Witam,dziś nie chciał się uruchomić komputer z rana,uruchomiony z trybu awaryjnego,zrobione przywracanie systemu.Komputer sie uruchomił,przeskanowałem malware i Avg,coś tam znalazła,wyłączyłem przywracanie i włączyłem ponownie.Przed chwilą Avg pokazał NSAnti,usunąłem i wyłączyłem i włączyłem przywracanie.Proszę o sprawdzenie logu z OTL.Gmerem nie robiłem,bo kiedyś mi się na nim wieszał komp.
Extras:
http://wklej.eu/index.php?id=772a5344f4
OTL:
http://wklej.eu/index.php?id=af046b7592
Wirus NSAnti
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
14 posty(ów)
• Strona 1 z 1
Wirus NSAnti
przez Piotrek1979 » 03 Kwi 2012, 20:05
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
-
Piotrek1979 - Forumowicz
- Posty: 44
- Dołączenie: 16 Sty 2010, 21:58
Re: Wirus NSAnti
przez mateo8898 » 03 Kwi 2012, 21:03
UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
W takim razie zamiast Gmer podaj chociaż raport z TDSSKiller 
otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p120292
Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:
Klikasz Wykonaj skrypt. Dajesz log z usuwania + nowe logi z OTL.
otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p120292Uruchom OTL
w oknie Własne opcje skanowania/skrypt wklej:- Kod: Zaznacz wszystko
:OTL
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (av2zmnyg)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (akt69l0e)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
[2011-09-11 11:35:04 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012-03-20 21:26:43 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\searchplugins\askcom.xml
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Key error.)
[2012-03-20 21:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012-04-03 13:27:59 | 000,000,480 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AEE961EB-CC50-4B66-B0D4-F929753E1D43}.job
:Commands
[emptytemp]
Klikasz Wykonaj skrypt. Dajesz log z usuwania + nowe logi z OTL.
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Wirus NSAnti
przez Piotrek1979 » 03 Kwi 2012, 21:22
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Log z usuwania:
All processes killed
========== OTL ==========
Service InCDRm stopped successfully!
Service InCDRm deleted successfully!
File system32\drivers\InCDRm.sys not found.
Service InCDPass stopped successfully!
Service InCDPass deleted successfully!
File system32\drivers\InCDPass.sys not found.
Service InCDFs stopped successfully!
Service InCDFs deleted successfully!
File system32\drivers\InCDFs.sys not found.
Error: No service named av2zmnyg was found to stop!
Service\Driver key av2zmnyg not found.
Error: No service named akt69l0e was found to stop!
Service\Driver key akt69l0e not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\modules folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\defaults folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\skin\classic\nautipolis folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\skin\classic\classiccompact folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\skin\classic\aero folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\skin\classic folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\skin folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\zh-CN folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\ru-RU folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\ru folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\ro-RO folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\ro folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\pt-BR folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\ja folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\hu-HU folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\es-ES folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\de-DE folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\content folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\searchplugins\askcom.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Starting removal of ActiveX control {68282C51-9459-467B-95BF-3C0E89627E55}
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found.
C:\Program Files\Ask.com folder moved successfully.
C:\WINDOWS\tasks\User_Feed_Synchronization-{AEE961EB-CC50-4B66-B0D4-F929753E1D43}.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Anka i Piotrek
Temp folder emptied: 1080494 bytes
Temporary Internet Files folder emptied: 571592 bytes
Java cache emptied: 0 bytes
FireFox cache emptied: 307267864 bytes
Flash cache emptied: 1602 bytes
User: Default User
Temp folder emptied: 0 bytes
Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
Temp folder emptied: 66016 bytes
Temporary Internet Files folder emptied: 33263 bytes
User: NetworkService
Temp folder emptied: 0 bytes
Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10510082 bytes
RecycleBin emptied: 294216 bytes
Total Files Cleaned = 305,00 mb
OTL by OldTimer - Version 3.2.39.2 log created on 04032012_211052
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Nowy Extras:
http://wklej.eu/index.php?id=0be2c273c4
Nowy OTL:
http://wklej.eu/index.php?id=5ab547be65
Usunąłem Daemona,więc zrobię Gmerem,ale trochę to potrwa
Mam nadzieję,że gra Piraci z Karaibów z crakiem jest ok.,bo mój 5-cio letni synek się zapłacze jak nie będzie działać-tyle już w niej przeszedł i tak przeżywa
All processes killed
========== OTL ==========
Service InCDRm stopped successfully!
