Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Wersja bazy: 5524

Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

2011-01-15 16:10:15
mbam-log-2011-01-15 (16-10-15).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 143167
Upłynęło: 3 minut(y), 19 sekund(y)

Zainfekowanych procesów w pamięci: 2
Zainfekowanych modułów w pamięci: 1
Zainfekowanych kluczy rejestru: 12
Zainfekowanych wartości rejestru: 14
Zainfekowane informacje rejestru systemowego: 1
Zainfekowanych folderów: 14
Zainfekowanych plików: 15

Zainfekowanych procesów w pamięci:
c:\program files\search settings\searchsettings.exe (PUP.Dealio) -> 440 -> Unloaded process successfully.
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 748 -> Unloaded process successfully.

Zainfekowanych modułów w pamięci:
c:\program files\search settings\searchsettingsres409.dll (PUP.Dealio) -> Delete on reboot.

Zainfekowanych kluczy rejestru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO.1 (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchSettings.BHO (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.

Zainfekowanych wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGSRES409.DLL (PUP.Dealio) -> Value: SEARCHSETTINGSRES409.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGS.DLL (PUP.Dealio) -> Value: SEARCHSETTINGS.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\SEARCHSETTINGS@SPIGOT.COM (PUP.Dealio) -> Value: SEARCHSETTINGS@SPIGOT.COM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\DEALIO@MYBROWSERBAR.COM (PUP.Dealio) -> Value: DEALIO@MYBROWSERBAR.COM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\CHROME.MANIFEST (PUP.Dealio) -> Value: CHROME.MANIFEST -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\CHROME\LOCALE\EN-US\WIDGITOOLBARPLUGIN.PROPERTIES (PUP.Dealio) -> Value: WIDGITOOLBARPLUGIN.PROPERTIES -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\COMPONENTS\DEALIOTOOLBARFF.DLL (PUP.Dealio) -> Value: DEALIOTOOLBARFF.DLL -> Quarantined and deleted successfully.

Zainfekowane informacje rejestru systemowego:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Zainfekowanych folderów:
c:\program files\dealio toolbar (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\components (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE\4.0.2 (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\Gosia\dane aplikacji\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\Gosia\dane aplikacji\Dealio\res (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\Gosia\dane aplikacji\Dealio\temp (PUP.Dealio) -> Quarantined and deleted successfully.

Zainfekowanych plików:
c:\program files\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\search settings\searchsettingsres409.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE\4.0.2\dealiotoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\search settings\searchsettings.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\Gosia\Pulpit\setool2lt.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\searchsettings@spigot.com (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\dealio@mybrowserbar.com (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome.manifest (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\components\config.ini (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\components\dealiotoolbarff.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE\4.0.2\config.ini (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\Gosia\dane aplikacji\Dealio\temp\wtff-14988.log (PUP.Dealio) -> Quarantined and deleted successfully.