Forum
Archiwum
Archiwum

Problem - prawdopodobnie wirus

Utwórz nowy wątekOdpowiedz
Grisha
#16
Chłopie, toć spyware doctor, to nie program antywirusowy!
On ma za zadanie odnaleźć na Twoim kompie szpiega i go usunąć. Dlatego w tak łatwy sposób zainfekowało Ci kompa.
Jako że z przeinstalowania systemu nici, musisz swoje odczekać. Spróbuj ponownie zainstalować, avasta, avg czy inny program z tych dostępnych:
http://dobreprogramy.pl/index.php?dz=1& ... tywirusowe

Kolejna sprawa, to wrzuć sobie tą pracę domową na rapida czy inny megaupload, kod zapisz na kartce czy w umyśle. Wirus może zainfekować Ci całego kompa, że go w ogóle nie uruchomisz (rzadkie ale spotykane).

Zmień folder w którym instalujesz antywira, wyczyść rejestr jakimś cclenaerem czy innym programiskiem tego typu.
Obrazek
Dunio
#17
Nie mam kąt na tym co mi kazałeś prace domową wrzucić , a ta 3 część -za dobrze cię nie zrozumiałem :-/
Dziadek
#18
Dunio napisał(a):
Mam dysleksje ,a książki czytam 2 h dziennie przed snem .

Co do pierwszego to nie wnikam, ale jeżeli to drugie to prawda, to ogromny plus dla Ciebie. Sam wielokrotnie chciałem poświęcać się wielu słynnym lekturom, lecz zazwyczaj był to słomiany zapał.

Ale wracając do tematu... Spróbuj "zaledwie" dobrego avasta. Notabene możliwe, że to nie wina wirusa. Spróbuj skorzystać z tzw. czyścicieli dysków pokroju Odkrzurzacza, CCleanera, itp. Przeinstaluj sterowniki odpowiedzialne za dźwięk, wykonaj defragmentację. W ostateczności skorzystaj z opcji prostej niczym konstrukcja cepa - podłącz jakiś sprawny (czyt. pożyczony) dysk do własnego piecyka, zgraj pliki, zrób format wadliwego, zainstaluj wszystko na nowo, ponownie przerzuć interesujące Ciebie dane na własny dysk i voila. Największym mankamentem tego rozwiązania jest utrata przeoczonych rzeczy, ale przynajmniej oszczędzisz sobie i nerwów, i czasu, bo wbrew pozorom wykonanie czegoś takiego nie trwa długo.

Zainspirowany postem Grishy - nie wiem jak funkcjonuje darmowe wrzucanie na rapida, ale ze speedyshare.com nie ma problemu.
Anything is possible
Grisha
#19
Dunio napisał(a):
Nie mam kąt na tym co mi kazałeś prace domową wrzucić , a ta 3 część -za dobrze cię nie zrozumiałem :-/


To wrzuć sobie na http://www.sendspace.pl/

A, co do trzeciej części. Ściągasz sobie program ccleaner i czyścisz rejestr. To nie sprawi, że wirus zniknie, ale uporządkujesz sobie system.
Albo prostrzy i odrobine bezpieczniejszy program.

http://dobreprogramy.pl/index.php?dz=2& ... leaner+2.0

Klikasz najpierw skanuj rejestr czekasz, po wyszukaniu błędów przez program klikasz napraw rejestr. Restartujesz kompa i próbuj instalować antywira. Zmieniając ścieżkę instalacyjna. Czyli nie instaluj go automatycznie na dysku C, ale np. na D.
Obrazek
Dunio
#20
Rejestr nie pomógł nigdzie nie mogę zainstalować tego antywirusa , cały czas ten sam komunikat ,shit :-/
Maf
#21
Zabawię się trochę w terminatora wirusów (spokojnie, znam się na tym).

Uwaga! Ten program to nie zabawka i nie powinien być uruchamiany przez niedoświadczonych użytkowników (z wyjątkiem pod okiem "mentora").

1. Ściągnij program ComboFix na pulpit.
2. Uruchom go z dwukliku i poczekaj, aż zakończy swoje działanie (może zrestartować komputer).
3. Po ponownym uruchomieniu lub zakończeniu operacji, wklej tutaj log z pliku C:/ComboFix.txt w tagach [CODE][/CODE].
Dunio
#22
Wyskakuję błąd przy uruchamianiu programu o treści :C:\Documents and Settings\intel\Pulpit\ComboFix.exe nie jest prawidłowom aplikacją systemu Win32
Grisha
#23
Czyli masz kompa zainfekowanego do "kości".

