berserker utworzono 3 lipca 2009 utworzono 3 lipca 2009 Log Combofix: ComboFix 09-07-02.03 - Berserker 2009-07-03 21:04.12 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1603 [GMT 2:00]Uruchomiony z: c:\documents and settings\Berserker\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\Berserker\Pulpit\CFScript.txtAV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FILE ::"c:\windows\Installer\177dbb.msi""c:\windows\Installer\19938be.msi""c:\windows\Installer\1cec4.msi""c:\windows\Installer\3099910.msi""c:\windows\Installer\3daa2.msi""c:\windows\Installer\3f7b96.msi""c:\windows\Installer\4a1e9.msi""c:\windows\Installer\533aa.msi""c:\windows\Installer\71059.msi".((((((((((((((((((((((((( Pliki utworzone od 2009-06-03 do 2009-07-03 ))))))))))))))))))))))))))))))).2009-06-30 05:50 . 2009-06-30 05:50 -------- d-----w- c:\program files\Real Alternative2009-06-30 05:50 . 2009-06-30 05:50 -------- d-----w- c:\documents and settings\Berserker\Ustawienia lokalne\Dane aplikacji\Real2009-06-23 19:19 . 2009-06-23 19:19 152576 ----a-w- c:\documents and settings\Berserker\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll2009-06-18 18:41 . 2009-06-18 18:41 -------- d-----w- C:\NVIDIA2009-06-12 04:49 . 2009-04-30 21:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2009-06-12 04:49 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-03 16:37 . 2009-03-24 13:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-07-03 04:47 . 2009-03-24 13:17 352288 --sha-w- c:\windows\system32\drivers\fidbox2.dat2009-07-03 04:47 . 2009-03-24 13:17 3332 --sha-w- c:\windows\system32\drivers\fidbox2.idx2009-07-03 04:47 . 2009-03-24 13:17 1336864 --sha-w- c:\windows\system32\drivers\fidbox.dat2009-07-03 04:47 . 2009-03-24 13:17 12572 --sha-w- c:\windows\system32\drivers\fidbox.idx2009-06-30 06:03 . 2009-02-08 13:56 -------- d-----w- c:\documents and settings\Berserker\Dane aplikacji\ArcaMicroScan2009-06-30 06:03 . 2009-01-05 16:52 -------- d-----w- c:\program files\ArcaMicroScan2009-06-29 19:15 . 2009-03-26 11:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-06-26 14:19 . 2009-01-29 20:00 1 ----a-w- c:\documents and settings\Berserker\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys2009-06-23 19:20 . 2008-08-08 06:10 -------- d-----w- c:\program files\Java2009-06-21 14:41 . 2009-01-23 12:38 -------- d-----w- c:\documents and settings\Berserker\Dane aplikacji\DivX2009-06-18 18:42 . 2008-08-24 10:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2009-06-12 05:15 . 2008-12-04 08:20 -------- d-----w- c:\program files\Odkurzacz2009-06-10 16:33 . 2009-04-30 20:02 1580550 ----a-w- c:\windows\system32\nvdata.bin2009-06-10 16:33 . 2008-08-07 12:43 457248 ----a-w- c:\windows\system32\nvudisp.exe2009-06-10 16:33 . 2007-04-12 15:44 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys2009-06-10 16:33 . 2007-04-12 15:44 5908608 ----a-w- c:\windows\system32\nv4_disp.dll2009-06-08 19:01 . 2008-08-07 12:55 72968 ----a-w- c:\documents and settings\Berserker\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-07 17:08 . 2009-01-29 19:56 -------- d-----w- c:\program files\OpenOffice.org 32009-06-04 14:39 . 2008-08-07 12:28 457248 ----a-w- c:\windows\system32\NVUNINST.EXE2009-05-21 09:33 . 2008-11-05 14:17 410984 ----a-w- c:\windows\system32\deploytk.dll2009-05-20 16:48 . 2009-03-24 13:17 94643 ----a-w- c:\windows\system32\drivers\klick.dat2009-05-20 16:48 . 2009-03-24 13:17 105395 ----a-w- c:\windows\system32\drivers\klin.dat2009-05-13 05:06 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll2009-05-07 16:09 . 2008-09-05 16:58 -------- d-----w- c:\program files\MoorHunt2009-05-07 15:34 . 2006-03-02 12:00 347648 ----a-w- c:\windows\system32\localspl.dll2009-04-19 19:51 . 2006-03-02 12:00 1847424 ----a-w- c:\windows\system32\win32k.sys2009-04-15 14:54 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll2009-04-14 19:24 . 2006-03-02 12:00 83660 ----a-w- c:\windows\system32\perfc015.dat2009-04-14 19:24 . 2006-03-02 12:00 490284 ----a-w- c:\windows\system32\perfh015.dat2009-04-06 17:20 . 2009-02-27 11:28 228 ----a-w- c:\windows\system32\edacded0_x.dat2008-12-03 18:40 . 2008-12-03 18:40 23 --sha-w- c:\windows\system32\bebdcdaba_d.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-24 206088][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-8-7 1205840][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe\0SsiEfr.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"=R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-09-13 17408]R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-08-07 104344]R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-08-07 69656][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.Zawartość folderu 'Zaplanowane zadania'2009-07-03 c:\windows\Tasks\User_Feed_Synchronization-{3413FE8A-377D-4B5F-97E8-FDCDA442E5DB}.job- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]..------- Skan uzupełniający -------.IE: E&ksportuj do programu Microsoft ExcelTCP: {BD3F118E-97F9-4B18-83A8-101D8916E158} = 83.238.255.76 213.241.79.37FF - ProfilePath - c:\documents and settings\Berserker\Dane aplikacji\Mozilla\Firefox\Profiles\im25sa26.default\FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/#FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}---- FIREFOX - SPOSÓB POSTĘPOWANIA ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-03 21:05Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_LOCAL_MACHINE\software\Andreas Haak\a*Ű]"User"="Cedric128FR@FFF.com""Code"="vojocadi42""License"=dword:00000001"Active"=dword:00000002.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(1268)c:\windows\system32\WININET.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Czas ukończenia: 2009-07-03 21:06ComboFix-quarantined-files.txt 2009-07-03 19:06ComboFix2.txt 2009-07-03 18:59Przed: 11 499 962 368 bajtów wolnychPo: 11 489 411 072 bajtów wolnych202 --- E O F --- 2009-06-12 04:56 Log HijackThix: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:17:24, on 2009-07-03Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218287098515O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218113862343O17 - HKLM\System\CCS\Services\Tcpip\..\{BD3F118E-97F9-4B18-83A8-101D8916E158}: NameServer = 83.238.255.76 213.241.79.37O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe--End of file - 4735 bytes
Gość komentarz 3 lipca 2009 komentarz 3 lipca 2009 W logach nic nie ma. 1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt. 2. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.