Avira skasował zainfekowane pliki ?

[Krushyna]

ostatnio komp niemiłosiernie mi zamulał więc włączyłam skaner - wykryto worma - na koniec była tylko opcja repair all- czy to już po wszystkim?
z góry dziękuje za pomoc!

Kod:

Avira AntiVir Personal
Report file date: 24 kwietnia 201015:02

Scanning for 2035268 virus strains and unwanted programs.

Licensee: Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform: Windows XP
Windows version : (Dodatek Service Pack 2)[5.1.2600]
Boot mode : Normally booted
Username: SYSTEM
Computer name : AMD

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes2010-03-09 10:29:00
AVSCAN.EXE: 9.0.3.10 466689 Bytes2009-11-19 17:50:45
AVSCAN.DLL: 9.0.3.0 40705 Bytes2009-02-27 08:58:24
LUKE.DLL: 9.0.3.2209665 Bytes2009-02-20 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes2009-02-27 08:58:52
VBASE000.VDF: 7.10.0.0 19875328 Bytes2009-11-06 17:50:42
VBASE001.VDF: 7.10.1.01372672 Bytes2009-11-19 17:47:36
VBASE002.VDF: 7.10.3.13143680 Bytes2010-01-20 18:28:11
VBASE003.VDF: 7.10.3.75996864 Bytes2010-01-26 18:19:34
VBASE004.VDF: 7.10.4.203 1579008 Bytes2010-03-05 23:24:20
VBASE005.VDF: 7.10.6.82 2494464 Bytes2010-04-15 16:08:56
VBASE006.VDF: 7.10.6.832048 Bytes2010-04-15 16:08:56
VBASE007.VDF: 7.10.6.842048 Bytes2010-04-15 16:08:57
VBASE008.VDF: 7.10.6.852048 Bytes2010-04-15 16:08:58
VBASE009.VDF: 7.10.6.862048 Bytes2010-04-15 16:08:58
VBASE010.VDF: 7.10.6.872048 Bytes2010-04-15 16:08:58
VBASE011.VDF: 7.10.6.882048 Bytes2010-04-15 16:08:58
VBASE012.VDF: 7.10.6.892048 Bytes2010-04-15 16:08:59
VBASE013.VDF: 7.10.6.902048 Bytes2010-04-15 16:08:59
VBASE014.VDF: 7.10.6.123126464 Bytes2010-04-19 16:01:54
VBASE015.VDF: 7.10.6.152123392 Bytes2010-04-21 16:01:29
VBASE016.VDF: 7.10.6.178122880 Bytes2010-04-22 16:03:00
VBASE017.VDF: 7.10.6.1792048 Bytes2010-04-22 16:03:00
VBASE018.VDF: 7.10.6.1802048 Bytes2010-04-22 16:03:00
VBASE019.VDF: 7.10.6.1812048 Bytes2010-04-22 16:03:00
VBASE020.VDF: 7.10.6.1822048 Bytes2010-04-22 16:03:01
VBASE021.VDF: 7.10.6.1832048 Bytes2010-04-22 16:03:01
VBASE022.VDF: 7.10.6.1842048 Bytes2010-04-22 16:03:01
VBASE023.VDF: 7.10.6.1852048 Bytes2010-04-22 16:03:01
VBASE024.VDF: 7.10.6.1862048 Bytes2010-04-22 16:03:01
VBASE025.VDF: 7.10.6.1872048 Bytes2010-04-22 16:03:01
VBASE026.VDF: 7.10.6.1882048 Bytes2010-04-22 16:03:01
VBASE027.VDF: 7.10.6.1892048 Bytes2010-04-22 16:03:01
VBASE028.VDF: 7.10.6.1902048 Bytes2010-04-22 16:03:02
VBASE029.VDF: 7.10.6.1912048 Bytes2010-04-22 16:03:02
VBASE030.VDF: 7.10.6.1922048 Bytes2010-04-22 16:03:02
VBASE031.VDF: 7.10.6.196 40960 Bytes2010-04-23 16:03:03
Engineversion : 8.2.1.224
AEVDF.DLL : 8.1.2.0106868 Bytes2010-04-23 16:03:08
AESCRIPT.DLL: 8.1.3.271294714 Bytes2010-04-23 16:03:08
AESCN.DLL : 8.1.5.0127347 Bytes2010-02-26 17:51:59
AESBX.DLL : 8.1.3.1254324 Bytes2010-04-23 16:03:10
AERDL.DLL : 8.1.4.6541043 Bytes2010-04-16 16:09:17
AEPACK.DLL: 8.2.1.1426358 Bytes2010-03-19 23:26:34
AEOFFICE.DLL: 8.1.0.41 201083 Bytes2010-03-17 23:27:52
AEHEUR.DLL: 8.1.1.242613623 Bytes2010-04-16 16:09:15
AEHELP.DLL: 8.1.11.3 242039 Bytes2010-04-02 14:44:38
AEGEN.DLL : 8.1.3.7373106 Bytes2010-04-16 16:09:06
AEEMU.DLL : 8.1.2.0393588 Bytes2010-04-23 16:03:04
AECORE.DLL: 8.1.13.1 188790 Bytes2010-04-02 14:44:35
AEBB.DLL: 8.1.1.0 53618 Bytes2010-04-23 16:03:03
AVWINLL.DLL : 9.0.0.3 18177 Bytes2008-12-12 06:47:59
AVPREF.DLL: 9.0.3.0 44289 Bytes2009-09-09 12:05:02
AVREP.DLL : 8.0.0.7159784 Bytes2010-02-17 17:49:51
AVREG.DLL : 9.0.0.0 36609 Bytes2008-12-05 08:32:09
AVARKT.DLL: 9.0.0.3292609 Bytes2009-06-26 04:10:27
AVEVTLOG.DLL: 9.0.0.7167169 Bytes2009-01-30 08:37:08
SQLITE3.DLL : 3.6.1.0326401 Bytes2009-01-28 13:03:49
SMTPLIB.DLL : 9.2.0.2528417 Bytes2009-02-02 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes2008-12-05 08:32:10
RCIMAGE.DLL : 9.0.0.252438913 Bytes2009-06-26 04:10:23
RCTEXT.DLL: 9.0.73.086785 Bytes2009-11-19 17:50:39