Spróbuj jeszcze tylko uruchomić antywira w trybie awaryjnym, jak to nic nie da, to już tylko reinstal systemu wchodzi w grę.
Obrazek
Dunio
#24
a jak zapomnę hasła na mafiatown xD , dowiedziałem się żę brat wraca DZIŚ , czyli zgram co mi potrzebne i wio 8-)
Maf
#25
1. Ściągnij i uruchom program FindyKill według TEJ instrukcji (jest też tam link; skorzystaj z opcji DEZYNFEKCJI).
2. Po wszystkim wypełnij instrukcję z mojego poprzedniego postu.
Dunio
#26
Kod:
ComboFix 09-05-23.04 - intel 2009-05-24 17:09.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.2047.1406 [GMT 2:00]
Uruchomiony z: c:\documents and settings\intel\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\intel\Dane aplikacji\drivers\downld
c:\documents and settings\intel\Menu Start\Programy\Autostart\ctfmon.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]0A2FC8C.urr
c:\program files\FunWebProducts\Shared\[u]0[/u]10AEBC9.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\4.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\7.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\7.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\7.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\7.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\7.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\7.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\7.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\7.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\7.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\7.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\7.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\7.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\7.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\7.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\7.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\7.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\7.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\7.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\7.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\7.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\7.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\7.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\7.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\7.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\7.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\7.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\7.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\7.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\7.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\7.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\7.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\7.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\7.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\7.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\7.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\7.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\7.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\7.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\7.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\7.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]001E0F5
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]002A32B
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]003B0E2
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]003F629
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]00B6BD4
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]00B7DD5.bin
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]00B824A.bin
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]00B85D4.bin
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]00B8864.bin
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]00F2A04
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0438046
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0598859
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0FF0BAF.bin
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]1518E2F.bin
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]1519023
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]1A28C60
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]1A6D368
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]1D5C8D4.bin
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]1D5CAC8.bin
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]1D5CC3F.bin
c:\program files\MyWebSearch\bar\Cache\[u]0[/u]1D5CDC6.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
c:\windows\system32\17e4c3e0.dll
c:\windows\system32\f3PSSavr.scr
D:\Autorun.inf
E:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


(((((((((((((((((((((((((   Pliki utworzone od 2009-04-24 do 2009-05-24  )))))))))))))))))))))))))))))))
.

