Atak wirusow z internetu


(Migros) #1

sciagnolem jakies swinstwa z internetu. komputer strasznie muli. na oko widze, ze mam mase swinstwa w logu hijacka, ale nie wiem co dokladnie i jak usunac. prosze o pomoc.

to moj log z hijack'a:

Logfile of HijackThis v1.99.0

Scan saved at 12:39:35, on 2006-07-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\mgabg.exe

C:\Program Files\Prevx1\PXAgent.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\PDesk\PDesk.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Prevx1\PXConsole.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\The Bat!\thebat.exe

C:\Program Files\TC PowerPack\totalcmd.exe

D:\install\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

F2 - REG:system.ini: Shell=

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dane aplikacji\Prevx\pxbho.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch

O4 - HKLM..\Run: [odk_mon] C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

O4 - HKLM..\Run: [˙_zskNTF] C:\WINDOWS\system32_zskdmwinRWQ`JYVABFBZ\FTN.exe

O4 - HKLM..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"

O4 - HKLM..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe

O4 - HKLM..\RunServices: [˙_zskNTF] C:\WINDOWS\system32_zskdmwinRWQ`JYVABFBZ\FTN.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU..\Run: [Ntdr] "C:\DOCUME~1\krufka\MOJEDO~1\STEM32~1\msiexec.exe" -vt yax

O4 - HKCU..\Run: [Zmdzabhm] C:\WINDOWS\SSTEM3~1\WNLOGO~1.EXE

O4 - HKCU..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe

O4 - HKCU..\Run: [˙_zskNTF] C:\WINDOWS\system32_zskdmwinRWQ`JYVABFBZ\FTN.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O15 - Trusted Zone: http://mks.com.pl

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleAc ... refid=1123

O17 - HKLM\System\CCS\Services\Tcpip..{F9DBB275-5ADE-457D-9E86-45FD4DD85B6A}: NameServer = 194.204.152.34 217.98.63.164

O20 - AppInit_DLLs: C:\WINDOWS\system32\ati2evxx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Canon Camera Access Library 8 - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

O23 - Service: Prevx Agent - Prevx - C:\Program Files\Prevx1\PXAgent.exe

O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcDataSrv.exe

O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcSandraSrv.exe

O23 - Service: PC Tools Spyware Doctor - Unknown - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


(Gblade) #2

1.Startujesz do trybu awaryjnego

2.Wyłanczasz przywracanie systemu (tylko Me/Xp)

3.Kasujesz wpisy w HijackThis

4.Kasujesz pogrubione pliki/foldery

5.Dajesz nowy log z hjt + log z Silent Runners

Ściągnij Gmer'a, w zakładce procesy wybierz zabij wszystko, później Pliki...>>>przejdź do folderu C:\windows\system32 , wyszukaj pliki (lub folder _zskdmwinRWQJYVABFBZ ) _zskdmwinRWQJYVABFBZ\FTN.exe i _zskdmwinRWQ`JYVABFBZ\FTN.dll , podświetl i wybierz usuń. Restart kompa i nowe logi +

log z Gmer'a, ściągnij>>>uruchom>>>przejdź do zakładki "rootkit">>>wybierz "szukaj">>>czekaż cierpliwie aż program zakończy prace>>>klikasz "kopiuj">>>ctrl + v i wklej do posta.

EDIT:

Stara wersja Hijacka ! Pobierz nową 1.99.1 !


(Migros) #3

to zrobiłem.

teraz log z hijacka i silent runnera po wyjściu z trybu awaryjnego.

potem wkleje te logi + log z gmera. szukalem przez gmera tych plików ktore wskazałeś ale nic nie znalazłem.

Logfile of HijackThis v1.99.0

Scan saved at 14:05:53, on 2006-07-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\mgabg.exe

C:\Program Files\Prevx1\PXAgent.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\PDesk\PDesk.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe

C:\Program Files\Prevx1\PXConsole.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\WScript.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

D:\install\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dane aplikacji\Prevx\pxbho.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch

O4 - HKLM..\Run: [odk_mon] C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

O4 - HKLM..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"

O4 - HKLM..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O15 - Trusted Zone: http://mks.com.pl

O15 - Trusted Zone: http://www.mks.com.pl

O17 - HKLM\System\CCS\Services\Tcpip..{F9DBB275-5ADE-457D-9E86-45FD4DD85B6A}: NameServer = 194.204.152.34 217.98.63.164

O20 - AppInit_DLLs: C:\WINDOWS\system32\ati2evxx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Canon Camera Access Library 8 - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

O23 - Service: Prevx Agent - Prevx - C:\Program Files\Prevx1\PXAgent.exe

O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcDataSrv.exe

O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcSandraSrv.exe

O23 - Service: PC Tools Spyware Doctor - Unknown - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

"{1092C761-06A7-1045-0127-040228010030}" = ""C:\Program Files\Common Files{1092C761-06A7-1045-0127-040228010030}\Update.exe" mc-110-12-0000272" [null data]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"ishost.exe" = "ishost.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]

"Matrox Powerdesk" = "C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch" ["Matrox Graphics Inc."]

"odk_mon" = "C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe" ["FranmoSoft"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"WinFast Schedule" = "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" ["Leadtek Research Inc."]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"SunServer" = "C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"]

"ASM" = ""C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"" ["AOL LLC"]

"PrevxOne" = "C:\Program Files\Prevx1\PXConsole.exe" ["Prevx"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}

"Flag" = (empty string)

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}(Default) = "Malicious Scripts Scanner"

-> {HKLM...CLSID} = "URLDetector Class"

\InProcServer32(Default) = "C:\Documents and Settings\All Users\Dane aplikacji\Prevx\pxbho.dll" ["Prevx Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{4A741382-48B4-11d2-AD84-00A024D24BF3}" = "Matrox PowerDesk Properties"

-> {HKLM...CLSID} = "Matrox PowerDesk Properties"

\InProcServer32(Default) = "C:\WINDOWS\system32\PDesk\PDPAGES.DLL" ["Matrox Graphics Inc."]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{4EFE464B-3D0B-4800-A5DE-2321283A3256}" = "QCD IconHandler"

-> {HKLM...CLSID} = "QIconHandler Class"

\InProcServer32(Default) = "C:\Program Files\Quintessential Player\QCDIcons.dll" [empty string]

"{C912EFA0-0076-11d5-B04A-BD6C80DF2479}" = "Change Icon"

-> {HKLM...CLSID} = "Change Icon"

\InProcServer32(Default) = "C:\Program Files\IconChanger\IconChng.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

INFECTION WARNING! "AppInit_DLLs" = " C:\WINDOWS\system32\ati2evxx.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! se500mdm\DLLName = "se500mdm.dll" [file not found]

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

INFECTION WARNING! winbfi32\DLLName = "winbfi32.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

ChangeIcon(Default) = "{C912EFA0-0076-11d5-B04A-BD6C80DF2479}"

-> {HKLM...CLSID} = "Change Icon"

\InProcServer32(Default) = "C:\Program Files\IconChanger\IconChng.dll" [null data]

FileEncrypt(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

FileEncrypt(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

ChangeIcon(Default) = "{C912EFA0-0076-11d5-B04A-BD6C80DF2479}"

-> {HKLM...CLSID} = "Change Icon"

\InProcServer32(Default) = "C:\Program Files\IconChanger\IconChng.dll" [null data]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\krufka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]

a teraz wszystkie logi:

Logfile of HijackThis v1.99.0

Scan saved at 14:56:03, on 2006-07-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\mgabg.exe

C:\Program Files\Prevx1\PXAgent.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\PDesk\PDesk.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe

C:\Program Files\Prevx1\PXConsole.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

C:\Documents and Settings\krufka\Pulpit\gmer\gmer.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\install\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dane aplikacji\Prevx\pxbho.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch

O4 - HKLM..\Run: [odk_mon] C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [sunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

O4 - HKLM..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"

O4 - HKLM..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O15 - Trusted Zone: http://mks.com.pl

O15 - Trusted Zone: http://www.mks.com.pl

O17 - HKLM\System\CCS\Services\Tcpip..{F9DBB275-5ADE-457D-9E86-45FD4DD85B6A}: NameServer = 194.204.152.34 217.98.63.164

O20 - AppInit_DLLs: C:\WINDOWS\system32\ati2evxx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Canon Camera Access Library 8 - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe

O23 - Service: Prevx Agent - Prevx - C:\Program Files\Prevx1\PXAgent.exe

O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcDataSrv.exe

O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcSandraSrv.exe

O23 - Service: PC Tools Spyware Doctor - Unknown - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

"{1092C761-06A7-1045-0127-040228010030}" = ""C:\Program Files\Common Files{1092C761-06A7-1045-0127-040228010030}\Update.exe" mc-110-12-0000272" [null data]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"ishost.exe" = "ishost.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]

"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]

"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]

"Matrox Powerdesk" = "C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch" ["Matrox Graphics Inc."]

"odk_mon" = "C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe" ["FranmoSoft"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"WinFast Schedule" = "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" ["Leadtek Research Inc."]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"SunServer" = "C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"]

"ASM" = ""C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"" ["AOL LLC"]

"PrevxOne" = "C:\Program Files\Prevx1\PXConsole.exe" ["Prevx"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}

"Flag" = (empty string)

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}(Default) = "Malicious Scripts Scanner"

-> {HKLM...CLSID} = "URLDetector Class"

\InProcServer32(Default) = "C:\Documents and Settings\All Users\Dane aplikacji\Prevx\pxbho.dll" ["Prevx Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{4A741382-48B4-11d2-AD84-00A024D24BF3}" = "Matrox PowerDesk Properties"

-> {HKLM...CLSID} = "Matrox PowerDesk Properties"

\InProcServer32(Default) = "C:\WINDOWS\system32\PDesk\PDPAGES.DLL" ["Matrox Graphics Inc."]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{4EFE464B-3D0B-4800-A5DE-2321283A3256}" = "QCD IconHandler"

-> {HKLM...CLSID} = "QIconHandler Class"

\InProcServer32(Default) = "C:\Program Files\Quintessential Player\QCDIcons.dll" [empty string]

"{C912EFA0-0076-11d5-B04A-BD6C80DF2479}" = "Change Icon"

-> {HKLM...CLSID} = "Change Icon"

\InProcServer32(Default) = "C:\Program Files\IconChanger\IconChng.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

INFECTION WARNING! "AppInit_DLLs" = " C:\WINDOWS\system32\ati2evxx.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! se500mdm\DLLName = "se500mdm.dll" [file not found]

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

INFECTION WARNING! winbfi32\DLLName = "winbfi32.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

ChangeIcon(Default) = "{C912EFA0-0076-11d5-B04A-BD6C80DF2479}"

-> {HKLM...CLSID} = "Change Icon"

\InProcServer32(Default) = "C:\Program Files\IconChanger\IconChng.dll" [null data]

FileEncrypt(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

FileEncrypt(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\Program Files\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

ChangeIcon(Default) = "{C912EFA0-0076-11d5-B04A-BD6C80DF2479}"

-> {HKLM...CLSID} = "Change Icon"

\InProcServer32(Default) = "C:\Program Files\IconChanger\IconChng.dll" [null data]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\krufka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]

Startup items in "krufka" & "All Users" startup folders:


C:\Documents and Settings\krufka\Menu Start\Programy\Autostart

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Yahoo! Widget Engine" -> shortcut to: "C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe" ["Yahoo! Inc."]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe" ["Adobe Systems Inc."]

"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]

"NkbMonitor.exe" -> shortcut to: "C:\Program Files\Nikon\PictureProject\NkbMonitor.exe" ["Nikon Corporation"]

"TabUserW.exe" -> shortcut to: "C:\WINDOWS\system32\WTablet\TabUserW.exe" ["Wacom Technology, Corp."]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll" [null data]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll" [null data]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32(Default) = "C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll" [null data]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo"

Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class"

Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo"

Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Badanie"

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\

"ButtonText" = "Spyware Doctor"

"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"

-> {HKLM...CLSID} = "PCTools Browser Monitor"

\InProcServer32(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"

Miscellaneous IE Hijack Points


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):

"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

-> {HKLM...CLSID} = "Search Class"

\InProcServer32(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]

Running Services (Display Name, Service Name, Path {Service DLL}):


Canon Camera Access Library 8, CCALib8, "C:\Program Files\Canon\CAL\CALMAIN.exe" ["Canon Inc."]

