DjQbaS
-
Postów
4 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez DjQbaS
-
-
Log GMER, ale chyba coś nie tak bo trochę tego mało
Wykonałem powyższe polecenia, lecz po ponownym uruchomieniu komputera błąd pozostaje...
-
-
Ma problem podczas uruchamiania komputera wyskakuje mi błąd
exception processing message c00000a3 parameters 75b3bf7c 4 75b3bf7c 75b3bf7c
i wszstko zamula .
Zrobiłem skan Combofixem i wyszło coś takiego , proszę o radę.
ComboFix 12-02-21.02 - Administrator 2012-02-21 12:55:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.101 [GMT 1:00]
Uruchomiony z: e:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\docume~1\ADMINI~1\USTAWI~1\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
e:\documents and settings\Administrator\Ustawienia lokalne\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
e:\documents and settings\All Users\Dane aplikacji\boost_interprocess\20120219102452.359375
e:\documents and settings\All Users\Dane aplikacji\TEMP
e:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge
e:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk
e:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
e:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge\Support.lnk
e:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge\Uninstall Instructions.lnk
e:\program files\RelevantKnowledge
e:\program files\RelevantKnowledge\chrome.manifest
e:\program files\RelevantKnowledge\components\rlxg.dll
e:\program files\RelevantKnowledge\components\rlxh.dll
e:\program files\RelevantKnowledge\components\rlxi.dll
e:\program files\RelevantKnowledge\components\rlxj.dll
e:\program files\RelevantKnowledge\components\rlxk.dll
e:\program files\RelevantKnowledge\install.rdf
e:\program files\RelevantKnowledge\ncncf.dat
e:\program files\RelevantKnowledge\nscf.dat
e:\program files\RelevantKnowledge\rlcm.crx
e:\program files\RelevantKnowledge\rlcm.txt
e:\program files\RelevantKnowledge\rlls.dll
e:\program files\RelevantKnowledge\rlls64.dll
e:\program files\RelevantKnowledge\rloci.bin
e:\program files\RelevantKnowledge\rlph.dll
e:\program files\RelevantKnowledge\rlservice.exe
e:\program files\RelevantKnowledge\rlvknlg.exe
e:\program files\RelevantKnowledge\rlvknlg64.exe
e:\program files\RelevantKnowledge\rlxf.dll
e:\windows\IsUn0415.exe
e:\windows\msmqinst.log
e:\windows\system32\ctfmon(2).exe
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-01-21 do 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 10:33 . 2012-02-21 10:34 -------- d-----w- e:\documents and settings\Administrator\Dane aplikacji\SAS
2012-02-21 10:32 . 2012-02-21 10:32 -------- d-----w- e:\documents and settings\Administrator\Dane aplikacji\SAS Institute Inc
2012-02-20 23:00 . 2012-02-20 23:00 -------- d-----w- e:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Sun
2012-02-20 22:59 . 2012-02-20 22:59 -------- d-----w- e:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\SAS
2012-02-20 22:59 . 2012-02-20 23:47 -------- d-----w- e:\program files\SAS
2012-02-20 22:58 . 2012-02-20 23:01 -------- d-----w- e:\program files\Common Files\Java
2012-02-20 22:58 . 2012-02-20 22:57 73728 ----a-w- e:\windows\system32\javacpl.cpl
2012-02-20 22:58 . 2012-02-20 22:57 472808 ----a-w- e:\windows\system32\deployJava1.dll
2012-02-20 22:57 . 2012-02-20 23:02 -------- d-----w- e:\program files\Java
2012-02-20 22:27 . 2012-02-20 22:50 -------- d-----w- e:\program files\SAS Depot
2012-02-20 14:20 . 2012-02-20 14:20 -------- d-----w- e:\documents and settings\Administrator\Dane aplikacji\SuperMemo World
2012-02-20 14:14 . 2012-02-08 06:03 6552120 ----a-w- e:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{9021E174-DB88-4933-866D-F3D2E24B1A55}\mpengine.dll
2012-02-15 10:08 . 2012-01-11 19:07 3072 -c----w- e:\windows\system32\dllcache\iacenc.dll
2012-02-15 10:08 . 2012-01-11 19:07 3072 ------w- e:\windows\system32\iacenc.dll
2012-02-10 10:30 . 2012-02-10 10:30 -------- d-----w- e:\documents and settings\Administrator\Dane aplikacji\MathWorks
2012-02-10 10:19 . 2004-03-01 21:05 407104 ----a-w- e:\windows\system32\MSHFLXGD.OCX
2012-02-10 10:19 . 2004-02-11 13:37 203976 ----a-w- e:\windows\system32\RICHTX32.OCX