2009-05-24 15:01 . 2009-05-24 15:10   --------   d--h--w   c:\documents and settings\intel\Dane aplikacji\drivers
2009-05-24 14:54 . 2009-05-24 15:01   --------   d-----w   C:\FindyKill
2009-05-23 10:27 . 2009-02-05 20:08   93296   ----a-w   c:\windows\system32\drivers\aswmon.sys
2009-05-23 10:27 . 2009-02-05 20:04   97480   ----a-w   c:\windows\system32\AvastSS.scr
2009-05-23 10:27 . 2009-02-05 20:11   1256296   ----a-w   c:\windows\system32\aswBoot.exe
2009-05-23 10:27 . 2003-03-18 19:20   1060864   ----a-w   c:\windows\system32\MFC71.dll
2009-05-23 10:26 . 2009-05-23 10:26   --------   d-----w   c:\program files\Alwil Software
2009-05-21 15:43 . 2007-05-06 09:11   94208   ----a-w   c:\windows\system32\stacsv.exe
2009-05-21 15:43 . 2007-05-06 09:10   405504   ----a-w   c:\windows\sttray.exe
2009-05-21 15:43 . 2007-05-06 09:10   2187264   ----a-w   c:\windows\system32\stlang.dll
2009-05-21 15:43 . 2007-05-06 09:11   144896   ----a-w   c:\windows\system32\staco.dll
2009-05-21 15:43 . 2007-05-06 09:12   1222840   ----a-w   c:\windows\system32\drivers\sthda.sys
2009-05-21 15:43 . 2007-05-06 09:11   270336   ----a-w   c:\windows\system32\stacapi.dll
2009-05-21 15:43 . 2009-05-21 15:43   --------   d-----w   c:\program files\SigmaTel
2009-05-21 13:53 . 2006-01-06 08:35   419200   ----a-w   c:\windows\system32\drivers\FSTOPW.sys
2009-05-16 13:09 . 1998-09-02 08:28   38160   ----a-w   c:\windows\system32\LMRTREND.dll
2009-05-16 13:09 . 1998-08-27 04:51   182032   ----a-w   c:\windows\system32\dxtmsft3.dll
2009-05-16 13:09 . 1998-09-02 08:28   63488   ----a-w   c:\windows\system32\unam4ie.exe
2009-05-16 13:09 . 1998-08-17 09:21   10240   ----a-w   c:\windows\system32\vidx16.dll
2009-05-16 13:09 . 1998-08-17 09:21   11776   ----a-w   c:\windows\system32\mciqtz.drv
2009-05-16 13:09 . 1998-09-02 08:02   194320   ----a-w   c:\windows\system32\qcut.dll
2009-05-16 13:09 . 2009-05-16 13:09   4608   ----a-w   c:\windows\system32\w95inf32.dll
2009-05-16 13:09 . 2009-05-16 13:09   2272   ----a-w   c:\windows\system32\w95inf16.dll
2009-05-14 13:33 . 2009-05-14 14:37   20480   ----a-w   c:\windows\system32\H@tKeysH@@k.DLL
2009-05-12 17:52 . 2009-05-12 17:52   --------   d-----w   c:\windows\65F1CF6331E0450B96F34A88BE7361A6.TMP
2009-05-10 17:43 . 2009-05-10 17:43   --------   d-----w   c:\documents and settings\intel\Ustawienia lokalne\Dane aplikacji\CometNetwork
2009-05-10 17:43 . 2009-05-10 17:43   --------   d-----w   c:\documents and settings\intel\Dane aplikacji\CometNetwork
2009-05-10 17:43 . 2009-05-21 18:20   --------   d-----w   c:\program files\CometBird
2009-05-10 16:34 . 2009-05-19 17:37   --------   d-----w   C:\Downloads
2009-05-10 16:34 . 2009-05-10 16:34   1048576   ----a-w   c:\documents and settings\intel\Dane aplikacji\Mozilla\Firefox\Profiles\nxrf2idj.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2009-05-04 16:12 . 2009-05-09 20:07   144384   ----a-w   c:\windows\system32\miccyhook.dll
2009-05-01 10:24 . 2009-05-01 10:24   --------   d-----w   c:\program files\Eidos
2009-04-30 20:51 . 2009-05-23 11:27   --------   d-----w   c:\documents and settings\intel\Dane aplikacji\HPAppData
2009-04-29 21:19 . 2009-04-29 21:19   41808   ----a-w   c:\windows\system32\xfcodec.dll
2009-04-29 16:52 . 2003-06-18 23:31   17920   ----a-w   c:\windows\system32\mdimon.dll
2009-04-29 16:51 . 2009-04-29 16:51   --------   d-----w   c:\program files\Microsoft Works
2009-04-29 16:50 . 2009-04-29 16:51   --------   d-----w   c:\windows\SHELLNEW
2009-04-29 16:50 . 2009-04-29 16:50   --------   d-----w   c:\program files\Microsoft.NET
2009-04-29 16:13 . 2009-04-29 16:13   --------   d-----w   c:\documents and settings\intel\Ustawienia lokalne\Dane aplikacji\HP
2009-04-29 16:13 . 2009-04-29 16:13   --------   d-----w   c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY
2009-04-29 16:07 . 2009-04-29 16:07   --------   d-----w   c:\documents and settings\All Users\Dane aplikacji\WEBREG
2009-04-29 16:06 . 2009-04-29 16:06   --------   d-----w   c:\documents and settings\intel\Dane aplikacji\HP
2009-04-29 15:57 . 2009-04-29 15:57   --------   d-----w   c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-04-29 15:57 . 2009-04-29 15:57   --------   d-----w   c:\documents and settings\All Users\Dane aplikacji\HP
2009-04-29 15:56 . 2009-04-29 15:56   --------   d-----w   c:\program files\Common Files\HP
2009-04-29 15:55 . 2009-04-29 15:57   --------   d-----w   c:\program files\HP
2009-04-29 15:53 . 2007-10-30 09:25   16496   ----a-r   c:\windows\system32\drivers\HPZipr12.sys
2009-04-29 15:53 . 2007-10-30 09:25   49920   ----a-r   c:\windows\system32\drivers\HPZid412.sys
2009-04-29 15:53 . 2009-04-29 16:06   168987   ----a-w   c:\windows\hphins25.dat
2009-04-29 15:53 . 2007-12-13 00:02   879   ------w   c:\windows\hphmdl25.dat
2009-04-29 15:53 . 2009-04-29 15:53   --------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2009-04-29 15:53 . 2007-11-08 15:02   271704   ----a-r   c:\windows\system32\hpzids01.dll
2009-04-29 15:53 . 2007-10-20 16:25   118272   ----a-w   c:\windows\system32\hpz3l5mu.dll
2009-04-29 15:52 . 2007-10-30 09:25   309760   ----a-r   c:\windows\system32\difxapi.dll
2009-04-29 15:52 . 2007-10-30 09:25   21568   ----a-r   c:\windows\system32\drivers\HPZius12.sys
2009-04-29 15:52 . 2007-10-30 09:25   372736   ----a-r   c:\windows\system32\hppldcoi.dll
2009-04-29 15:52 . 2004-08-03 21:01   25856   -c--a-w   c:\windows\system32\dllcache\usbprint.sys
2009-04-29 15:52 . 2004-08-03 21:01   25856   ----a-w   c:\windows\system32\drivers\usbprint.sys
2009-04-29 15:52 . 2004-08-03 21:08   31616   -c--a-w   c:\windows\system32\dllcache\usbccgp.sys
2009-04-29 15:52 . 2004-08-03 21:08   31616   ----a-w   c:\windows\system32\drivers\usbccgp.sys

