http://wklej.org/id/583636/
http://wklej.org/id/583641/
i po skanowaniu:
http://wklej.org/id/583642/
Niestety nie mam raportu z gmer'a i nie mam jak zrobić w tej chwili. Jeśli uda się bez niego, będę bardzo wdzięczny.
:Processes
killallprocesses
:Files
C:\Windows\update.7.1\svchostdriver.exe
C:\Program Files\Winamp Toolbar
C:\Program Files\DAEMON Tools Toolbar
:OTL
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O31 - SafeBoot: AlternateShell - services32.exe
[2011/08/21 19:30:12 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-10-0-lnk
[2011/08/21 19:30:12 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-10-0
[2011/08/21 11:27:38 | 000,000,000 | ---D | C] -- C:\windows\ufa
[2011/08/21 11:27:38 | 000,000,000 | ---D | C] -- C:\windows\phoenix
[2011/08/21 11:15:29 | 000,000,000 | -H-D | C] -- C:\windows\update.5.0
[2011/08/21 11:13:32 | 000,000,000 | -H-D | C] -- C:\windows\update.2
[2011/08/21 11:12:12 | 000,000,000 | -H-D | C] -- C:\windows\update.7.1
[2011/08/21 11:08:37 | 000,000,000 | ---D | C] -- C:\windows\av_ico
[2011/08/21 11:06:24 | 000,000,000 | -H-D | C] -- C:\windows\update.1
[2011/08/21 11:06:21 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-8-0-lnk
[2011/08/21 11:06:21 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-8-0
[2011/08/21 11:06:21 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-7-0-lnk
[2011/08/21 11:06:21 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-7-0
[2011/08/21 11:27:37 | 005,589,370 | ---- | M] () -- C:\windows\phoenix.rar
[2011/08/21 11:27:37 | 001,075,284 | ---- | M] () -- C:\windows\rpcminer.rar
[2011/08/21 11:27:37 | 000,246,272 | ---- | M] () -- C:\windows\unrar.exe
[2011/08/21 11:27:37 | 000,182,617 | ---- | M] () -- C:\windows\ufa.rar
[2011/08/21 11:13:28 | 000,904,792 | ---- | M] () -- C:\windows\geoiplist.rar
[2011/08/21 11:09:43 | 000,000,000 | ---- | M] () -- C:\windows\loader2.exe_ok
@Alternate Data Stream - 24 bytes -> C:\Windows:57CFBFD3A2B367C6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:ABE89FFE
:Services
ddservice
NAV
AntiVirService
AntiVirSchedulerService
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
:Commands
[emptytemp]
[emptyflash]
[resethosts]
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 19 gości