Service InCDRm deleted successfully!
File system32\drivers\InCDRm.sys not found.
Service InCDPass stopped successfully!
Service InCDPass deleted successfully!
File system32\drivers\InCDPass.sys not found.
Service InCDFs stopped successfully!
Service InCDFs deleted successfully!
File system32\drivers\InCDFs.sys not found.
Error: No service named av2zmnyg was found to stop!
Service\Driver key av2zmnyg not found.
Error: No service named akt69l0e was found to stop!
Service\Driver key akt69l0e not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\modules folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\defaults folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\skin\classic\nautipolis folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\skin\classic\classiccompact folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\skin\classic\aero folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\skin\classic folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\skin folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\zh-CN folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\ru-RU folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\ru folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\ro-RO folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\ro folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\pt-BR folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\ja folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\hu-HU folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\es-ES folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale\de-DE folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\locale folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome\content folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}\chrome folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\searchplugins\askcom.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Starting removal of ActiveX control {68282C51-9459-467B-95BF-3C0E89627E55}
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}\ not found.
C:\Program Files\Ask.com folder moved successfully.
C:\WINDOWS\tasks\User_Feed_Synchronization-{AEE961EB-CC50-4B66-B0D4-F929753E1D43}.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Anka i Piotrek
Temp folder emptied: 1080494 bytesTemporary Internet Files folder emptied: 571592 bytesJava cache emptied: 0 bytesFireFox cache emptied: 307267864 bytesFlash cache emptied: 1602 bytesUser: Default User
Temp folder emptied: 0 bytesTemporary Internet Files folder emptied: 33170 bytesUser: LocalService
Temp folder emptied: 66016 bytesTemporary Internet Files folder emptied: 33263 bytesUser: NetworkService
Temp folder emptied: 0 bytesTemporary Internet Files folder emptied: 33170 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10510082 bytes
RecycleBin emptied: 294216 bytes
Total Files Cleaned = 305,00 mb
OTL by OldTimer - Version 3.2.39.2 log created on 04032012_211052
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Nowy Extras:
http://wklej.eu/index.php?id=0be2c273c4
Nowy OTL:
http://wklej.eu/index.php?id=5ab547be65
Usunąłem Daemona,więc zrobię Gmerem,ale trochę to potrwa
Mam nadzieję,że gra Piraci z Karaibów z crakiem jest ok.,bo mój 5-cio letni synek się zapłacze jak nie będzie działać-tyle już w niej przeszedł i tak przeżywa
-
Piotrek1979 - Forumowicz
- Posty: 44
- Dołączenie: 16 Sty 2010, 21:58
Re: Wirus NSAnti
przez Piotrek1979 » 03 Kwi 2012, 23:15
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Załączam Gmera:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-03 23:17:15
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 \Device\Ide\IdeDeviceP0T0L0-3 ST3250620AS rev.3.AAC
Running: gmer.exe; Driver: C:\DOCUME~1\ANKAIP~1\USTAWI~1\Temp\awlorpob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAllocateVirtualMemory [0xB2E5FB94]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAssignProcessToJobObject [0xB2E5F586]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xB9E00818]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwConnectPort [0xB2E5F5DA]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateFile [0xB2E5F640]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xB9E007D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB9DF4A20]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcess [0xB2E5F72E]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcessEx [0xB2E5F7BA]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateThread [0xB2E5F84A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDebugActiveProcess [0xB2E5F980]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDuplicateObject [0xB2E5F9D4]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9DF52A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9E00910]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwLoadDriver [0xB2E5FA3A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenKey [0xB2E5FA8C]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenSection [0xB2E5FAE4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenThread [0xB2E5FB3C]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwProtectVirtualMemory [0xB2E5FBFA]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB9DF52C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xB9E00866]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwResumeThread [0xB2E5FCB6]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSecureConnectPort [0xB2E5FD74]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB9E000B0]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSetValueKey [0xB2E5FD08]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSuspendProcess [0xB2E5FDDE]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSystemDebugControl [0xB2E5FE30]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwTerminateProcess [0xB2E5FE90]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwWriteVirtualMemory [0xB2E5FEF4]
INT 0x62 ? 8A619CC8
INT 0x63 ? 8A64CCC8
INT 0x82 ? 8A619CC8
INT 0x83 ? 8A646CC8
INT 0xA4 ? 8A646CC8
INT 0xB4 ? 8A646CC8
---- Kernel code sections - GMER 1.0.15 ----
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F8CD38]
? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8E70360, 0x1DEE5D, 0xE8000020]
.text USBPORT.SYS!DllUnload B8E098AC 5 Bytes JMP 8A6461D8
.text a0kmhonb.SYS B8D59306 74 Bytes [00, 00, 00, 40, 03, 00, 40, ...]