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 15:11 . 2008-04-04 20:27   --------   d-----w   c:\program files\Neostrada TP
2009-05-24 15:09 . 2009-03-01 18:56   --------   d-----w   c:\documents and settings\intel\Dane aplikacji\Skype
2009-05-24 15:02 . 2006-03-02 12:00   80074   ----a-w   c:\windows\system32\perfc015.dat
2009-05-24 15:02 . 2006-03-02 12:00   459144   ----a-w   c:\windows\system32\perfh015.dat
2009-05-24 14:52 . 2009-03-01 18:59   --------   d-----w   c:\documents and settings\intel\Dane aplikacji\skypePM
2009-05-23 09:24 . 2008-03-26 15:52   67840   ----a-w   c:\documents and settings\intel\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-05-21 17:44 . 2008-10-14 15:02   --------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-05-21 15:32 . 2008-03-27 07:24   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-05-16 17:52 . 2008-10-06 13:24   --------   d-----w   c:\documents and settings\intel\Dane aplikacji\Xfire
2009-05-16 14:37 . 2008-10-06 13:24   --------   d-s---w   c:\program files\Xfire
2009-05-15 13:38 . 2008-05-21 11:45   139984   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 13:38 . 2008-05-21 11:45   189496   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-05-14 14:32 . 2009-02-28 16:21   --------   d-----w   c:\documents and settings\intel\Dane aplikacji\teamspeak2
2009-05-12 17:52 . 2009-01-15 08:22   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-05-10 18:24 . 2009-02-01 17:50   --------   d-----w   c:\program files\Ubisoft
2009-05-07 18:33 . 2008-05-06 12:34   --------   d-----w   c:\documents and settings\intel\Dane aplikacji\Ahead
2009-04-29 20:33 . 2009-02-17 19:46   --------   d-----w   c:\documents and settings\intel\Dane aplikacji\VSO
2009-04-21 13:16 . 2009-04-21 13:16   --------   d-----w   c:\program files\Mafia
2009-04-17 17:18 . 2009-04-17 17:18   --------   d-----w   c:\program files\Radical Games
2009-04-11 15:50 . 2008-05-21 11:45   75064   ----a-w   c:\windows\system32\PnkBstrA.exe
2009-04-09 09:12 . 2009-02-12 17:52   --------   d-----w   c:\documents and settings\intel\Dane aplikacji\Nowe Gadu-Gadu
2009-03-29 11:00 . 2009-03-03 13:56   --------   d-----w   c:\program files\America's Army Server Manager
2009-03-29 11:00 . 2009-03-22 17:24   --------   d-----w   c:\program files\NAPI-PROJEKT
2009-03-25 19:36 . 2009-03-25 19:36   53319   ----a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
2009-03-20 17:11 . 2009-03-20 17:11   4366   ----a-w   c:\windows\system32\ealregsnapshot1.reg
2009-03-06 14:47 . 2008-10-18 12:26   285184   ----a-w   c:\windows\system32\pdh.dll
2009-03-03 00:10 . 2006-03-02 12:00   826368   ----a-w   c:\windows\system32\wininet.dll
2009-03-02 16:47 . 2009-03-02 16:47   249856   ----a-w   c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerPassFileSharing.exe
2009-03-02 16:47 . 2009-03-02 16:47   242496   ----a-w   c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\tssCPopupNotify.dll
2009-03-02 16:47 . 2009-03-02 16:47   21   ----a-w   c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\uninstall.bat
2009-03-02 16:47 . 2009-03-02 16:47   1828176   ----a-w   c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\Skype4COM.dll
2009-03-01 18:59 . 2009-03-01 18:59   48   ---ha-w   c:\windows\system32\ezsidmv.dat
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-10-21 2154496]
"Nowe Gadu-Gadu"="d:\nowe gadu-gadu\gg.exe" [2009-04-10 9818728]
"Dzieńdobry!"="d:\dzieńdobry!\dziendobry.exe" [2007-04-04 753664]
"Skype"="d:\skype\Phone\Skype.exe" [2009-02-04 23975720]
"Innerpass"="c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerPassFileSharing.exe" [2009-03-02 249856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-02-06 3325952]
"ALLUpdate"="d:\allplayer\ALLUpdate.exe" [2008-11-24 869888]
"BitComet"="d:\bitcomet\BitComet.exe" [2009-04-28 2591544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-21 13574144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-21 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"FRISK FP-Scheduler"="d:\fsi\F-Prot\F-Sched.exe" [2009-05-24 370504]
"F-StopW"="d:\fsi\F-Prot\F-StopW.EXE" [2009-05-24 300032]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-05-24 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-21 1630208]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\intel\Menu Start\Programy\Autostart\
UniSpiker-2.6.lnk - d:\unispiker-2.6\uni_spiker-2.6.exe [2006-7-25 86016]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-4-29 3145552]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-4-4 962661]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nextlink32]
2005-02-15 01:19   12288   ----a-w   c:\windows\system32\nextlink32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Gry\\Call of Duty\\CoDMP.exe"=
"e:\\Gry\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\eMule\\emule.exe"=
"c:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\Uninstall\\eMule\\emule.exe"=
"e:\\Gry\\Call of Duty 4\\iw3mp.exe"=
"d:\\Raptr\\Raptr.exe"=
"d:\\Raptr\\RaptrBT.exe"=
"e:\\Gry\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Gry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Gry\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"e:\\Gry\\Władca Pierścieni Podbój\\Conquest.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Gry\\Call of Duty World at War\\CoDWaW.exe"=
"e:\\Gry\\Call of Duty World at War\\CoDWaWmp.exe"=
"e:\\Gry\\Hitman Blood Money\\HitmanBloodMoney.exe"=
"e:\\Gry\\Call of Duty\\CoDUOMP.exe"=
"d:\\BitComet\\BitComet.exe"=
"d:\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"6848:TCP"= 6848:TCP:messenger
"56854:TCP"= 56854:TCP:Pando Media Booster
"56854:UDP"= 56854:UDP:Pando Media Booster
"3145:TCP"= 3145:TCP:messenger
"3376:TCP"= 3376:TCP:messenger
"1443:TCP"= 1443:TCP:messenger
"4578:TCP"= 4578:TCP:messenger
"8726:TCP"= 8726:TCP:messenger
"2222:TCP"= 2222:TCP:messenger
"8957:TCP"= 8957:TCP:BitComet 8957 TCP
"8957:UDP"= 8957:UDP:BitComet 8957 UDP
"1242:TCP"= 1242:TCP:messenger
"2382:TCP"= 2382:TCP:messenger
"8222:TCP"= 8222:TCP:messenger

