 09:14 . 2009-04-21 09:14 -------- d-----w c:\program files\Malwarebytes’ Anti-Malware

2009-04-21 09:14 . 2009-04-21 09:14 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes

2009-04-20 11:53 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys

2009-04-20 11:53 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys

2009-04-20 11:53 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys

2009-04-20 11:53 . 2009-04-20 11:56 -------- d-----w c:\program files\Common Files\PC Tools

2009-04-20 11:53 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys

2009-04-20 11:53 . 2009-04-20 11:53 -------- d-----w c:\documents and settings\HBOSAK\Dane aplikacji\PC Tools

2009-04-20 11:53 . 2009-04-20 11:53 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\PC Tools

2009-04-18 23:07 . 2008-06-14 17:36 273024 -c----w c:\windows\system32\dllcache\bthport.sys

2009-04-18 23:06 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys

2009-04-18 23:03 . 2009-02-10 17:09 2067328 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe

2009-04-18 23:03 . 2009-02-09 11:26 2190336 -c----w c:\windows\system32\dllcache\ntoskrnl.exe

2009-04-18 23:03 . 2009-02-09 11:26 2025472 -c----w c:\windows\system32\dllcache\ntkrpamp.exe

2009-04-18 23:03 . 2009-02-09 11:26 2146816 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe

2009-04-18 10:50 . 2007-08-24 03:03 180224 ----a-r c:\windows\system32\igfxres.dll

2009-04-18 10:35 . 2008-04-15 12:00 7680 -c–a-w c:\windows\system32\dllcache\pwsdata.dll

2009-04-18 10:34 . 2008-04-15 12:00 8192 -c–a-w c:\windows\system32\dllcache\httpmb51.dll

2009-04-18 10:32 . 2009-04-18 10:32 488 —ha-r c:\windows\system32\logonui.exe.manifest

2009-04-18 10:32 . 2009-04-18 10:32 749 —ha-r c:\windows\WindowsShell.Manifest

2009-04-18 10:32 . 2009-04-18 10:32 749 —ha-r c:\windows\system32\wuaucpl.cpl.manifest

2009-04-18 10:32 . 2009-04-18 10:32 749 —ha-r c:\windows\system32\sapi.cpl.manifest

2009-04-18 10:32 . 2009-04-18 10:32 749 —ha-r c:\windows\system32\nwc.cpl.manifest

2009-04-18 10:32 . 2009-04-18 10:32 749 —ha-r c:\windows\system32\ncpa.cpl.manifest

2009-04-18 10:14 . 2009-04-21 14:58 1374 ----a-w c:\windows\imsins.BAK

2009-04-18 09:17 . 2009-04-18 10:58 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\F-Secure

2009-04-18 09:17 . 2009-04-18 10:57 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\fssg

2009-04-18 09:08 . 2009-04-18 11:00 -------- d-----w c:\program files\F-Secure

2009-04-17 10:03 . 2009-04-18 08:18 -------- d-----w c:\documents and settings\HBOSAK\Dane aplikacji\FTWeak

2009-04-16 12:10 . 2009-04-16 12:28 -------- d-----w c:\documents and settings\HBOSAK.housecall6.6

2009-04-16 11:42 . 2009-04-16 11:43 85 --s-a-w c:\windows\system32\3370500994.dat

2009-04-16 11:42 . 2009-04-16 11:42 32768 ----a-w c:\windows\system32\AshEvtSvc.exe

2009-04-09 09:08 . 2009-04-09 09:07 73728 ----a-w c:\windows\system32\javacpl.cpl

2009-04-09 09:08 . 2009-04-09 09:07 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-04 08:00 . 2009-04-18 08:18 -------- d-----w c:\program files\Panda Security

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-22 09:08 . 2008-11-26 08:25 -------- d—a-w c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP

2009-04-22 08:48 . 2006-11-18 13:31 546 ----a-w C:\WT61US.UWL

2009-04-18 10:48 . 2008-10-09 14:48 -------- d-----w c:\program files\CUAgent

2009-04-18 10:31 . 2004-08-04 12:00 90936 ----a-w c:\windows\system32\perfc015.dat

2009-04-18 10:31 . 2004-08-04 12:00 502848 ----a-w c:\windows\system32\perfh015.dat

2009-04-18 10:30 . 2008-09-22 16:49 23688 ----a-w c:\windows\system32\emptyregdb.dat

2009-04-18 10:30 . 2009-04-18 10:30 1042 ----a-w c:\windows\Inf\COM1FC.tmp

2009-04-18 10:13 . 2009-04-18 10:13 5280 ----a-w c:\windows\system32\PerfStringBackup.TMP