.text a0kmhonb.SYS B8D59351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a0kmhonb.SYS B8D593A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a0kmhonb.SYS B8D593B4 34 Bytes [40, 00, 00, C8, 50, 41, 47, ...]
.text a0kmhonb.SYS B8D593D7 1 Byte [00]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E96574] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E960C0] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E96FE0] sptd.sys
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[HAL.dll!KeGetCurrentIrql] 830C4D8A
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[HAL.dll!KfAcquireSpinLock] 0001CCB8
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[HAL.dll!KfReleaseSpinLock] 48880000
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[HAL.dll!KfRaiseIrql] C0940F68
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[HAL.dll!KfLowerIrql] 8B55C35D
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 458D5653
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A6451F8
Device \FileSystem\Ntfs \Ntfs 8A5A1B30
Device \FileSystem\Fastfat \FatCdrom 8A434430
Device \FileSystem\Fastfat \FatCdrom 8A361168
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
Device \Driver\usbstor \Device\0000009f 89DE0430
Device \Driver\usbuhci \Device\USBPDO-0 8A4061F8
Device \Driver\usbuhci \Device\USBPDO-1 8A4061F8
Device \Driver\usbuhci \Device\USBPDO-2 8A4061F8
Device \Driver\usbuhci \Device\USBPDO-3 8A4061F8
Device \Driver\usbstor \Device\000000a0 89DE0430
Device \Driver\usbehci \Device\USBPDO-4 8A3EF1F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbstor \Device\000000a1 89DE0430
Device \Driver\PCI_PNP2212 \Device\00000062 sptd.sys
Device \Driver\PCI_PNP2212 \Device\00000062 sptd.sys
Device \Driver\usbstor \Device\000000a2 89DE0430
Device \Driver\usbstor \Device\000000a3 89DE0430
Device \Driver\Cdrom \Device\CdRom0 8A2A5488
Device \FileSystem\Rdbss \Device\FsWrap 8A3900E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A2B7AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A2B7AD8
Device \Driver\atapi \Device\Ide\IdePort0 8A2B7AD8
Device \Driver\atapi \Device\Ide\IdePort1 8A2B7AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A2B7AD8
Device \Driver\Cdrom \Device\CdRom1 8A2A5488
Device \Driver\Cdrom \Device\CdRom2 8A2A5488
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E4C430
Device \Driver\NetBT \Device\NetBT_Tcpip_{AA811EE8-8579-4AF5-9C8A-E121556FB5A6} 89E4C430
Device \Driver\NetBT \Device\NetbiosSmb 89E4C430
Device \FileSystem\Srv \Device\LanmanServer 89F08D58
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 8A4061F8
Device \Driver\usbstor \Device\00000099 89DE0430
Device \Driver\usbuhci \Device\USBFDO-1 8A4061F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2EC430
Device \Driver\usbuhci \Device\USBFDO-2 8A4061F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2EC430
Device \Driver\usbuhci \Device\USBFDO-3 8A4061F8
Device \FileSystem\Npfs \Device\NamedPipe 89DEC238
Device \Driver\usbehci \Device\USBFDO-4 8A3EF1F8
Device \FileSystem\Msfs \Device\Mailslot 89DCF1E8
Device \Driver\a0kmhonb \Device\Scsi\a0kmhonb1 8A30A430
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 8A397920
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 8913E388
Device \Driver\iteraid \Device\Scsi\iteraid1 8A6481F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 8913E388
Device \Driver\d347prt \Device\Scsi\d347prt1 8A397920
Device \FileSystem\Fastfat \Fat 8A434430
Device \FileSystem\Fastfat \Fat 8A361168
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A457198
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A457198
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A457198
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A457198
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A457198
Device \FileSystem\Cdfs \Cdfs 89DE1430
Device \FileSystem\Cdfs \Cdfs 8A59B388
---- Modules - GMER 1.0.15 ----
Module _________ B9D96000-B9DAE000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0x8B 0x91 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x73 0xEF 0xF3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0x8B 0x91 0x9E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x73 0xEF 0xF3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x6B 0x0E 0x0F 0xD4 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{97ecd6cd-5986-47d6-8cb0-64494b871aba}@Model 292
Reg HKLM\SOFTWARE\Classes\CLSID\{97ecd6cd-5986-47d6-8cb0-64494b871aba}@Therad 14
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{31BAC292-9F46-71B7-FBB0-368B899635FA}