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S2 nextlink32;MSWC Content Linking;rundll32.exe c:\windows\system32\nextlink32.dll,yhuz --> rundll32.exe c:\windows\system32\nextlink32.dll,yhuz [?]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2008-04-28 53921]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\intel\USTAWI~1\Temp\mdxgthkn.sys --> c:\docume~1\intel\USTAWI~1\Temp\mdxgthkn.sys [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\7.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\7.bin\m3SrchMn.exe
SafeBoot-procexp90.Sys


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.atcomet.com/b/
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
IE: E&ksport do programu Microsoft Excel - d:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - d:\bitcomet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - d:\bitcomet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - d:\bitcomet\BitComet.exe/AddLink.htm
IE: { - c:\program files\Messenger\msmsgs.exe
LSP: xfire_lsp_10650.dll
TCP: {35151D82-11C6-4C01-8A03-18C95BAE1ED7} = 194.204.159.1 217.98.63.164
FF - ProfilePath - c:\documents and settings\intel\Dane aplikacji\Mozilla\Firefox\Profiles\nxrf2idj.default\
FF - prefs.js: browser.startup.homepage - hxxp://pl.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=B5urQVRLkAP2GWa4ALK0bQ&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor=
FF - component: c:\documents and settings\intel\Dane aplikacji\Mozilla\Firefox\Profiles\nxrf2idj.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 17:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-2025429265-602162358-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bd,70,8a,33,8c,67,60,48,d3,71,93,9a,d7,6e,3d,c3,9e,4c,a8,24,71,c8,83,
   56,8b,c5,7a,c1,79,bf,9d,b3,20,d9,01,82,6a,43,44,3e,0f,dd,2d,49,9d,70,cf,91,\
"??"=hex:e2,f2,ab,f8,15,62,7e,51,d6,fe,50,28,a4,d7,3d,3f