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 24 kwietnia 201015:02

Starting search for hidden objects.
''36176'' objects were checked, ''0'' hidden objects were found.

The scan of running processes will be started
Scan process ''avscan.exe'' - ''1'' Module(s) have been scanned
Scan process ''Watch.exe'' - ''1'' Module(s) have been scanned
Scan process ''ComComp.exe'' - ''1'' Module(s) have been scanned
Scan process ''NeostradaTP.exe'' - ''1'' Module(s) have been scanned
Scan process ''alg.exe'' - ''1'' Module(s) have been scanned
Scan process ''hprblog.exe'' - ''1'' Module(s) have been scanned
Scan process ''hpqste08.exe'' - ''1'' Module(s) have been scanned
Scan process ''NkMonitor.exe'' - ''1'' Module(s) have been scanned
Scan process ''hpqtra08.exe'' - ''1'' Module(s) have been scanned
Scan process ''dslmon.exe'' - ''1'' Module(s) have been scanned
Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned
Scan process ''RichVideo.exe'' - ''1'' Module(s) have been scanned
Scan process ''soundman.exe'' - ''1'' Module(s) have been scanned
Scan process ''rundll32.exe'' - ''1'' Module(s) have been scanned
Scan process ''avgnt.exe'' - ''1'' Module(s) have been scanned
Scan process ''pctspk.exe'' - ''1'' Module(s) have been scanned
Scan process ''PicasaMediaDetector.exe'' - ''1'' Module(s) have been scanned
Scan process ''hpwuSchd2.exe'' - ''1'' Module(s) have been scanned
Scan process ''mixer.exe'' - ''1'' Module(s) have been scanned
Scan process ''jusched.exe'' - ''1'' Module(s) have been scanned
Scan process ''jqs.exe'' - ''1'' Module(s) have been scanned
Scan process ''PDVDServ.exe'' - ''1'' Module(s) have been scanned
Scan process ''TaskBarIcon.exe'' - ''1'' Module(s) have been scanned
Scan process ''CnxMon.exe'' - ''1'' Module(s) have been scanned
Scan process ''ApplicationUpdater.exe'' - ''1'' Module(s) have been scanned
Scan process ''avguard.exe'' - ''1'' Module(s) have been scanned
Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned
Scan process ''sched.exe'' - ''1'' Module(s) have been scanned
Scan process ''spoolsv.exe'' - ''1'' Module(s) have been scanned
Scan process ''explorer.exe'' - ''1'' Module(s) have been scanned
Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned
Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned
Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned
Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned
Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned
Scan process ''lsass.exe'' - ''1'' Module(s) have been scanned
Scan process ''services.exe'' - ''1'' Module(s) have been scanned
Scan process ''winlogon.exe'' - ''1'' Module(s) have been scanned
Scan process ''csrss.exe'' - ''1'' Module(s) have been scanned
Scan process ''smss.exe'' - ''1'' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO]No virus was found!
Master boot sector HD1
[INFO]No virus was found!