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61
Disk \Device\Harddisk0\DR0 PE file @ sector 488392065
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-03 23:17:15
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0
\Device\Ide\IdeDeviceP0T0L0-3 ST3250620AS rev.3.AACRunning: gmer.exe; Driver: C:\DOCUME~1\ANKAIP~1\USTAWI~1\Temp\awlorpob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAllocateVirtualMemory [0xB2E5FB94]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAssignProcessToJobObject [0xB2E5F586]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xB9E00818]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwConnectPort [0xB2E5F5DA]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateFile [0xB2E5F640]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xB9E007D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB9DF4A20]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcess [0xB2E5F72E]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcessEx [0xB2E5F7BA]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateThread [0xB2E5F84A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDebugActiveProcess [0xB2E5F980]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDuplicateObject [0xB2E5F9D4]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9DF52A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9E00910]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwLoadDriver [0xB2E5FA3A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenKey [0xB2E5FA8C]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenSection [0xB2E5FAE4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenThread [0xB2E5FB3C]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwProtectVirtualMemory [0xB2E5FBFA]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB9DF52C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xB9E00866]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwResumeThread [0xB2E5FCB6]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSecureConnectPort [0xB2E5FD74]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB9E000B0]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSetValueKey [0xB2E5FD08]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSuspendProcess [0xB2E5FDDE]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSystemDebugControl [0xB2E5FE30]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwTerminateProcess [0xB2E5FE90]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwWriteVirtualMemory [0xB2E5FEF4]
INT 0x62 ? 8A619CC8
INT 0x63 ? 8A64CCC8
INT 0x82 ? 8A619CC8
INT 0x83 ? 8A646CC8
INT 0xA4 ? 8A646CC8
INT 0xB4 ? 8A646CC8
---- Kernel code sections - GMER 1.0.15 ----
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F8CD38]
? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8E70360, 0x1DEE5D, 0xE8000020]
.text USBPORT.SYS!DllUnload B8E098AC 5 Bytes JMP 8A6461D8
.text a0kmhonb.SYS B8D59306 74 Bytes [00, 00, 00, 40, 03, 00, 40, ...]
.text a0kmhonb.SYS B8D59351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a0kmhonb.SYS B8D593A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a0kmhonb.SYS B8D593B4 34 Bytes [40, 00, 00, C8, 50, 41, 47, ...]
.text a0kmhonb.SYS B8D593D7 1 Byte [00]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E96574] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E960C0] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E96FE0] sptd.sys
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[HAL.dll!KeGetCurrentIrql] 830C4D8A
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[HAL.dll!KfAcquireSpinLock] 0001CCB8
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[HAL.dll!KfReleaseSpinLock] 48880000
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[HAL.dll!KfRaiseIrql] C0940F68
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[HAL.dll!KfLowerIrql] 8B55C35D
IAT \SystemRoot\System32\Drivers\a0kmhonb.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 458D5653
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A6451F8
Device \FileSystem\Ntfs \Ntfs 8A5A1B30
Device \FileSystem\Fastfat \FatCdrom 8A434430
Device \FileSystem\Fastfat \FatCdrom 8A361168
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
Device \Driver\usbstor \Device\0000009f 89DE0430
Device \Driver\usbuhci \Device\USBPDO-0 8A4061F8
Device \Driver\usbuhci \Device\USBPDO-1 8A4061F8
Device \Driver\usbuhci \Device\USBPDO-2 8A4061F8
Device \Driver\usbuhci \Device\USBPDO-3 8A4061F8
Device \Driver\usbstor \Device\000000a0 89DE0430