[HKEY_USERS\S-1-5-21-2025429265-602162358-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:30,a7,e2,9a,56,ff,24,07,c0,b0,d4,3d,99,d3,d0,30,46,01,d2,6b,a1,
   5f,61,5b,6b,3b,89,6d,31,f9,14,a3,fa,2e,da,2a,c1,ec,5f,05,78,61,3a,28,68,1a,\
"rkeysecu"=hex:47,3a,1d,b3,e2,70,a6,d3,89,a2,d9,22,2b,55,36,eb
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\nextlink32.dll

- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\xfire_lsp_10650.dll

- - - - - - - > 'explorer.exe'(1696)
c:\program files\Xfire\xfire_toucan_36913.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
d:\skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-24 17:16 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-05-24 15:16

Przed: 67 799 252 992 bajtów wolnych
Po: 68 320 649 216 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

432   --- E O F ---   2009-05-14 01:01

o to ci chodzi ??

edit:
O qurcze komp chodzi szybciej i mam dźwięk ,o wielkie dzięki Mafioso jestem twoim dłużnikiem :lol: :mrgreen: :-P :-) ;-) :-> :-D
Maf
#27
Nie ma za co ;-) Lubię pomagać, zwłaszcza z komputerami.

Trochę syfu miałeś i może jeszcze masz, dlatego przeskanuj jeszcze kompa programem Malwarebytes AntiMalware (najpierw zaktualizuj bazy danych, a potem przeskanuj cały komputer - pełne skanowanie). Po wyskoczeniu loga wklej go tu tak samo jak poprzednio.

Oczywiście ComboFix i FindyKill możesz już usunąć ;-)
Dunio
#28
OK już skanowałem programem antywirusowym NOD32 , i wykazało trochę najwięcej na c a najmnie tam gdzie mam gry , muzykę to nic nie było :mrgreen:
Maf
#29
Jednak przeskanuj tym programem powyżej - on ma trochę inne działanie - i podaj z niego log. Inaczej istnieje zagrożenie powrotu infekcji.
Dunio
#30
Kod:
Malwarebytes' Anti-Malware 1.37
Wersja bazy definicji: 2236
Windows 5.1.2600 Dodatek Service Pack 2

2009-06-06 09:38:59
mbam-log-2009-06-06 (09-38-59).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Przeskanowane obiekty: 173460
Upłynęło: 21 minute(s), 42 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 61
Zainfekowane wartości rejestru: 2
Zainfekowane pliki rejestru: 2
Zainfekowane foldery: 0
Zainfekowane pliki: 60

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Zainfekowane pliki rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\4.bin\MWSBAR.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\4.bin\MWSSRCAS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\7.bin\M3HIGHIN.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\7.bin\M3IMPIPE.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\7.bin\M3MEDINT.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\7.bin\M3SKPLAY.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\7.bin\M3SRCHMN.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\7.bin\MWSBAR.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\7.bin\MWSOEPLG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\7.bin\MWSSRCAS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP394\A0235810.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP394\A0235811.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP394\A0236810.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP395\A0236934.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP395\A0236935.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP396\A0236973.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP396\A0236974.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP396\A0237036.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP399\A0237268.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP400\A0237313.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP400\A0237314.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP400\A0238312.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP407\A0238578.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP407\A0238579.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP409\A0238618.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP409\A0238646.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0238697.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0238698.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0238730.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0238745.exe (Trojan.Packed) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239558.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239559.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239560.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239561.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239562.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239563.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239568.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239570.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239572.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239577.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239578.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239579.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239580.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239581.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239582.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239584.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239585.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239586.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239588.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239589.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239590.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239592.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239593.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239594.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239595.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239596.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239587.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239603.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP410\A0239605.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{92dada89-3682-41d5-b35a-5f79e1c35fff}\RP411\A0239731.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
Utwórz nowy wątekOdpowiedz