2009-04-18 08:24 . 2007-03-01 11:34 -------- d-----w c:\program files\Google

2009-04-16 11:44 . 2006-11-18 13:33 -------- d-----w c:\program files\Opera

2009-04-09 09:07 . 2006-11-18 13:57 -------- d-----w c:\program files\Java

2009-04-03 10:11 . 2008-09-25 16:05 -------- d-----w c:\documents and settings\HBOSAK\Dane aplikacji\OpenOffice.org2

2009-03-06 14:37 . 2009-03-06 14:37 -------- d-----w c:\documents and settings\HBOSAK\Dane aplikacji\Canneverbe_Limited

2009-03-06 14:36 . 2009-03-06 14:36 -------- d-----w c:\program files\CDBurnerXP

2009-03-06 14:22 . 2008-04-15 12:00 285696 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:10 . 2008-04-15 12:00 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:13 . 2008-04-15 12:00 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-19 15:55 . 2008-09-23 09:31 26472 ----a-w c:\documents and settings\HBOSAK\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-02-19 15:49 . 2009-02-19 15:49 83944 ----a-w c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-02-19 15:49 . 2009-02-19 15:49 83944 ----a-w c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-02-19 15:49 . 2009-02-19 15:49 83944 ----a-w c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-02-19 15:49 . 2009-02-19 15:49 83944 ----a-w c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-02-09 14:07 . 2008-04-15 12:00 1847040 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:26 . 2008-04-14 21:59 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:26 . 2008-04-15 12:00 2146816 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:25 . 2008-04-15 12:00 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:53 . 2008-04-15 12:00 731136 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2008-04-15 12:00 686592 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:53 . 2008-04-15 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:53 . 2008-04-15 12:00 722944 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 10:39 . 2008-04-15 12:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:58 . 2008-04-15 12:00 56832 ----a-w c:\windows\system32\secur32.dll

2008-09-24 12:15 . 2008-09-24 12:15 131 ----a-w c:\documents and settings\HBOSAK\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2008-07-23 11:13 . 2007-10-12 08:55 25976 ----a-w c:\documents and settings\hubi\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-10-04 09:42 . 2006-11-28 11:28 25976 ----a-w c:\documents and settings\kazdy\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-09-14 07:54 . 2007-02-28 16:03 25976 ----a-w c:\documents and settings\hubert\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-02-28 14:48 . 2007-02-28 14:48 20688 ----a-w c:\documents and settings\konrad\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2006-11-28 10:41 . 2006-11-28 10:41 20688 ----a-w c:\documents and settings\jbosak\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-15 15360]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2007-05-10 2111176]

“Google Update”=“c:\documents and settings\HBOSAK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe” [2009-04-21 133104]

“Malware Doctor”=“c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\1012341539.exe” [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-04-09 148888]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]

“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2007-09-05 141848]

“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2007-09-05 166424]

“Persistence”=“c:\windows\system32\igfxpers.exe” [2007-09-05 137752]

“Malware Doctor”=“c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\1012341539.exe” [bU]

“NWTRAY”=“NWTRAY.EXE” - c:\windows\system32\nwtray.exe [2002-03-12 28672]

“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]

c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]

Powiadomienia GroupWise.lnk - c:\novell\GroupWise\notify.exe [2006-11-18 184378]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“CompatibleRUPSecurity”= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Novell\GroupWise\grpwise.exe”=

“c:\Novell\GroupWise\notify.exe”=

“c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE”=

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]

S2 AshEvtSvc;AshEvtSvc;c:\windows\System32\AshEvtSvc.exe [2009-04-16 32768]

.

Zawartość folderu ‘Zaplanowane zadania’

2009-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-813497703-1417001333-1003.job

  • c:\documents and settings\HBOSAK\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-21 09:51]

.

        • USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\HBOSAK\Dane aplikacji\Mozilla\Firefox\Profiles\fjmny84s.default\

FF - prefs.js: browser.startup.homepage - gogle.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-22 11:10

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • > ‘winlogon.exe’(788)

c:\windows\system32\NETWIN32.DLL

c:\windows\system32\NLS\POLSKI\MAPBASER.DLL

              • > ‘Explorer.exe’(1040)

c:\windows\system32\NETWIN32.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

.

**************************************************************************

.

Czas ukończenia: 2009-04-22 11:13 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-04-22 09:13

ComboFix2.txt 2009-04-21 14:11

ComboFix3.txt 2009-04-18 08:52

Przed: 22 206 562 304 bajtów wolnych

Po: 22 144 671 744 bajtów wolnych

460 — E O F — 2009-04-21 14:58

Czy teraz juz jest wszystko ok?

Czy pownieniem cos jeszcze zrobic.

pozdrawiam

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile: