Zawartość angela9870

a ten log z usuwania nie chce mi się wgrać i mimo ze jest w notatniku nie ma rozszerzenia .txt tylko .log All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37B85A29-692B-4205-9CAD-2626E4993404} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-1645522239-1417001333-1658580976-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ not found. Service NeroRegInCDSrv stopped successfully! Service NeroRegInCDSrv deleted successfully! Service catchme stopped successfully! Service catchme deleted successfully! C:\WINDOWS\unrar.exe moved successfully. ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService User: XP User ->Flash cache emptied: 109553 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: XP User ->Temp folder emptied: 589747 bytes ->Temporary Internet Files folder emptied: 404418 bytes ->Java cache emptied: 1877332 bytes ->FireFox cache emptied: 113722268 bytes ->Google Chrome cache emptied: 405533903 bytes ->Opera cache emptied: 597180 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 4704044 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 24192 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 503,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07282011_104057 Files\Folders moved on Reboot... Registry entries deleted on Reboot... OTL.Txt Ad-Report-SCAN1.txt

Wirusy z Facebook

angela9870 odpowiedział(a) na angela9870 temat w Dział pomocy doraźnej

dodaje załączniki Extras.Txt gmer.txt OTL.Txt

Wirusy z Facebook

angela9870 opublikował(a) temat w Dział pomocy doraźnej

witam. też mam tego wirusa z facebooka i zrobiłam log z combofix. oto on ComboFix 11-07-27.02 - XP User 2011-07-27 20:39:48.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1524 [GMT 2:00] Uruchomiony z: c:\documents and settings\XP User\Pulpit\ComboFix.exe AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\XP User\Recent\Thumbs.db c:\program files\Mozilla Firefox\Plugins\NPMyGlSh.dll c:\program files\myglobalsearch c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL c:\program files\myglobalsearch\bar\Cache\00033569 c:\program files\myglobalsearch\bar\Cache\005EAC05.bin c:\program files\myglobalsearch\bar\Cache\005EAE57.bin c:\program files\myglobalsearch\bar\Cache\005EAFDE.bin c:\program files\myglobalsearch\bar\Cache\files.ini c:\program files\myglobalsearch\bar\History\search c:\program files\myglobalsearch\bar\Settings\prevcfg.htm c:\windows\$NtUninstallKB20203$ c:\windows\$NtUninstallKB20203$\2178912718 c:\windows\$NtUninstallKB20203$\8040814\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} c:\windows\$NtUninstallKB20203$\8040814\L\iiabtyod c:\windows\$NtUninstallKB20203$\8040814\loader.tlb c:\windows\$NtUninstallKB20203$\8040814\U\@00000001 c:\windows\$NtUninstallKB20203$\8040814\U\@000000c0 c:\windows\$NtUninstallKB20203$\8040814\U\@000000cb c:\windows\$NtUninstallKB20203$\8040814\U\@000000cf c:\windows\$NtUninstallKB20203$\8040814\U\@80000000 c:\windows\$NtUninstallKB20203$\8040814\U\@800000c0 c:\windows\$NtUninstallKB20203$\8040814\U\@800000cb c:\windows\$NtUninstallKB20203$\8040814\U\@800000cf c:\windows\btc_client_iplist.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\info1 c:\windows\iplist.txt c:\windows\system32\c_55150.nls c:\windows\update.5.0 c:\windows\update.5.0\svchost.exe . Zainfekowana kopia c:\windows\system32\drivers\redbook.sys została znaleziona. Problem naprawiono Plik odzyskano z - The cat found it Zainfekowana kopia c:\windows\system32\wuauclt.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\system32\dllcache\wuauclt.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SRVBTCCLIENT -------\Legacy_SRVSYSDRIVER32 -------\Service_srvbtcclient -------\Service_srvsysdriver32 . . ((((((((((((((((((((((((( Pliki utworzone od 2011-06-27 do 2011-07-27 ))))))))))))))))))))))))))))))) . . 2011-07-27 18:02 . 2008-04-14 21:35 58880 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-07-27 17:53 . 2007-08-21 11:32 98304 ----a-w- c:\windows\system32\redmonnt.dll 2011-07-27 17:53 . 2011-07-27 17:53 -------- d-----w- c:\program files\FoxTabPDFConverter 2011-07-26 15:23 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-07-26 15:23 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-07-26 15:23 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-07-26 15:23 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2011-07-26 15:23 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-07-26 08:47 . 2011-07-26 08:47 246272 ----a-w- c:\windows\unrar.exe 2011-07-22 10:35 . 2011-07-22 10:35 -------- d-----w- c:\program files\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-06 11:35 . 2008-04-15 12:00 1859200 ----a-w- c:\windows\system32\win32k.sys 2011-05-04 02:52 . 2010-05-24 14:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 00:25 . 2008-11-30 11:38 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:32 . 2008-11-29 18:15 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2008-04-15 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2008-04-15 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2010-09-15 2735200] . [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] 2010-09-15 18:53 2735200 ----a-w- c:\program files\Free_Lunch_Design\tbFre1.