2012-02-10 10:18 . 2002-02-14 09:26 647872 ----a-w- e:\windows\system32\mscomct2.ocx
2012-02-06 20:39 . 2012-02-06 20:39 -------- d-----w- e:\program files\Mozilla Maintenance Service
2012-02-06 15:55 . 2012-02-06 15:55 -------- d-----w- e:\documents and settings\All Users\Dane aplikacji\CanonIJWSpt
2012-02-06 15:51 . 2012-02-06 15:55 -------- d-----w- e:\documents and settings\Administrator\Dane aplikacji\Canon
2012-02-06 15:50 . 2012-02-06 16:18 -------- d-----w- e:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Canon Easy-PhotoPrint EX
2012-02-06 15:50 . 2012-02-06 15:50 -------- d--h--w- e:\documents and settings\All Users\Dane aplikacji\CanonIJEPPEX2
2012-02-06 15:50 . 2012-02-06 15:50 -------- d--h--w- e:\documents and settings\All Users\Dane aplikacji\CanonEPP
2012-02-06 15:47 . 2012-02-06 15:50 -------- d-----w- e:\program files\Canon
2012-01-30 16:17 . 2012-01-30 16:17 -------- d-----w- e:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GHISLER
2012-01-30 16:02 . 2009-09-09 06:50 545 ----a-w- e:\windows\UC.PIF
2012-01-30 16:02 . 2009-09-09 06:50 545 ----a-w- e:\windows\RAR.PIF
2012-01-30 16:02 . 2009-09-09 06:50 545 ----a-w- e:\windows\PKZIP.PIF
2012-01-30 16:02 . 2009-09-09 06:50 545 ----a-w- e:\windows\PKUNZIP.PIF
2012-01-30 16:02 . 2012-02-05 13:24 -------- d-----w- e:\documents and settings\Administrator\Dane aplikacji\GHISLER
2012-01-30 16:02 . 2009-09-09 06:50 545 ----a-w- e:\windows\NOCLOSE.PIF
2012-01-30 16:02 . 2009-09-09 06:50 545 ----a-w- e:\windows\LHA.PIF
2012-01-30 16:02 . 2009-09-09 06:50 545 ----a-w- e:\windows\ARJ.PIF
2012-01-26 17:00 . 2012-01-26 17:00 -------- d-----w- e:\documents and settings\Administrator\Dane aplikacji\AnvSoft
2012-01-24 17:13 . 2012-01-24 17:13 -------- d-----w- e:\program files\ASUS
2012-01-24 17:12 . 2012-01-24 17:12 -------- d-----w- e:\program files\ATK Hotkey
2012-01-24 17:07 . 2010-11-05 08:20 1938272 ----a-w- e:\windows\system32\drivers\athw.sys
2012-01-24 16:53 . 2012-01-24 16:53 -------- d-----w- e:\windows\ATK0100
2012-01-24 16:13 . 2006-11-17 10:03 249925 ----a-w- e:\windows\system32\wsimd.dll
2012-01-24 16:13 . 2006-11-17 10:03 254023 ----a-w- e:\windows\system32\wsfwDS.dll
2012-01-24 16:13 . 2006-11-17 09:51 40960 ----a-w- e:\windows\system32\dsaNac.dll
2012-01-24 16:13 . 2006-11-17 09:51 1241151 ----a-w- e:\windows\system32\dsa.dll
2012-01-24 16:13 . 2006-07-20 06:00 54432 ----a-w- e:\windows\system32\wsimd.sys
2012-01-24 16:10 . 2004-10-22 01:18 749568 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-24 16:10 . 2004-10-22 01:17 69715 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-24 16:10 . 2004-10-22 01:17 274432 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-24 16:10 . 2004-10-22 01:16 180224 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-24 16:10 . 2004-10-22 01:16 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-24 16:10 . 2012-01-24 16:10 323716 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-24 16:10 . 2012-01-24 16:10 192644 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-23 13:34 . 2007-03-29 15:04 249856 ----a-w- e:\windows\system32\vsnp2std.dll
2012-01-23 13:34 . 2006-12-04 16:27 633 ----a-w- e:\windows\Uninst.bat
2012-01-23 13:34 . 2006-12-04 16:04 376 ----a-w- e:\windows\Uninst.reg
2012-01-23 13:34 . 2006-09-15 12:21 675840 ----a-w- e:\windows\vsnp2std.exe
2012-01-23 13:34 . 2007-03-30 13:41 12033024 ----a-w- e:\windows\system32\drivers\snp2sxp.sys
2012-01-23 13:34 . 2007-01-25 17:48 25472 ----a-w- e:\windows\system32\drivers\sncamd.sys
2012-01-23 13:34 . 2006-11-23 21:20 11776 ----a-w- e:\windows\DrvInst.exe
2012-01-23 13:34 . 2006-11-16 14:57 77824 ----a-w- e:\windows\system32\csnp2std.dll
2012-01-23 13:31 . 2006-12-05 16:36 529344 ----a-w- e:\windows\system32\drivers\ar5211.sys
2012-01-23 13:31 . 2012-01-23 13:31 -------- d-----w- e:\documents and settings\Administrator\Dane aplikacji\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-01-23 13:31 . 2012-01-23 13:31 -------- d-----w- e:\documents and settings\Administrator\Dane aplikacji\Adobe Mini Bridge CS5
2012-01-23 13:16 . 2012-01-26 17:43 -------- d-----w- e:\documents and settings\All Users\Dane aplikacji\regid.1986-12.com.adobe