Device \Driver\usbehci \Device\USBPDO-4 8A3EF1F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbstor \Device\000000a1 89DE0430
Device \Driver\PCI_PNP2212 \Device\00000062 sptd.sys
Device \Driver\PCI_PNP2212 \Device\00000062 sptd.sys
Device \Driver\usbstor \Device\000000a2 89DE0430
Device \Driver\usbstor \Device\000000a3 89DE0430
Device \Driver\Cdrom \Device\CdRom0 8A2A5488
Device \FileSystem\Rdbss \Device\FsWrap 8A3900E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A2B7AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A2B7AD8
Device \Driver\atapi \Device\Ide\IdePort0 8A2B7AD8
Device \Driver\atapi \Device\Ide\IdePort1 8A2B7AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A2B7AD8
Device \Driver\Cdrom \Device\CdRom1 8A2A5488
Device \Driver\Cdrom \Device\CdRom2 8A2A5488
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E4C430
Device \Driver\NetBT \Device\NetBT_Tcpip_{AA811EE8-8579-4AF5-9C8A-E121556FB5A6} 89E4C430
Device \Driver\NetBT \Device\NetbiosSmb 89E4C430
Device \FileSystem\Srv \Device\LanmanServer 89F08D58
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 8A4061F8
Device \Driver\usbstor \Device\00000099 89DE0430
Device \Driver\usbuhci \Device\USBFDO-1 8A4061F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2EC430
Device \Driver\usbuhci \Device\USBFDO-2 8A4061F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2EC430
Device \Driver\usbuhci \Device\USBFDO-3 8A4061F8
Device \FileSystem\Npfs \Device\NamedPipe 89DEC238
Device \Driver\usbehci \Device\USBFDO-4 8A3EF1F8
Device \FileSystem\Msfs \Device\Mailslot 89DCF1E8
Device \Driver\a0kmhonb \Device\Scsi\a0kmhonb1 8A30A430
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 8A397920
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 8913E388
Device \Driver\iteraid \Device\Scsi\iteraid1 8A6481F8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 8913E388
Device \Driver\d347prt \Device\Scsi\d347prt1 8A397920
Device \FileSystem\Fastfat \Fat 8A434430
Device \FileSystem\Fastfat \Fat 8A361168
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A457198
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A457198
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A457198
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A457198
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A457198
Device \FileSystem\Cdfs \Cdfs 89DE1430
Device \FileSystem\Cdfs \Cdfs 8A59B388
---- Modules - GMER 1.0.15 ----
Module _________ B9D96000-B9DAE000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0x8B 0x91 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x73 0xEF 0xF3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0x8B 0x91 0x9E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x73 0xEF 0xF3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x6B 0x0E 0x0F 0xD4 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{97ecd6cd-5986-47d6-8cb0-64494b871aba}@Model 292
Reg HKLM\SOFTWARE\Classes\CLSID\{97ecd6cd-5986-47d6-8cb0-64494b871aba}@Therad 14
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{31BAC292-9F46-71B7-FBB0-368B899635FA}
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61
Disk \Device\Harddisk0\DR0 PE file @ sector 488392065
---- EOF - GMER 1.0.15 ----
-
Piotrek1979 - Forumowicz
- Posty: 44
- Dołączenie: 16 Sty 2010, 21:58
Re: Wirus NSAnti
przez mateo8898 » 04 Kwi 2012, 19:19
UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
Użyj TDSSKiller otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p120292 i podaj log.
otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p120292 i podaj log.-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Wirus NSAnti
przez Piotrek1979 » 04 Kwi 2012, 21:09
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Log z TDSSKiller :
http://wklej.eu/index.php?id=626fa30f48
Po kliknięciu continue program kończy pracę ,nie proponuje wyłączenia komputera.
http://wklej.eu/index.php?id=626fa30f48
Po kliknięciu continue program kończy pracę ,nie proponuje wyłączenia komputera.
-
Piotrek1979 - Forumowicz
- Posty: 44
- Dołączenie: 16 Sty 2010, 21:58
Re: Wirus NSAnti
przez mateo8898 » 04 Kwi 2012, 22:12
UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
Hmm, dla pewności wrzuć jeszcze raport z MBRCheck http://www.instalki.pl/programy/downloa ... Check.html
http://www.instalki.pl/programy/downloa ... Check.htmlAutor postu otrzymał pochwałę
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Wirus NSAnti
przez Piotrek1979 » 04 Kwi 2012, 22:26
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Robię tym Mbr-em,ale nie mam nigdzie raportu.Po kliknięciu enter zamyka się.