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-02-26 09:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2010-09-15 2735200] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864] "{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2010-09-15 2735200] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-14 2048352] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ 20Dollars2Surf.lnk - c:\program files\20Dollars2Surf\20dollars2surf.exe [2011-4-19 89088] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-6 839680] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-28 18:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll . [HKLM\~\startupfolder\C:^Documents and Settings^XP User^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\XP User\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2008-02-18 13:36 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-08 21:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 21:51 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-02-27 12:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-03-14 20:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2008-02-18 13:36 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Documents and Settings\\XP User\\Ustawienia lokalne\\Dane aplikacji\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\20Dollars2Surf\\20dollars2surf.exe"= "c:\\Documents and Settings\\XP User\\Ustawienia lokalne\\Dane aplikacji\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"= "c:\\Documents and Settings\\XP User\\Pulpit\\BESTplayer.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\OpenOffice.org 3\\program\\soffice.bin"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:ooVoo TCP port 443 "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:ooVoo UDP port 37675 "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-30 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-30 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-30 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-30 297752] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-12-06 116992] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-12-06 64000] S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] . Zawartość folderu 'Zaplanowane zadania' . 2011-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2011-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1417001333-1658580976-1004Core.job - c:\documents and settings\XP User\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-02-21 20:14] . 2011-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1417001333-1658580976-1004UA.job - c:\documents and settings\XP User\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-02-21 20:14] . 2011-07-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-02-26 09:25] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.bearshare.com/pl IE: &Download with AktivDownloadManager! - c:\program files\Aktiv Download Manager\aktivdownloadmanager.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 FF - ProfilePath - c:\documents and settings\XP User\Dane aplikacji\Mozilla\Firefox\Profiles\sbbomf0a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - www.google.pl FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=2&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Ask.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: Free Lunch Design Toolbar: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - %profile%\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} FF - Ext: Vividas player plugin: player@vividas.com - %profile%\extensions\player@vividas.com . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file) MSConfigStartUp-ares - c:\program files\Ares\Ares.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-27 20:46 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1645522239-1417001333-1658580976-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):45,a3,85,36,81,a3,43,6a,86,4a,25,f0,bb,35,da,63,01,be,ca,0d,fd, 64,af,31,c0,f8,3b,ca,9e,a7,f2,32,a4,80,1a,ac,19,49,1c,af,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8a8104bb-a131-4f1e-93fc-fb32b036420d}] @Denied: (Full) (Everyone) "Model"=dword:00000082 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,3c,e3,63,9b,44,39,a9,44,58,70,f6,3a,a6,ab,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\Ati2evxx.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\RTHDCPL.EXE c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Czas ukończenia: 2011-07-27 20:50:50 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-07-27 18:50 . Przed: 66Â 082Â 676Â 736 bajtów wolnych Po: 66Â 738Â 782Â 208 bajtów wolnych . WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - 169120556C4F475642ED32E9BF36EB39 czy musze cos jeszcze z tym zrobic?

Zaloguj się

angela9870

Postów

Dołączył

Ostatnia wizyta

Typ zawartości

Forum

Wydarzenia

Treść opublikowana przez angela9870

Wirusy z Facebook

Wirusy z Facebook

Wirusy z Facebook

Wirusy z Facebook

Wirusy z Facebook

Wirusy z Facebook

Wirusy z Facebook

Wirusy z Facebook

Wirusy z Facebook

Wirusy z Facebook

Przeglądaj

Cała aktywność