MGABGEXE, MGABGEXE, "C:\WINDOWS\system32\mgabg.exe" ["Matrox Graphics Inc."]

PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"]

Prevx Agent, PREVXAgent, ""C:\Program Files\Prevx1\PXAgent.exe" -f" ["Prevx"]

TabletService, TabletService, "C:\WINDOWS\system32\Tablet.exe" ["Wacom Technology, Corp."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]

EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

Monitor języka PJL\Driver = "PJLMON.DLL" [MS]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 1029 seconds.

  • The search for all Registry CLSIDs containing dormant Explorer Bars

took 137 seconds.

---------- (total run time: 1347 seconds)

GMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2006-07-21 14:48:21

Windows 5.1.2600 Dodatek Service Pack 2

---- System - GMER 1.0.10 ----

SSDT pxfsf.sys ZwAlertResumeThread

SSDT pxfsf.sys ZwAllocateUserPhysicalPages

SSDT pxfsf.sys ZwAllocateVirtualMemory

SSDT pxfsf.sys ZwClose

SSDT pxfsf.sys ZwCompactKeys

SSDT pxfsf.sys ZwCompressKey

SSDT pxfsf.sys ZwCreateDirectoryObject

SSDT pxfsf.sys ZwCreateEvent

SSDT pxfsf.sys ZwCreateEventPair

SSDT pxfsf.sys ZwCreateFile

SSDT pxfsf.sys ZwCreateIoCompletion

SSDT pxfsf.sys ZwCreateJobObject

SSDT pxfsf.sys ZwCreateKey

SSDT pxfsf.sys ZwCreateMailslotFile

SSDT pxfsf.sys ZwCreateMutant

SSDT pxfsf.sys ZwCreateNamedPipeFile

SSDT pxfsf.sys ZwCreatePort

SSDT pxfsf.sys ZwCreateProcess

SSDT pxfsf.sys ZwCreateProcessEx

SSDT pxfsf.sys ZwCreateSection

SSDT pxfsf.sys ZwCreateSemaphore

SSDT pxfsf.sys ZwCreateSymbolicLinkObject

SSDT pxfsf.sys ZwCreateThread

SSDT pxfsf.sys ZwCreateTimer

SSDT pxfsf.sys ZwCreateToken

SSDT pxfsf.sys ZwDeleteFile

SSDT pxfsf.sys ZwDeleteKey

SSDT pxfsf.sys ZwDeleteValueKey

SSDT pxfsf.sys ZwDeviceIoControlFile

SSDT pxfsf.sys ZwDuplicateObject

SSDT pxfsf.sys ZwEnumerateKey

SSDT pxfsf.sys ZwEnumerateValueKey

SSDT pxfsf.sys ZwFreeUserPhysicalPages

SSDT pxfsf.sys ZwFreeVirtualMemory

SSDT pxfsf.sys ZwImpersonateAnonymousToken

SSDT pxfsf.sys ZwImpersonateThread

SSDT pxfsf.sys ZwLoadDriver

SSDT pxfsf.sys ZwLoadKey

SSDT pxfsf.sys ZwLoadKey2

SSDT pxfsf.sys ZwLockRegistryKey

SSDT pxfsf.sys ZwLockVirtualMemory

SSDT pxfsf.sys ZwMapViewOfSection

SSDT pxfsf.sys ZwOpenFile

SSDT pxfsf.sys ZwOpenKey

SSDT pxfsf.sys ZwOpenProcess

SSDT pxfsf.sys ZwOpenProcessToken

SSDT pxfsf.sys ZwOpenSection

SSDT pxfsf.sys ZwOpenThread

SSDT pxfsf.sys ZwOpenThreadToken

SSDT pxfsf.sys ZwProtectVirtualMemory

SSDT pxfsf.sys ZwQueryInformationProcess

SSDT pxfsf.sys ZwQueryInformationThread

SSDT pxfsf.sys ZwQueryKey

SSDT pxfsf.sys ZwQueryMultipleValueKey

SSDT pxfsf.sys ZwQueryOpenSubKeys

SSDT pxfsf.sys ZwQueryValueKey

SSDT pxfsf.sys ZwQueueApcThread

SSDT pxfsf.sys ZwReadFile

SSDT pxfsf.sys ZwReadVirtualMemory

SSDT pxfsf.sys ZwRenameKey

SSDT pxfsf.sys ZwReplaceKey

SSDT pxfsf.sys ZwRestoreKey

SSDT pxfsf.sys ZwResumeProcess

SSDT pxfsf.sys ZwResumeThread

SSDT pxfsf.sys ZwSaveKey

SSDT pxfsf.sys ZwSaveKeyEx

SSDT pxfsf.sys ZwSaveMergedKeys

SSDT pxfsf.sys ZwSetContextThread

SSDT pxfsf.sys ZwSetInformationKey

SSDT pxfsf.sys ZwSetInformationProcess

SSDT pxfsf.sys ZwSetInformationThread

SSDT pxfsf.sys ZwSetSystemInformation

SSDT pxfsf.sys ZwSetValueKey

SSDT pxfsf.sys ZwSuspendProcess

SSDT pxfsf.sys ZwSuspendThread

SSDT pxfsf.sys ZwSystemDebugControl

SSDT pxfsf.sys ZwTerminateJobObject

SSDT pxfsf.sys ZwTerminateProcess

SSDT pxfsf.sys ZwTerminateThread

SSDT pxfsf.sys ZwUnloadDriver

SSDT pxfsf.sys ZwUnloadKey

SSDT pxfsf.sys ZwUnloadKeyEx

SSDT pxfsf.sys ZwUnlockVirtualMemory

SSDT pxfsf.sys ZwUnmapViewOfSection

SSDT pxfsf.sys ZwWriteFile

SSDT pxfsf.sys ZwWriteVirtualMemory

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE F0575C8A

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase

File C:\System Volume Information\tracking.log

File C:\System Volume Information_restore{BED7B447-5824-4976-A080-71B4ED77D137}

---- EOF - GMER 1.0.10 ----

to wszystko na razie. jak to teraz wygląda?


(Monczkin) #4

krufka69 proszę zastosować się to tych tematów

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

http://forum.dobreprogramy.pl/viewtopic.php?t=66889

Na forum używamy polskiej pisowni.

Proszę to poprawić - inaczej temat zostanie usunięty


(Migros) #5

to zrobiłem.

teraz log z hijacka i silent runnera po wyjściu z trybu awaryjnego.

potem wkleje te logi + log z gmera. szukalem przez gmera tych plików ktore wskazałeś ale nic nie znalazłem.

I jeszcze log z silent runnera i gmera

gmer

mam nadzieje, że teraz jest zgodnie z zasadami

mam jeszcze pytanie: program Prevx1 cały czas blikuje mi następujące pliki:

co to znaczy?


(Gblade) #6

W trybie awaryjnym skasuj pliki/foldery:

C:\Program Files\Common Files\ {1092C761-06A7-1045-0127-040228010030} \Update.exe

C:\WINDOWS\SYSTEM32\ winbfi32.dll

Otwórz notatnik i wklej:

Plik>>>zapisz jako>>zmień rozszerzenie z .txt na wszystkie pliki>>>zapisz pod nazwą FIX.REG i uruchom w trybie awaryjnym

Nowy log z silenta


(Migros) #7

dzięki, że piszesz

ale prosze potwierdź, czy dobrze zrozumiałem:zapisuje plik FIX.REG gdziekolwiek na dysku C w normalnym trybie, potem owieram windows w trybie awaryjnym i nie robie nic a potem spowrotem restaruje w normalnym trybie?


(adam9870) #8

W normlanym trybie robisz tego FIX'a tzn. tylko go tworzysz i zapisujesz gdzie chcesz, chociażby na pulpit. Potem wchodzisz do awaryjnego i uruchamiasz go.

I w awaryjnym jeszcze kasujesz zaznaczony folder i plik.

C:\Program Files\Common Files\ {1092C761-06A7-1045-0127-040228010030} \Update.exe

C:\WINDOWS\SYSTEM32\ winbfi32.dll

Potem już w normlanym trybie robisz log w SilentRunners i wklejasz do kontroli na forum.


