UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Niestety Nod32 który mam zainstalowany cześć wykrywa jako Backdoor.IRCBot a część nie wykrywa wogule (sprawdzalem na virustotal wszystkie są zawirusowane trojanem Backdoor.IRCBot)
Files to delete:
c:\windows\system32\XDva332.sys
Drivers to delete:
XDva332
gupdate1c985ea3f086108
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"=-
"Adobe Reader Speed Launcher"=-
"nwiz"=-
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
:OTL
SRV - File not found [Disabled | Stopped] -- -- (VMware NAT Service)
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
[2009-07-03 19:20:48 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\gijoe\Application Data\Mozilla\Firefox\Profiles\jaw57l6u.default\searchplugins\daemon-search.xml
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
@Alternate Data Stream - 88 bytes C:\WINDOWS\regedit.exe:SummaryInformation
:Files
C:\Documents and Settings\gijoe\DoctorWeb
:Commands
[emptytemp]
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Zarejestrowani użytkownicy: Bing [Bot]