Start scanning boot sectors:
Boot sector ''C:\''
[INFO]No virus was found!
Boot sector ''D:\''
[INFO]No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( ''56'' files ).


Starting the file scan:

Begin scan in ''C:\'' <system>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE]This file is a Windows system file.
[NOTE]This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE]This file is a Windows system file.
[NOTE]This file cannot be opened for scanning.
C:\Program Files\Combined Community Codec Pack\Filters\wmv9vcm.dll
[WARNING] The file could not be opened!
C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_liba52.dll
[WARNING] The file could not be opened!
C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll
[WARNING] The file could not be opened!
C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\libavcodec.dll
[WARNING] The file could not be opened!
C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\libmplayer.dll
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{A3811903-6B06-4B09-996B-F0C16F95C041}\RP220\A0053519.exe
[DETECTION] Contains recognition pattern of the WORM/Generic.8056 worm
C:\WINDOWS\system32\Ir50_32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ir50_qcx.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\iyuv_32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\krnl386.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\msexch40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\msexcl40.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\wifeman.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\win.com
[WARNING] The file could not be opened!
C:\WINDOWS\system32\win87em.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\Setup\msgrocm.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\usmt\iconlib.dll
[WARNING] The file could not be opened!
Begin scan in ''D:\'' <Dysk lokalny>

Beginning disinfection:
C:\System Volume Information\_restore{A3811903-6B06-4B09-996B-F0C16F95C041}\RP220\A0053519.exe
[DETECTION] Contains recognition pattern of the WORM/Generic.8056 worm
[NOTE]The file was moved to ''4c030b80.qua''!


End of the scan: 24 kwietnia 201017:16
Used time:1:57:34 Hour(s)

The scan has been done completely.

4886 Scanned directories
182658 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
18 Files cannot be scanned
182639 Files not concerned
843 Archives were scanned
18 Warnings
3 Notes
36176 Objects were scanned with rootkit scan
0 Hidden objects were found

Kod:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:51, on 2010-04-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
F3 - REG:win.ini: run=
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''USŁUGA LOKALNA'')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User ''USŁUGA LOKALNA'')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User ''USŁUGA LOKALNA'')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User ''USŁUGA LOKALNA'')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User ''USŁUGA LOKALNA'')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User ''USŁUGA LOKALNA'')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''USŁUGA SIECIOWA'')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User ''USŁUGA SIECIOWA'')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''Default user'')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DE248EF-A0AA-4020-9269-833A986602B5}: NameServer = 194.204.159.1 194.204.152.34
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 8778 bytes

[polak900]

jeżeli nie ma żadnych komunikatów to może i tak
zrób skan mbam na koniec i pokaż wynik

[lunaticdreams]

Przeskanuj
tym

[Aby zobaczyć linki, zarejestruj się tutaj]

lub
tym

[Aby zobaczyć linki, zarejestruj się tutaj]

[martini]

Jako że to xp zawsze można użyc combofix-a..
I może dodać sp3.. Lepiej miec zaktualizowanego windowsa..
I zaktualizować IE do wersji 8. Nawet jak go nie używasz..

