Zrobione. Jeśli na coś się przyda to zamieszczam tu log ze skanowania MBAM:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Wersja bazy: 5363
Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 8.0.6001.18702
2011-01-11 23:23:46
mbam-log-2011-01-11 (23-23-46).txt
Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 163868
Up³ynê³o: 5 minut(y), 54 sekund(y)
Zainfekowanych procesów w pamiêci: 0
Zainfekowanych modu³ów w pamiêci: 2
Zainfekowanych kluczy rejestru: 17
Zainfekowanych wartoci rejestru: 0
Zainfekowane informacje rejestru systemowego: 6
Zainfekowanych folderów: 6
Zainfekowanych plików: 19
Zainfekowanych procesów w pamiêci:
(Nie znaleziono zagro¿eñ)
Zainfekowanych modu³ów w pamiêci:
c:\program files\mozilla firefox\plugins\NPMyGlSh.dll (Adware.MyWebSearch) - & gt; Delete on reboot.
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) - & gt; Delete on reboot.
Zainfekowanych kluczy rejestru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vujlvhht (Trojan.Agent) - & gt; Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1 (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37B85A2B-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{EF281620-A3A3-4f08-874F-D68CFC9B7945} (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37B85A21-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A21-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) - & gt; Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
Zainfekowanych wartoci rejestru:
(Nie znaleziono zagro¿eñ)
Zainfekowane informacje rejestru systemowego:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) - & gt; Bad: (http://findgala.com/? & uid=231 & q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms} & rls=com.microsoft:{language} & ie={inputEncoding} & oe={outputEncoding} & startIndex={startIndex?} & startPage={startPage}) - & gt; Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) - & gt; Bad: (http://findgala.com/? & uid=231 & q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms} & rls=com.microsoft:{language} & ie={inputEncoding} & oe={outputEncoding} & startIndex={startIndex?} & startPage={startPage}) - & gt; Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) - & gt; Bad: (http://findgala.com/? & uid=231 & q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms} & rls=com.microsoft:{language} & ie={inputEncoding} & oe={outputEncoding} & startIndex={startIndex?} & startPage={startPage}) - & gt; Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) - & gt; Bad: (http://findgala.com/? & uid=231 & q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms} & rls=com.microsoft:{language} & ie={inputEncoding} & oe={outputEncoding} & startIndex={startIndex?} & startPage={startPage}) - & gt; Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) - & gt; Bad: (http://findgala.com/? & uid=231 & q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms} & rls=com.microsoft:{language} & ie={inputEncoding} & oe={outputEncoding} & startIndex={startIndex?} & startPage={startPage}) - & gt; Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) - & gt; Bad: (http://findgala.com/? & uid=231 & q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms} & rls=com.microsoft:{language} & ie={inputEncoding} & oe={outputEncoding} & startIndex={startIndex?} & startPage={startPage}) - & gt; Quarantined and deleted successfully.
Zainfekowanych folderów:
c:\program files\myglobalsearch (Adware.MyWebSearch) - & gt; Delete on reboot.
c:\program files\myglobalsearch\bar (Adware.MyWebSearch) - & gt; Delete on reboot.
c:\program files\myglobalsearch\bar\1.bin (Adware.MyWebSearch) - & gt; Delete on reboot.
c:\program files\myglobalsearch\bar\Cache (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\History (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Settings (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
Zainfekowanych plików:
c:\program files\mozilla firefox\plugins\NPMyGlSh.dll (Adware.MyWebSearch) - & gt; Delete on reboot.
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) - & gt; Delete on reboot.
c:\windows\system32\drivers\vujlvhht.sys (Trojan.Agent) - & gt; Delete on reboot.
c:\windows\system32\drivers\ndisvvan.sys (Rootkit.Agent) - & gt; Delete on reboot.
c:\windows\system32\secupdat.dat (Backdoor.Bot) - & gt; Delete on reboot.
c:\documents and settings\mazuro\secupdat.dat (Worm.Autorun) - & gt; Delete on reboot.
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\m9ffxtbr.manifest (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\m9ntstbr.manifest (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\files.ini (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\002BB266.bin (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\002BB4E7.bin (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\002BB64E.bin (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\001A70FB (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\00D99CFC (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\History\search (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) - & gt; Quarantined and deleted successfully.