krzysk1992
-
Postów
6 -
Dołączył
-
Ostatnia wizyta
Treść opublikowana przez krzysk1992
-
Przekierowania Abnow.com, blokada dostępu do aplikacji!
krzysk1992 odpowiedział(a) na krzysk1992 temat w Dział pomocy doraźnej
Wielkie dzięki. Naprawdę jestem pełen podziwu dla wiedzy. Szacun ;> -
Przekierowania Abnow.com, blokada dostępu do aplikacji!
krzysk1992 odpowiedział(a) na krzysk1992 temat w Dział pomocy doraźnej
========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\"ServiceDll"|hex(2):"E:\WINDOWS\system32\wuauserv.dll" /E : value set successfully! ========== OTL ========== Service StarOpen stopped successfully! Service StarOpen deleted successfully! Service EagleXNt stopped successfully! Service EagleXNt deleted successfully! File E:\WINDOWS\system32\drivers\EagleXNt.sys not found. Service dtsoftbus01 stopped successfully! Service dtsoftbus01 deleted successfully! File system32\DRIVERS\dtsoftbus01.sys not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DriverCD deleted successfully. File oft XML Parser for Java "file://E:\WINDOWS\Java\classes\xmldso.cab" not found. Starting removal of ActiveX control Microsoft XML Parser for Java " Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java "\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java "\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully. OTL by OldTimer - Version 3.2.39.2 log created on 03252012_173442 # AdwCleaner v1.503 - Logfile created 03/25/2012 at 17:45:18 # Updated 24/03/2012 by Xplode # Operating system : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # User : Administrator - DDD # Running from : E:\Documents and Settings\Administrator.DDD\Moje dokumenty\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [H. Navipromo] ***** ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\SweetIM Key Found : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v11.0 (pl) Profile name : default File : E:\Documents and Settings\Administrator.DDD\Dane aplikacji\Mozilla\FireFox\Profiles\0xg5i5dt.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [2253 octets] - [25/03/2012 17:45:18] ########## EOF - E:\AdwCleaner[R1].txt - [2381 octets] ########## -
Przekierowania Abnow.com, blokada dostępu do aplikacji!
krzysk1992 odpowiedział(a) na krzysk1992 temat w Dział pomocy doraźnej
Files\Folders moved on Reboot... E:\WINDOWS\$NtUninstallKB41119$ folder moved successfully. Registry entries deleted on Reboot... mbam-log-2012-03-25 (15-18-37).txt mbam-log-2012-03-25 (15-45-01).txt GMER.txt OTL.Txt -
Przekierowania Abnow.com, blokada dostępu do aplikacji!
krzysk1992 odpowiedział(a) na krzysk1992 temat w Dział pomocy doraźnej
BlitzBlank 1.0.0.32 File/Registry Modification Engine native application CopyFileOnReboot: sourceFile = "\??\e:\netbt.sys", destinationFile = "\??\e:\windows\system32\drivers\netbt.sys"MoveFileOnReboot: sourceFile = "\??\e:\windows\system32\vzupsvc.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\e:\windows\system32\dds_log_ad13.cmd", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\e:\windows\system32\enneqdoyketh.dll", destinationFile = "(null)", replaceWithDummy = 0 All processes killed ========== SERVICES/DRIVERS ========== Service ibmsmbus stopped successfully! Service ibmsmbus deleted successfully! ========== FILES ========== < fsutil reparsepoint delete E:\WINDOWS\$NtUninstallKB41119$ /C > E:\Documents and Settings\Administrator.DDD\Moje dokumenty\Downloads\cmd.bat deleted successfully. E:\Documents and Settings\Administrator.DDD\Moje dokumenty\Downloads\cmd.txt deleted successfully. < netsh winsock reset /C > Nie moľna zaˆadowa" nast©pujĄcego pomocnika DLL: IFMON.DLL. Nie znaleziono nast©pujĄcego polecenia: winsock reset. E:\Documents and Settings\Administrator.DDD\Moje dokumenty\Downloads\cmd.bat deleted successfully. E:\Documents and Settings\Administrator.DDD\Moje dokumenty\Downloads\cmd.txt deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\"ServiceDll"|hex(2):"E:\WINDOWS\system32\wuauserv.dll" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2ED9EB3B-73A7-4F31-B64D-FAFF845C9262}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ED9EB3B-73A7-4F31-B64D-FAFF845C9262}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 780193 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 5892715 bytes ->Flash cache emptied: 56502 bytes User: Administrator.DDD ->Temp folder emptied: 525100 bytes ->Temporary Internet Files folder emptied: 33238 bytes ->FireFox cache emptied: 20685282 bytes ->Google Chrome cache emptied: 14200672 bytes ->Flash cache emptied: 57325 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Kurp ->Temp folder emptied: 6499987805 bytes ->Temporary Internet Files folder emptied: 40944712 bytes ->Java cache emptied: 5042632 bytes ->FireFox cache emptied: 65216834 bytes ->Google Chrome cache emptied: 8877201 bytes ->Flash cache emptied: 63411 bytes User: LocalService ->Temp folder emptied: 69512 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 3496 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2148726 bytes %systemroot%\System32 .tmp files removed: 2675748 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3139571 bytes RecycleBin emptied: 4515758 bytes Total Files Cleaned = 6 366,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 03252012_124934 OTL.Txt GMER.txt -
Przekierowania Abnow.com, blokada dostępu do aplikacji!
krzysk1992 odpowiedział(a) na krzysk1992 temat w Dział pomocy doraźnej
Załaczam wszystkie wymagane logi. Niestety mam problem z uruchomieniem combofixa. A precyzując po wykonaniu tych wszystkich czynności przez program (przedstawionych w załączonym pliku - http://www.sendspace.pl/file/f69d06d82af7d4f3b5634b2) program wyłącza się. OTL.Txt Extras.Txt GMER.txt -
Przekierowania Abnow.com, blokada dostępu do aplikacji!
krzysk1992 opublikował(a) temat w Dział pomocy doraźnej
Witam. Złapałem dziś jakiś syfik na komputer. Wszystkie aplikacje zostały wyłączone a podczas wyszukiwania w google przekierowuje na stronke abnow.com. W załączniku prześle logi z OTL. Z góry dzięki za pomoc OTL.Txt