(Migros) #9

kiszka! nie mogę teraz uruchomić kompa w trybie awaryjnym.

duszę F8, ekran robi sie czarny a po chwili zaczyna ładować się windows


(Gblade) #10

start>>>uruchom>>>msconfig>>>boot.ini>>>zachacz /SAFEBOOT , reset kompa i jesteś w awaryjnym. FIX czy tworzysz w trybie normalnym czy awaryjnym to nie ma różnicy.

Plik

może nie dać sie usunąć nawet w awaryjnym, jeśli tak będzie to Ściągnij Pocket Killbox>>>uruchom>>>zaznacz opcje "Delete on Reboot">>>w polu "Full path of file" wklej ścieżke:

klikasz x i reset kompa.

Nowe logi do kontroli


(Migros) #11

Faktycznie musiałem uzyć Pocket Killbox, ale zadziałał i pozbył się syfu

ten drugi plik usunąłem w trybie awaryjnym. rejestr uzupełniony.

dzieki wielkie.

to logi do kontroli. dołączam log hijacka i najpierw silent runnera

jeszcze raz merci

i hijack


(Gblade) #12

skasuj hijackiem i będzie ok.


(Migros) #13

usunąłem. dzięki wielki

wszystko chodzi teraz strasznie wolno.

nie wiem dlaczego. może dam kompowi troche odetchnąć po tych wszystkich operacjach. może się zagrzł biedaczek.

jeszcze raz dzięki

pewnie tu wrócę


(Mayster X) #14

Przeczyść rejestr programem jv16 PowerTools

Opcje rejestru -> Narzędzia -> Czyszczenie rejestru -> Po zakończeniu dajemy -> Wybierz -> Wybór specjalny - > Pozycje które mozna bezpiecznie usunąć

Poczytaj :

:arrow: Klik

:arrow: Klik

:arrow: Klik


(Migros) #15

zanim zrobie to o czym piszesz...

zrobiłem scan SPY DOCTOR'em, ale mam tylko wersje trialową, więc nie mogę usunąć tego syfu. dostałem taki log. jest tego tak duzo, więc zastanawiam, czym sie warto zająć i jak? bo to wygląda na walkę bez końca

to ten log. co o tym myślisz/myślicie???


(system) #16

Ściągnij jeszcze ten program SmitFraudFix. I użyj opcji nr2(clean). Narzędzie z usuwania zrobi raport na dyslu c:\raport.txt wklej go na forum. (Więcej informacji na temat tego narzędzia w przyklejonym temacie)

Ogólnie program SPY DOCTOR nie cieszy się dobrą opinią. Lepiej go wywal a ściagnij Ewido zrób update i przeskanuj.


(Migros) #17

a gdzie znajde przyklejony temat?

ewido sciągnąłem wczoraj w nocy i coś znalazł. zrobiłem też scan Super AntiSpywere [polecany na foro] znalazł jeszcze więcej. teraz jeszcze skanuje AdAware SE i potem się zabiore za SmitFraudFix. Czy to ma sens uzywanie trzech programow anty spy/adware?


(Gblade) #18

a tu :

http://forum.dobreprogramy.pl/viewtopic.php?t=36654


(system) #19

Ma sens jeśli używasz ich tylko jako scaner. AdAware SE w wersji personal nie posiada rezydenta. dopiero wersja płatna profesjonal go posiada.

Program ewido jego rezydent działa tylko przez 2 tyg. Bo jest to wersja trial. Także śmiało odrazu możesz jego ochrone wyłaczyć i używać go jako scaner.

Natomiast Microsoft Antispyware jest darmowy więc rezydenta możesz wnim włączyć będzie uzupełnieniem dla twojego antywirusa


(Migros) #20

a oto raport z SmitFraudFix

dziwna rzecz , ale dalej nie mogę wejść w tryb awaryjny przez F8 i wchodzę przez >>msconfig ???

w panelu sterowania nie mogę ustawić zapory systemu windows - "z powodu niezidentyfikowanego problemu" - jak mówi okienko dialogowe????