[Krushyna]

no ładnie 35 zainfekowanych ;/
czy moge to wszystko usunąć?
czy jest coś co jednak powinno zostać dla sprawnego funkcjionowania?
Dziękuję Wam za pomoc!

Kod:

Malwarebytes'' Anti-Malware 1.45
www.malwarebytes.org

Wersja bazy: 4032

Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

2010-04-24 20:27:05
mbam-log-2010-04-24 (20-27-05).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 104387
Upłynęło: 40 minut(y), 20 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 1
Zainfekowanych kluczy rejestru: 12
Zainfekowanych wartości rejestru: 2
Zainfekowane informacje rejestru systemowego: 1
Zainfekowanych folderów: 6
Zainfekowanych plików: 14

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> No action taken.

Zainfekowanych kluczy rejestru:
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken.

Zainfekowanych wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

Zainfekowane informacje rejestru systemowego:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Zainfekowanych folderów:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

Zainfekowanych plików:
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\Cache\0003A677.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\Cache\0003AE54.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\Cache\0003B880.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\Cache\001C650B (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\Cache\0098F85F (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyGlobalSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> No action taken.

[zord]

tak można to śmiało wywalić

[Eugeniusz]

Jeśli komputer Ci zamula:
-użyj CCleanera (rejestr i pliki)
-zainstaluj HD Tune i pokaż raport S.M.A.R.T. (zakładka health i info)

[martini]

CCleaner masz

[Aby zobaczyć linki, zarejestruj się tutaj]

HD Tune

[Aby zobaczyć linki, zarejestruj się tutaj]

[Krushyna]

czyli moge to wszystko usunąć, a potem użyć ccleanera i hd?

ile tych programów musze miec zainstalowanych żeby miec pewnosc że jest okej ;p?
bo jedni mówią o combo drudzy o czymś innym, troszkę zgłupiałam ;]

[martini]

usuń wszystko co znalazł mbam, potem użyj ccleaner.
jeśli wszystko będzie stabilnie to powinno być już dobrze.

[Krushyna]

dziękuje

[ELWIS1]

Krushyna,awylaczylas przywracanie systemu?

[polak900]

Krushyna,awylaczylas przywracanie systemu?

---

Dobra rada

[krzysiekx]

Uprzedzam pytania:

Panel sterowania - System - Przywracanie Systemu - Wyłącz przywracanie systemu na wszystkich dyskach ( trzeba zaznaczyć tą opcję)

Punkty przywracania systemu czasem się przydają, więc możesz je wyłączyć a następnie znowu włączyć. Wtedy zostaną wyczyszczone foldery System Volume Information w, których dość często czai się malware.

[bierni]

dla spokoju przeskanuj

[Aby zobaczyć linki, zarejestruj się tutaj]

[Krushyna]

nie wyłączyłam...^^
stosowałam się do waszych wskazówek, a takowej nie było ;]
więc cóż teraz ;] ?

p.s. firefox dalej chodzi jakby chciał a nie mógł.

[ELWIS1]

Teraz musisz wylaczyc przywracanie systemu i przeskanowac jeszcze raz Malwarebytes (tym co wczesniej skanowalas), potem zrob restarta, nie wlaczaj przywracania systemu i daj jeszcze raz logi z Hijack, bo widze tam pelno niepotrzebnych programow uruchamianych ze startem kompa.

[Serafin]

Wrzuć log z

[Aby zobaczyć linki, zarejestruj się tutaj]

[krzysiekx]

HijackThis jest już przestarzały i w związku z tym bezużyteczny. Wyłączenie i włączenie skanowania systemu plus skan Malwarebytes'' Anti-Malware w zupełności powinno wystarczyć. Jeśli jednak dalej sądzisz, że coś czai się w systemie to wykonaj pełny skan Hitmanem Pro. I to byłoby na tyle.

Firefox często tak chodzi, nie dziw się jeśli masz milion add-onów.

[Krushyna]

wyłączyłam przywracanie systemu, przeskanowałam mbam-em, zrestartowałam komputer
i czym teraz przeskanować?
i czy mogę właczyc spowrotem przywracanie czy lepiej nie,

dzięki Wam serdeczne za pomoc!