2012-01-23 13:01 . 2012-01-23 13:01 -------- d-----w- e:\program files\Adobe Media Player
2012-01-23 12:58 . 2012-01-23 12:58 -------- d-----w- e:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-11-14 10:42 237072 ------w- e:\windows\system32\MpSigStub.exe
2012-01-12 17:20 . 2006-03-02 13:00 1860224 ----a-w- e:\windows\system32\win32k.sys
2012-01-06 04:19 . 2011-11-15 13:43 6557240 ----a-w- e:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-19 08:53 . 2006-03-02 13:00 81920 ----a-w- e:\windows\system32\ieencode.dll
2011-12-19 08:53 . 2006-03-02 13:00 669696 ----a-w- e:\windows\system32\wininet.dll
2011-12-19 08:53 . 2006-03-02 13:00 61952 ----a-w- e:\windows\system32\tdc.ocx
2011-12-19 08:52 . 2006-03-02 13:00 370688 ----a-w- e:\windows\system32\html.iec
2011-11-25 21:57 . 2006-03-02 13:00 293888 ----a-w- e:\windows\system32\winsrv.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 1F5929A43BFBAB609ED25B2EEA7D428A . 1433600 . . [6.00.2900.5512] . . e:\windows\explorer.exe
[7] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . e:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . e:\windows\UXBackup\explorer.exe
[7] 2006-03-02 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . e:\windows\$NtServicePackUninstall$\explorer.exe
.
[7] 2008-04-14 . AF3C3F051675CF688EAD4065FE11542D . 93184 . . [6.00.2900.5512] . . e:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . AF3C3F051675CF688EAD4065FE11542D . 93184 . . [6.00.2900.5512] . . e:\windows\UXBackup\iexplore.exe
[7] 2006-03-02 . 94E790CB14279FF3EA244DAF0864B8A6 . 93184 . . [6.00.2900.2180] . . e:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Gadu-Gadu 10"="e:\program files\Programy\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048]
"ChomikBox"="e:\program files\Program\ChomikBox\chomikbox.exe" [2012-02-09 5902336]
"Steam"="e:\program files\Gry\Steam\Steam.exe" [2012-01-13 1242448]
"KiesPDLR"="e:\program files\Programy\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-02 21392]
"AdobeBridge"="e:\program files\Programy\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="e:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"KiesHelper"="e:\program files\Programy\Kies\KiesHelper.exe" [2011-11-02 928656]
"KiesTrayAgent"="e:\program files\Programy\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]
"APSDaemon"="e:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="e:\program files\Programy\QuickTime\QTTask.exe" [2011-10-24 421888]
"BrMfcWnd"="e:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="e:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"Adobe Reader Speed Launcher"="e:\program files\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AdobeAAMUpdater-1.0"="e:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="e:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="e:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"ACU"="e:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"HControl"="e:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"ATKHOTKEY"="e:\program files\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]
"ATKMEDIA"="e:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"snp2std"="e:\windows\vsnp2std.exe" [2006-09-15 675840]
"PWRISOVM.EXE"="e:\program files\Programy\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
"CanonSolutionMenuEx"="e:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
e:\documents and settings\Administrator\Menu Start\Programy\Autostart\
CCC.lnk - e:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Programy\\Gadu-Gadu 10\\gg.exe"=
"e:\\Program Files\\Programy\\Winamp\\winamp.exe"=
"e:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\Gry\\Steam\\Steam.exe"=
"e:\\WINDOWS\\system32\\muzapp.exe"=
"e:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"e:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Program Files\\Gry\\Steam\\SteamApps\\common\\king arthur - the role-playing wargame\\KingArthur.exe"=
"e:\\Program Files\\Gry\\Steam\\SteamApps\\common\\king arthur - the role-playing wargame\\KingArthurMulti.exe"=
"e:\\Program Files\\Java\\jre1.5.0_12\\bin\\java.exe"=
.