Może dam zrzut:
Może dam zrzut:
-
Piotrek1979 - Forumowicz
- Posty: 44
- Dołączenie: 16 Sty 2010, 21:58
Re: Wirus NSAnti
przez Piotrek1979 » 04 Kwi 2012, 22:31
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Sorki,mój błąd.Nie umieściłem programu na partycji systemowej 
Oto raport:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAC Harddisk0\DR0 \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x1d1c4581 size 0x194 !
copy of MBR has been found in sector 62 !
Oto raport:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAC
Harddisk0\DR0 \Device\Ide\IdeDeviceP0T0L0-3 device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x1d1c4581 size 0x194 !
copy of MBR has been found in sector 62 !
-
Piotrek1979 - Forumowicz
- Posty: 44
- Dołączenie: 16 Sty 2010, 21:58
Re: Wirus NSAnti
przez kominekl » 05 Kwi 2012, 13:52
UA: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0
Wejdź w START Uruchom Msconfig Usługi odznacz usługę NVIDIA Display Driver Service.
Następnie odinstaluj Eusing Free Registry Cleaner (masz CCleaner`a) i HijackThis (staroć).
Następnie uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:
Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.
Uruchom Msconfig Usługi odznacz usługę NVIDIA Display Driver Service.Następnie odinstaluj
Eusing Free Registry Cleaner (masz CCleaner`a) i HijackThis (staroć).Następnie uruchom OTL
w oknie Własne opcje skanowania/skrypt wklej:- Kod: Zaznacz wszystko
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a0kmhonb)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E8502B01-4EC7-44CC-AFEE-F2DE0C0698E8}&mid=0cb9316c67157c328ca0a87d6ac1779c-06ce4fc639803a2e3563922518183d8e94088cb9&lang=pl&ds=AVG&pr=pa&d=2011-12-05 12:22:07&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\SearchScopes\{9B0257E0-A740-4BEF-BE93-FD394A4FCD93}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B89c68526-02d5-4061-97a6-acc023932f57%7D&mid=0cb9316c67157c328ca0a87d6ac1779c-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=10.0.0.7&lang=pl&pr=pa&d=2011-12-05%2012%3A22%3A07&sap=ku&q="
[2011-10-29 19:39:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6C3B8FB5
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CE11B51
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7631EA83
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
:Files
C:\Documents and Settings\All Users\Dane aplikacji\TEMP
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=-
"NvMediaCenter"=-
:Commands
[clearallrestorepoints]
[emptytemp]
Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
-
kominekl - Przyjaciel forum
- Posty: 4530
- Dołączenie: 03 Sty 2010, 16:07
- Miejscowość: Pasztowa Wola Kolonia
- Pochwały: 174
Re: Wirus NSAnti
przez Piotrek1979 » 05 Kwi 2012, 17:16
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Log z usuwania:
All processes killed
========== OTL ==========
Error: No service named a0kmhonb was found to stop!
Service\Driver key a0kmhonb not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E02D41C-5924-4816-9490-33CCD28BEB72}\ not found.
Registry key HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9B0257E0-A740-4BEF-BE93-FD394A4FCD93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B0257E0-A740-4BEF-BE93-FD394A4FCD93}\ not found.
Registry key HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
HKU\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://isearch.avg.com/search?cid=%7B89c68526-02d5-4061-97a6-acc023932f57%7D&mid=0cb9316c67157c328ca0a87d6ac1779c-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=10.0.0.7&lang=pl&pr=pa&d=2011-12-05%2012%3A22%3A07&sap=ku&q=" removed from keyword.URL
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\local\modules folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\local folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\defaults\preferences folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\defaults folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\components folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\chrome folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) folder moved successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6C3B8FB5 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CE11B51 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7631EA83 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Dane aplikacji\TEMP folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!
[EMPTYTEMP]
User: All Users
User: Anka i Piotrek
Temp folder emptied: 402890 bytes
Temporary Internet Files folder emptied: 33434 bytes
Java cache emptied: 0 bytes
FireFox cache emptied: 515415045 bytes
Flash cache emptied: 2008 bytes
User: Default User
Temp folder emptied: 0 bytes
Temporary Internet Files folder emptied: 0 bytes
User: LocalService
Temp folder emptied: 66016 bytes
Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
Temp folder emptied: 0 bytes
Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1635363 bytes
RecycleBin emptied: 151020 bytes
Total Files Cleaned = 494,00 mb
OTL by OldTimer - Version 3.2.39.2 log created on 04052012_170305
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Nowy Extras:
http://wklej.eu/index.php?id=175960bee9
Nowy OTL:
http://wklej.eu/index.php?id=536d6a4bff
Tego programu HijackThis nie mogę znaleźć nigdzie
All processes killed
========== OTL ==========
Error: No service named a0kmhonb was found to stop!
Service\Driver key a0kmhonb not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-796845957-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E02D41C-5924-4816-9490-33CCD28BEB72}\ not found.
Registry key HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9B0257E0-A740-4BEF-BE93-FD394A4FCD93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B0257E0-A740-4BEF-BE93-FD394A4FCD93}\ not found.
Registry key HKEY_USERS\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
HKU\S-1-5-21-796845957-1229272821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://isearch.avg.com/search?cid=%7B89c68526-02d5-4061-97a6-acc023932f57%7D&mid=0cb9316c67157c328ca0a87d6ac1779c-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=10.0.0.7&lang=pl&pr=pa&d=2011-12-05%2012%3A22%3A07&sap=ku&q=" removed from keyword.URL
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\local\modules folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\local folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\defaults\preferences folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\defaults folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\components folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)\chrome folder moved successfully.
C:\Documents and Settings\Anka i Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2w000txu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) folder moved successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6C3B8FB5 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CE11B51 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7631EA83 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Dane aplikacji\TEMP folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!
[EMPTYTEMP]
User: All Users
User: Anka i Piotrek
Temp folder emptied: 402890 bytesTemporary Internet Files folder emptied: 33434 bytesJava cache emptied: 0 bytesFireFox cache emptied: 515415045 bytesFlash cache emptied: 2008 bytesUser: Default User
Temp folder emptied: 0 bytesTemporary Internet Files folder emptied: 0 bytesUser: LocalService
Temp folder emptied: 66016 bytesTemporary Internet Files folder emptied: 33170 bytesUser: NetworkService
Temp folder emptied: 0 bytesTemporary Internet Files folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1635363 bytes
RecycleBin emptied: 151020 bytes
Total Files Cleaned = 494,00 mb
OTL by OldTimer - Version 3.2.39.2 log created on 04052012_170305
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Nowy Extras:
http://wklej.eu/index.php?id=175960bee9
Nowy OTL:
http://wklej.eu/index.php?id=536d6a4bff
Tego programu HijackThis nie mogę znaleźć nigdzie
-
Piotrek1979 - Forumowicz
- Posty: 44
- Dołączenie: 16 Sty 2010, 21:58
Re: Wirus NSAnti
przez kominekl » 05 Kwi 2012, 17:59
UA: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0
Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:
Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie w OTL Sprzątanie.
Odinstaluj starą wersję Java`y Java(TM) 6 Update 13 i zainstaluj najnowszą http://www.instalki.pl/programy/downloa ... /Java.html.
Odinstaluj starą wersję programu do odczytu .PDF Adobe Reader 7.
Odinstaluj starą wersję paczki kodeków K-Lite Codec Pack 5.8.3. Zainstaluj najnowszą wersję K-Lite Codec Pack https://www.instalki.pl/download/programy/windows/multimedia/kodeki/k-lite-codec-pack-full/.
Odinstaluj starą wersję Skype`a Skype™ 5.5 i zainstaluj najnowszą http://www.instalki.pl/programy/downloa ... Skype.html.
Zaktualizuj Firefox`a do najnowszej wersji (Firefox Pomoc Sprawdź dostępność aktualizacji...).
Przeczyść dysk i rejestr CCleaner`em https://www.instalki.pl/download/programy/windows/narzedzia/narzedzia-systemowe/ccleaner/.
Wykonaj pełne skanowanie Malwarebytes`em Anti-Malware (nie gódź się na wersję testową) https://www.instalki.pl/download/programy/windows/bezpieczenstwo/antyspyware/malwarebytes/, jeśli coś znajdzie usuń i daj raport.