S2 KMService;KMService;e:\windows\system32\srvany.exe [2011-11-17 8192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;e:\windows\system32\drivers\ssadadb.sys [2011-11-17 30312]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;e:\program files\Programy\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]
S3 MozillaMaintenance;Mozilla Maintenance Service;e:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-02-06 129992]
S3 osppsvc;Office Software Protection Platform;e:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;\??\e:\progra~1\Programy\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS --> e:\progra~1\Programy\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS [?]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;\??\e:\program files\Programy\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS --> e:\program files\Programy\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [?]
S3 pcouffin;VSO Software pcouffin;e:\windows\system32\drivers\pcouffin.sys [2011-11-18 47360]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);e:\windows\system32\drivers\ssadbus.sys [2011-11-17 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);e:\windows\system32\drivers\ssadmdfl.sys [2011-11-17 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;e:\windows\system32\drivers\ssadmdm.sys [2011-11-17 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);e:\windows\system32\drivers\ssadserd.sys [2011-11-17 114280]
S3 SwitchBoard;SwitchBoard;e:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-01-24 e:\windows\Tasks\AdobeAAMUpdater-1.0-KUBAS-Administrator.job
- e:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-23 02:44]
.
2012-02-20 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-02-21 e:\windows\Tasks\MP Scheduled Scan.job
- e:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.windowsxlive.net
IE: E&ksportuj do programu Microsoft Excel - e:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - e:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 153.19.208.2 153.19.208.67 153.19.208.68 153.19.250.101
FF - ProfilePath - e:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\iqhyanch.default\
FF - prefs.js: browser.search.selectedEngine - Seek
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-BitTorrent - e:\program files\Programy\BitTorrent\BitTorrent.exe
HKLM-Run-DrvIcon - e:\program files\Vista Drive Icon\DrvIcon.exe
HKLM-Run-SunJavaUpdateSched - e:\program files\Java\jre6\bin\jusched.exe
AddRemove-SuperMemo UX - Angielski. No problem!+ 1 - e:\windows\IsUn0415.exe
AddRemove-SuperMemo UX - Angielski. No problem!+ 2 - e:\windows\IsUn0415.exe
AddRemove-01_Simmental - e:\program files\Programy\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - e:\program files\Programy\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - e:\program files\Programy\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - e:\program files\Programy\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - e:\program files\Programy\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - e:\program files\Programy\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - e:\program files\Programy\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - e:\program files\Programy\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - e:\program files\Programy\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - e:\program files\Programy\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - e:\program files\Programy\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - e:\program files\Programy\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - e:\program files\Programy\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - e:\program files\Programy\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - e:\program files\Programy\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - e:\program files\Programy\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - e:\program files\Programy\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - e:\program files\Programy\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - e:\program files\Programy\USB Drivers\25_escape\Uninstall.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - e:\program files\RelevantKnowledge\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-21 13:12
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Brother_ rev.1.00 -> Harddisk3\DR6 -> \Device\00000078
.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\program files\Programy\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
e:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3440)
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\acs.exe
e:\windows\RTHDCPL.EXE
e:\program files\Brother\ControlCenter3\brccMCtl.exe
e:\program files\Brother\Brmfcmon\BrMfcmon.exe
e:\windows\ATK0100\ATKOSD.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\program files\Canon\Solution Menu EX\CNSEUPDT.EXE
.
**************************************************************************
.
Czas ukończenia: 2012-02-21 13:18:23 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2012-02-21 12:18
.
Przed: 91 416 276 992 bajtów wolnych
Po: 91 878 203 392 bajtów wolnych
.
- - End Of File - - 6458C832331832A8B13BFFCFD2984D38
Błąd exception processing message
w Dział pomocy doraźnej
Opublikowano
na razie bez błędu, dziękuję za pomoc