w oknie Własne opcje skanowania/skrypt wklej:- Kod: Zaznacz wszystko
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ayxenpu9)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6
:Files
C:\Documents and Settings\All Users\Dane aplikacji\TEMP
C:\WINDOWS\tasks\SA.DAT
C:\mbr.exe
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis]
:Commands
[clearallrestorepoints]
[emptytemp]
Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie w OTL
Sprzątanie.Odinstaluj starą wersję Java`y
Java(TM) 6 Update 13 i zainstaluj najnowszą http://www.instalki.pl/programy/downloa ... /Java.html.Odinstaluj starą wersję programu do odczytu .PDF
Adobe Reader 7.Odinstaluj starą wersję paczki kodeków K-Lite Codec Pack 5.8.3. Zainstaluj najnowszą wersję K-Lite Codec Pack
https://www.instalki.pl/download/programy/windows/multimedia/kodeki/k-lite-codec-pack-full/.Odinstaluj starą wersję Skype`a
Skype™ 5.5 i zainstaluj najnowszą http://www.instalki.pl/programy/downloa ... Skype.html.Zaktualizuj Firefox`a do najnowszej wersji (Firefox
Pomoc Sprawdź dostępność aktualizacji...).Przeczyść dysk i rejestr CCleaner`em
https://www.instalki.pl/download/programy/windows/narzedzia/narzedzia-systemowe/ccleaner/.Wykonaj pełne skanowanie Malwarebytes`em Anti-Malware (nie gódź się na wersję testową)
https://www.instalki.pl/download/programy/windows/bezpieczenstwo/antyspyware/malwarebytes/, jeśli coś znajdzie usuń i daj raport.Autor postu otrzymał pochwałę
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
-
kominekl - Przyjaciel forum
- Posty: 4530
- Dołączenie: 03 Sty 2010, 16:07
- Miejscowość: Pasztowa Wola Kolonia
- Pochwały: 174
Re: Wirus NSAnti
przez Piotrek1979 » 05 Kwi 2012, 18:09
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Log z usuwania:
All processes killed
========== OTL ==========
Error: No service named ayxenpu9 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ayxenpu9 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6 deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Dane aplikacji\TEMP folder moved successfully.
C:\WINDOWS\tasks\SA.DAT moved successfully.
C:\mbr.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\ deleted successfully.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!
[EMPTYTEMP]
User: All Users
User: Anka i Piotrek
Temp folder emptied: 957534 bytes
Temporary Internet Files folder emptied: 33170 bytes
Java cache emptied: 0 bytes
FireFox cache emptied: 29739110 bytes
Flash cache emptied: 456 bytes
User: Default User
Temp folder emptied: 0 bytes
Temporary Internet Files folder emptied: 0 bytes
User: LocalService
Temp folder emptied: 0 bytes
Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
Temp folder emptied: 0 bytes
Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3354451 bytes
RecycleBin emptied: 1758610 bytes
Total Files Cleaned = 34,00 mb
OTL by OldTimer - Version 3.2.39.2 log created on 04052012_180743
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Teraz biorę się za resztę zadań.Dziękuję Wam chłopaki ,Wasza pomoc jest bezcenna.Szacun.
All processes killed
========== OTL ==========
Error: No service named ayxenpu9 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ayxenpu9 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6 deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Dane aplikacji\TEMP folder moved successfully.
C:\WINDOWS\tasks\SA.DAT moved successfully.
C:\mbr.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\ deleted successfully.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!
[EMPTYTEMP]
User: All Users
User: Anka i Piotrek
Temp folder emptied: 957534 bytesTemporary Internet Files folder emptied: 33170 bytesJava cache emptied: 0 bytesFireFox cache emptied: 29739110 bytesFlash cache emptied: 456 bytesUser: Default User
Temp folder emptied: 0 bytesTemporary Internet Files folder emptied: 0 bytesUser: LocalService
Temp folder emptied: 0 bytesTemporary Internet Files folder emptied: 33170 bytesUser: NetworkService
Temp folder emptied: 0 bytesTemporary Internet Files folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3354451 bytes
RecycleBin emptied: 1758610 bytes
Total Files Cleaned = 34,00 mb
OTL by OldTimer - Version 3.2.39.2 log created on 04052012_180743
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Teraz biorę się za resztę zadań.Dziękuję Wam chłopaki ,Wasza pomoc jest bezcenna.Szacun.
-
Piotrek1979 - Forumowicz
- Posty: 44
- Dołączenie: 16 Sty 2010, 21:58
Re: Wirus NSAnti
przez kominekl » 05 Kwi 2012, 18:15
UA: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0
OK 
. Wykonaj resztę instrukcji.
. Wykonaj resztę instrukcji.Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
-
kominekl - Przyjaciel forum
- Posty: 4530
- Dołączenie: 03 Sty 2010, 16:07
- Miejscowość: Pasztowa Wola Kolonia
- Pochwały: 174
14 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot]