Na moim ekranie znikła mi wczoraj tapeta.Pojawił się napis po angielsku ,nie pamiętam jaki ale cos związane z ostrzezeniem,teraz mam tylko biały migający dziwnie ekran.Jak klikne prawym myszy to jak by to była jakas strona internetowa.pomózcie :o
pewnie masz jakiś syf na dysku
skan SpyBot S&D:
http://www.dobreprogramy.pl/index.php?dz=2&id=188&t=55
i Ad-Aware:
http://www.dobreprogramy.pl/index.php?dz=2&id=107&t=55
jak problem nie zniknie to daj loga z HiJackThis
To jest trojan CWS !
Restart i dajesz tu loga z programu HijackThis do sprawdzenia .
A… I jeszcze odwoedz ten scanet antywirusuwy online :
Scanowałem co ś wykrył ale ekran ten sam to log z hijackLogfile of HijackThis v1.99.0
Scan saved at 13:42:40, on 2005-01-30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AdStatus Service\AdStatServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\BITWARE\NT\bwprnmon.exe
C:\Program Files\AdStatus Service\AdStatKeep.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 5 dla hijackthis.zip\HijackThis.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe”
O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 “EPSON Stylus CX6600 Series” /O6 “USB001” /M “Stylus CX6600”
O4 - HKLM…\Run: [NavRegReminder] “C:\WINDOWS\temp\NavBrowser.exe” /r /i “C:\WINDOWS\temp\NavLoad.ini”
O4 - HKLM…\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM…\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM…\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
O4 - HKLM…\Run: [internet Optimizer] “C:\Program Files\Internet Optimizer\optimize.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU…\Run: [TaskTray] “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe”
O4 - HKCU…\Run: [TaskBar] “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe”
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Wyłącz przywracanie systemu.
Start do trybu awaryjnego
Usuń
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - Global Startup: SATARaid.lnk = ?
O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
Usuwasz foldery , ręcznie :
Internet Optimizer z C:\Program Files
AdStatus Service z C:\Program Files
Szukasz i kasujesz plik DESKTOP.HTML z C:\WINDOWS\WEB
oraz obrazki o nazwach i_01.gif Może ich byż mase
Następnie Panel Sterowania ekran Pulpit Dostosuj Pulpit … Sieć web Usuń stronę syfa.
Restartuj kompa i znajdz gdzieś na necie HijackThis ale wersję v1.98.2
Uruchom ją i jak będzie pozycja 21 C:\WINDOWS\system32\system32.dll kasujesz.
Restart kompa i powinno być ok.
Wielkie dzięki PHYLBY!!!Mam czysty ekran nie skasowałem DESKTOP.HTML i obrazków i_01.gif bo nie mogłem ich odnalesc.niestety mysle ze to nie koniec moich kłopotów bo mój komp strasznie wolno pracuje to moj nowy log ale z tej samej wersji hijack (tamtej jeszcze nie mam)Logfile of HijackThis v1.99.0
Scan saved at 17:36:23, on 2005-01-30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 7 dla hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe”
O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 “EPSON Stylus CX6600 Series” /O6 “USB001” /M “Stylus CX6600”
O4 - HKLM…\Run: [NavRegReminder] “C:\WINDOWS\temp\NavBrowser.exe” /r /i “C:\WINDOWS\temp\NavLoad.ini”
O4 - HKLM…\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM…\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU…\Run: [TaskTray] “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe”
O4 - HKCU…\Run: [TaskBar] “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe”
O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip…{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip…{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Kliknij >>> HijackThis v1.98.2
Te pliki są ukryte . Daj na widok pokaż pliki chronione i ukryte.
W szukaj wpisz DESKTOP.HTML i zaznacz aby szukał w ukrytych
Jest w C:\WINDOWS\WEB .
Odinastaluj DAP-a zawiera szpiegów i zainstaluj jakiś darmowy . Np:
NetAnts 1.25 , Star Downloader 1.44
http://www.dobreprogramy.com/index.php?dz=1&t=20
W uruchom wpisz msconfig >>> zakładka uruchamianie , odchacz
-
QuickTime\qttask
-
UpdReg
-
CTHELPER
-
BITWARE\NT\bwprnmon
Sprawdz system tym programem :
Zrób mu uptade bazy wirusów i usuń co znajdzie.
Restart kompa i daj loga ze starszej wersji.
I znajdz i usuń pliki o któtych pisałem.
zaraz to zrobię pokaze jeszcze raport ze spybot to on
— Search result list —
Alexa Related: What’s related link (Zastąp plik, nothing done)
C:\WINDOWS\Web\related.htm
Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer
Download Accelerator Plus ads: Banner (Zastąp plik, nothing done)
C:\PROGRA~1\DAP\dap.gif
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSUpdates
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSProxy
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSNoTrigger
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSLeech
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSFileList
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSCategory
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSADS
Download Accelerator Plus ads: Default ad category (Zmiany rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultCategory=Default
Download Accelerator Plus ads: IE extension (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions{669695BC-A811-4A9D-8CDF-BA8C795F261C}
Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert
DyFuCA.InternetOptimizer: Global settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\Software\Avenue Media
DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
DyFuCA.InternetOptimizer: User settings (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Avenue Media
— Spybot - Search && Destroy version: 1.3 —
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi
— System information —
Windows XP (Build: 2600) Dodatek Service Pack. 1
— Startup entries list —
Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 497240
MD5: 0fbbab949dc3de2377677770d7fe0cfb
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 98352
MD5: 8da93b410d163cf5b93a3aa262dd458a
Located: HK_LM:Run, AVGCtrl
command: C:\Program Files\AVPersonal\AVGNT.EXE /min
Located: HK_LM:Run, ControlPanel
command: C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
Located: HK_LM:Run, CTStartup
command: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
Located: HK_LM:Run, DownloadAccelerator
command: C:\PROGRA~1\DAP\DAP.EXE /STARTUP
file: C:\PROGRA~1\DAP\DAP.EXE
size: 1565696
MD5: ea231c3b1aeb365cc5d22dc7c0623424
Located: HK_LM:Run, EPSON Stylus CX6600 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 “EPSON Stylus CX6600 Series” /O6 “USB001” /M “Stylus CX6600”
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
size: 98304
MD5: 7577019a01c57ea335b1e33dda25a3dd
Located: HK_LM:Run, Jet Detection
command: “C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe”
file: C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
size: 28672
MD5: 7df5f447de9e4600f8c77a00d86d210b
Located: HK_LM:Run, NavRegReminder
command: “C:\WINDOWS\temp\NavBrowser.exe” /r /i “C:\WINDOWS\temp\NavLoad.ini”
file: C:\WINDOWS\temp\NavBrowser.exe
size: 212992
MD5: 8f947be87c849bb5df3dddc75cad208f
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: b0065d0558cf97154a429311dd8c4329
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 741376
MD5: 136dca0809ff9a4c5470b64a65044ae4
Located: HK_LM:Run, QuickTime Task
command: “C:\Program Files\QuickTime\qttask.exe” -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 9b4c1812595c389ab9ccf1ff3b315248
Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc
Located: HK_LM:Run, WINDVDPatch
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: 3c7a868402b2dd7b65ac32bed886d9e5
Located: HK_LM:Run, Zone Labs Client
command: “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 714000
MD5: 839fbb1afbac1bbf1ec5974c11dc96b9
Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 0c4c012b0a8960f48a666c240a7baa3d
Located: HK_CU:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: b0065d0558cf97154a429311dd8c4329
Located: HK_CU:Run, TaskBar
command: “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe”
file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
size: 122880
MD5: 4d3912f39e77f605d5be1e1531515fbb
Located: HK_CU:Run, TaskTray
command: “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe”
file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
size: 163840
MD5: dd12fa3c35b37b595fa66d8494e54abd
Located: Startup (common), AOL 9.0 Tray-Symbol.lnk
command: C:\Program Files\AOL 9.0\aoltray.exe
file: C:\Program Files\AOL 9.0\aoltray.exe
size: 156784
MD5: 0243b985d3b4f7699f922a572bc54057
Located: Startup (common), BitWare Print Monitor.lnk
command: C:\BITWARE\NT\bwprnmon.exe
file: C:\BITWARE\NT\bwprnmon.exe
size: 54272
MD5: cdb8a9500e97bc8ddf6d160cd313c9ca
— Browser helper object list —
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: ACROIEHELPER.OCX
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 2005-01-23 18:56:14
Date (last access): 2005-01-30
Date (last write): 2001-03-02 12:02:04
Filesize: 37808
Attributes: archive
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 0.1.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 2004-05-12 01:03:00
Date (last access): 2005-01-30
Date (last write): 2004-05-12 01:03:00
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
BHO name:
CLSID name: EpsonToolBandKicker Class
Path: C:\Program Files\EPSON\EPSON Web-To-Page\
Long name: EPSON Web-To-Page.dll
Short name: EPSONW~1.DLL
Date (created): 2005-01-25 18:58:16
Date (last access): 2005-01-30
Date (last write): 2004-02-10 14:08:58
Filesize: 339968
Attributes: archive
MD5: 230F34EB9C919978C23E6939120DB35C
CRC32: D4C5D89F
Version: 0.1.0.0
— ActiveX list —
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 2005-01-24 17:00:26
Date (last access): 2005-01-30
Date (last write): 2005-01-24 17:00:26
Filesize: 110592
Attributes: archive
MD5: BE23978B4E6B26A5200A6D358A48E44C
CRC32: 8E896EE3
Version: 0.57.0.2
— Process list —
Spybot - Search && Destroy process list report, 2005-01-30 18:42:58
PID: 0 ( 0) [system]
PID: 4 ( 0) System
PID: 364 (1108) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 376 (1108) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PID: 384 (1108) C:\Program Files\QuickTime\qttask.exe
PID: 392 (1108) C:\WINDOWS\System32\CTHELPER.EXE
PID: 428 (1108) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
PID: 440 ( 4) \SystemRoot\System32\smss.exe
PID: 496 (1108) C:\PROGRA~1\DAP\DAP.EXE
PID: 512 ( 440) CSRSS.EXE
PID: 536 ( 440) ??\C:\WINDOWS\system32\winlogon.exe
PID: 580 ( 536) C:\WINDOWS\system32\services.exe
PID: 592 ( 536) C:\WINDOWS\system32\lsass.exe
PID: 748 ( 580) C:\WINDOWS\system32\svchost.exe
PID: 772 ( 580) C:\WINDOWS\System32\svchost.exe
PID: 808 (1108) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 840 ( 580) SVCHOST.EXE
PID: 852 (1108) C:\WINDOWS\System32\ctfmon.exe
PID: 896 ( 580) SVCHOST.EXE
PID: 948 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
PID: 992 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
PID: 1012 ( 580) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID: 1108 (1080) C:\WINDOWS\Explorer.EXE
PID: 1128 ( 580) C:\WINDOWS\system32\spoolsv.exe
PID: 1220 ( 580) ALG.EXE
PID: 1232 ( 580) C:\Program Files\AVPersonal\AVGUARD.EXE
PID: 1244 ( 580) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PID: 1292 ( 580) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1304 ( 580) C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1348 ( 580) C:\Program Files\AVPersonal\AVWUPSRV.EXE
PID: 1360 ( 580) C:\WINDOWS\System32\CTsvcCDA.exe
PID: 1428 ( 580) C:\WINDOWS\System32\nvsvc32.exe
PID: 1540 (1108) C:\BITWARE\NT\bwprnmon.exe
PID: 1588 ( 580) C:\WINDOWS\System32\svchost.exe
PID: 1740 ( 580) C:\WINDOWS\System32\MsPMSPSv.exe
PID: 2492 ( 748) WMIPRVSE.EXE
PID: 2904 ( 772) C:\WINDOWS\System32\wuauclt.exe
PID: 2968 (2972) C:\DOCUME~1\jarek\USTAWI~1\Temp\INS2E.tmp
PID: 2972 (1108) C:\Documents and Settings\jarek\Pulpit\aida32.exe
PID: 3040 (3008) C:\Program Files\AOL 9.0\waol.exe
PID: 3204 (3040) C:\Program Files\AOL 9.0\shellmon.exe
PID: 3216 (3040) C:\Program Files\Common Files\Aol\aoltpspd.exe
— Browser start & search pages list —
Spybot - Search && Destroy browser pages report, 2005-01-30 18:42:59
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl … r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl … r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl … r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
— Winsock Layered Service Provider list —
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [uDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Obszar nazw rozpoznawania lokalizacji w sieci (NLA)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
zaraz to zrobię pokaze jeszcze raport ze spybot to on
— Search result list —
Alexa Related: What’s related link (Zastąp plik, nothing done)
C:\WINDOWS\Web\related.htm
Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer
Download Accelerator Plus ads: Banner (Zastąp plik, nothing done)
C:\PROGRA~1\DAP\dap.gif
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSUpdates
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSProxy
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSNoTrigger
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSLeech
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSFileList
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSCategory
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSADS
Download Accelerator Plus ads: Default ad category (Zmiany rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultCategory=Default
Download Accelerator Plus ads: IE extension (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions{669695BC-A811-4A9D-8CDF-BA8C795F261C}
Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert
DyFuCA.InternetOptimizer: Global settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\Software\Avenue Media
DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
DyFuCA.InternetOptimizer: User settings (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Avenue Media
— Spybot - Search && Destroy version: 1.3 —
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi
— System information —
Windows XP (Build: 2600) Dodatek Service Pack. 1
— Startup entries list —
Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 497240
MD5: 0fbbab949dc3de2377677770d7fe0cfb
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 98352
MD5: 8da93b410d163cf5b93a3aa262dd458a
Located: HK_LM:Run, AVGCtrl
command: C:\Program Files\AVPersonal\AVGNT.EXE /min
Located: HK_LM:Run, ControlPanel
command: C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
Located: HK_LM:Run, CTStartup
command: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
Located: HK_LM:Run, DownloadAccelerator
command: C:\PROGRA~1\DAP\DAP.EXE /STARTUP
file: C:\PROGRA~1\DAP\DAP.EXE
size: 1565696
MD5: ea231c3b1aeb365cc5d22dc7c0623424
Located: HK_LM:Run, EPSON Stylus CX6600 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 “EPSON Stylus CX6600 Series” /O6 “USB001” /M “Stylus CX6600”
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
size: 98304
MD5: 7577019a01c57ea335b1e33dda25a3dd
Located: HK_LM:Run, Jet Detection
command: “C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe”
file: C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
size: 28672
MD5: 7df5f447de9e4600f8c77a00d86d210b
Located: HK_LM:Run, NavRegReminder
command: “C:\WINDOWS\temp\NavBrowser.exe” /r /i “C:\WINDOWS\temp\NavLoad.ini”
file: C:\WINDOWS\temp\NavBrowser.exe
size: 212992
MD5: 8f947be87c849bb5df3dddc75cad208f
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: b0065d0558cf97154a429311dd8c4329
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 741376
MD5: 136dca0809ff9a4c5470b64a65044ae4
Located: HK_LM:Run, QuickTime Task
command: “C:\Program Files\QuickTime\qttask.exe” -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 9b4c1812595c389ab9ccf1ff3b315248
Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc
Located: HK_LM:Run, WINDVDPatch
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: 3c7a868402b2dd7b65ac32bed886d9e5
Located: HK_LM:Run, Zone Labs Client
command: “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 714000
MD5: 839fbb1afbac1bbf1ec5974c11dc96b9
Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 0c4c012b0a8960f48a666c240a7baa3d
Located: HK_CU:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: b0065d0558cf97154a429311dd8c4329
Located: HK_CU:Run, TaskBar
command: “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe”
file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
size: 122880
MD5: 4d3912f39e77f605d5be1e1531515fbb
Located: HK_CU:Run, TaskTray
command: “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe”
file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
size: 163840
MD5: dd12fa3c35b37b595fa66d8494e54abd
Located: Startup (common), AOL 9.0 Tray-Symbol.lnk
command: C:\Program Files\AOL 9.0\aoltray.exe
file: C:\Program Files\AOL 9.0\aoltray.exe
size: 156784
MD5: 0243b985d3b4f7699f922a572bc54057
Located: Startup (common), BitWare Print Monitor.lnk
command: C:\BITWARE\NT\bwprnmon.exe
file: C:\BITWARE\NT\bwprnmon.exe
size: 54272
MD5: cdb8a9500e97bc8ddf6d160cd313c9ca
— Browser helper object list —
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: ACROIEHELPER.OCX
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 2005-01-23 18:56:14
Date (last access): 2005-01-30
Date (last write): 2001-03-02 12:02:04
Filesize: 37808
Attributes: archive
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 0.1.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 2004-05-12 01:03:00
Date (last access): 2005-01-30
Date (last write): 2004-05-12 01:03:00
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
BHO name:
CLSID name: EpsonToolBandKicker Class
Path: C:\Program Files\EPSON\EPSON Web-To-Page\
Long name: EPSON Web-To-Page.dll
Short name: EPSONW~1.DLL
Date (created): 2005-01-25 18:58:16
Date (last access): 2005-01-30
Date (last write): 2004-02-10 14:08:58
Filesize: 339968
Attributes: archive
MD5: 230F34EB9C919978C23E6939120DB35C
CRC32: D4C5D89F
Version: 0.1.0.0
— ActiveX list —
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 2005-01-24 17:00:26
Date (last access): 2005-01-30
Date (last write): 2005-01-24 17:00:26
Filesize: 110592
Attributes: archive
MD5: BE23978B4E6B26A5200A6D358A48E44C
CRC32: 8E896EE3
Version: 0.57.0.2
— Process list —
Spybot - Search && Destroy process list report, 2005-01-30 18:42:58
PID: 0 ( 0) [system]
PID: 4 ( 0) System
PID: 364 (1108) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 376 (1108) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PID: 384 (1108) C:\Program Files\QuickTime\qttask.exe
PID: 392 (1108) C:\WINDOWS\System32\CTHELPER.EXE
PID: 428 (1108) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
PID: 440 ( 4) \SystemRoot\System32\smss.exe
PID: 496 (1108) C:\PROGRA~1\DAP\DAP.EXE
PID: 512 ( 440) CSRSS.EXE
PID: 536 ( 440) ??\C:\WINDOWS\system32\winlogon.exe
PID: 580 ( 536) C:\WINDOWS\system32\services.exe
PID: 592 ( 536) C:\WINDOWS\system32\lsass.exe
PID: 748 ( 580) C:\WINDOWS\system32\svchost.exe
PID: 772 ( 580) C:\WINDOWS\System32\svchost.exe
PID: 808 (1108) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 840 ( 580) SVCHOST.EXE
PID: 852 (1108) C:\WINDOWS\System32\ctfmon.exe
PID: 896 ( 580) SVCHOST.EXE
PID: 948 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
PID: 992 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
PID: 1012 ( 580) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID: 1108 (1080) C:\WINDOWS\Explorer.EXE
PID: 1128 ( 580) C:\WINDOWS\system32\spoolsv.exe
PID: 1220 ( 580) ALG.EXE
PID: 1232 ( 580) C:\Program Files\AVPersonal\AVGUARD.EXE
PID: 1244 ( 580) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PID: 1292 ( 580) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1304 ( 580) C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1348 ( 580) C:\Program Files\AVPersonal\AVWUPSRV.EXE
PID: 1360 ( 580) C:\WINDOWS\System32\CTsvcCDA.exe
PID: 1428 ( 580) C:\WINDOWS\System32\nvsvc32.exe
PID: 1540 (1108) C:\BITWARE\NT\bwprnmon.exe
PID: 1588 ( 580) C:\WINDOWS\System32\svchost.exe
PID: 1740 ( 580) C:\WINDOWS\System32\MsPMSPSv.exe
PID: 2492 ( 748) WMIPRVSE.EXE
PID: 2904 ( 772) C:\WINDOWS\System32\wuauclt.exe
PID: 2968 (2972) C:\DOCUME~1\jarek\USTAWI~1\Temp\INS2E.tmp
PID: 2972 (1108) C:\Documents and Settings\jarek\Pulpit\aida32.exe
PID: 3040 (3008) C:\Program Files\AOL 9.0\waol.exe
PID: 3204 (3040) C:\Program Files\AOL 9.0\shellmon.exe
PID: 3216 (3040) C:\Program Files\Common Files\Aol\aoltpspd.exe
— Browser start & search pages list —
Spybot - Search && Destroy browser pages report, 2005-01-30 18:42:59
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl … r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl … r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl … r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
— Winsock Layered Service Provider list —
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [uDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Obszar nazw rozpoznawania lokalizacji w sieci (NLA)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
zaraz to zrobię pokaze jeszcze raport ze spybot to on
— Search result list —
Alexa Related: What’s related link (Zastąp plik, nothing done)
C:\WINDOWS\Web\related.htm
Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer
Download Accelerator Plus ads: Banner (Zastąp plik, nothing done)
C:\PROGRA~1\DAP\dap.gif
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSUpdates
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSProxy
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSNoTrigger
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSLeech
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSFileList
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSCategory
Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSADS
Download Accelerator Plus ads: Default ad category (Zmiany rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultCategory=Default
Download Accelerator Plus ads: IE extension (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions{669695BC-A811-4A9D-8CDF-BA8C795F261C}
Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert
DyFuCA.InternetOptimizer: Global settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\Software\Avenue Media
DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
DyFuCA.InternetOptimizer: User settings (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Avenue Media
— Spybot - Search && Destroy version: 1.3 —
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi
— System information —
Windows XP (Build: 2600) Dodatek Service Pack. 1
— Startup entries list —
Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 497240
MD5: 0fbbab949dc3de2377677770d7fe0cfb
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 98352
MD5: 8da93b410d163cf5b93a3aa262dd458a
Located: HK_LM:Run, AVGCtrl
command: C:\Program Files\AVPersonal\AVGNT.EXE /min
Located: HK_LM:Run, ControlPanel
command: C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
Located: HK_LM:Run, CTStartup
command: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
Located: HK_LM:Run, DownloadAccelerator
command: C:\PROGRA~1\DAP\DAP.EXE /STARTUP
file: C:\PROGRA~1\DAP\DAP.EXE
size: 1565696
MD5: ea231c3b1aeb365cc5d22dc7c0623424
Located: HK_LM:Run, EPSON Stylus CX6600 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 “EPSON Stylus CX6600 Series” /O6 “USB001” /M “Stylus CX6600”
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
size: 98304
MD5: 7577019a01c57ea335b1e33dda25a3dd
Located: HK_LM:Run, Jet Detection
command: “C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe”
file: C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
size: 28672
MD5: 7df5f447de9e4600f8c77a00d86d210b
Located: HK_LM:Run, NavRegReminder
command: “C:\WINDOWS\temp\NavBrowser.exe” /r /i “C:\WINDOWS\temp\NavLoad.ini”
file: C:\WINDOWS\temp\NavBrowser.exe
size: 212992
MD5: 8f947be87c849bb5df3dddc75cad208f
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: b0065d0558cf97154a429311dd8c4329
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 741376
MD5: 136dca0809ff9a4c5470b64a65044ae4
Located: HK_LM:Run, QuickTime Task
command: “C:\Program Files\QuickTime\qttask.exe” -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 9b4c1812595c389ab9ccf1ff3b315248
Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc
Located: HK_LM:Run, WINDVDPatch
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: 3c7a868402b2dd7b65ac32bed886d9e5
Located: HK_LM:Run, Zone Labs Client
command: “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 714000
MD5: 839fbb1afbac1bbf1ec5974c11dc96b9
Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 0c4c012b0a8960f48a666c240a7baa3d
Located: HK_CU:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: b0065d0558cf97154a429311dd8c4329
Located: HK_CU:Run, TaskBar
command: “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe”
file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
size: 122880
MD5: 4d3912f39e77f605d5be1e1531515fbb
Located: HK_CU:Run, TaskTray
command: “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe”
file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
size: 163840
MD5: dd12fa3c35b37b595fa66d8494e54abd
Located: Startup (common), AOL 9.0 Tray-Symbol.lnk
command: C:\Program Files\AOL 9.0\aoltray.exe
file: C:\Program Files\AOL 9.0\aoltray.exe
size: 156784
MD5: 0243b985d3b4f7699f922a572bc54057
Located: Startup (common), BitWare Print Monitor.lnk
command: C:\BITWARE\NT\bwprnmon.exe
file: C:\BITWARE\NT\bwprnmon.exe
size: 54272
MD5: cdb8a9500e97bc8ddf6d160cd313c9ca
— Browser helper object list —
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: ACROIEHELPER.OCX
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 2005-01-23 18:56:14
Date (last access): 2005-01-30
Date (last write): 2001-03-02 12:02:04
Filesize: 37808
Attributes: archive
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 0.1.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 2004-05-12 01:03:00
Date (last access): 2005-01-30
Date (last write): 2004-05-12 01:03:00
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
BHO name:
CLSID name: EpsonToolBandKicker Class
Path: C:\Program Files\EPSON\EPSON Web-To-Page\
Long name: EPSON Web-To-Page.dll
Short name: EPSONW~1.DLL
Date (created): 2005-01-25 18:58:16
Date (last access): 2005-01-30
Date (last write): 2004-02-10 14:08:58
Filesize: 339968
Attributes: archive
MD5: 230F34EB9C919978C23E6939120DB35C
CRC32: D4C5D89F
Version: 0.1.0.0
— ActiveX list —
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 2005-01-24 17:00:26
Date (last access): 2005-01-30
Date (last write): 2005-01-24 17:00:26
Filesize: 110592
Attributes: archive
MD5: BE23978B4E6B26A5200A6D358A48E44C
CRC32: 8E896EE3
Version: 0.57.0.2
— Process list —
Spybot - Search && Destroy process list report, 2005-01-30 18:42:58
PID: 0 ( 0) [system]
PID: 4 ( 0) System
PID: 364 (1108) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 376 (1108) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PID: 384 (1108) C:\Program Files\QuickTime\qttask.exe
PID: 392 (1108) C:\WINDOWS\System32\CTHELPER.EXE
PID: 428 (1108) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
PID: 440 ( 4) \SystemRoot\System32\smss.exe
PID: 496 (1108) C:\PROGRA~1\DAP\DAP.EXE
PID: 512 ( 440) CSRSS.EXE
PID: 536 ( 440) ??\C:\WINDOWS\system32\winlogon.exe
PID: 580 ( 536) C:\WINDOWS\system32\services.exe
PID: 592 ( 536) C:\WINDOWS\system32\lsass.exe
PID: 748 ( 580) C:\WINDOWS\system32\svchost.exe
PID: 772 ( 580) C:\WINDOWS\System32\svchost.exe
PID: 808 (1108) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 840 ( 580) SVCHOST.EXE
PID: 852 (1108) C:\WINDOWS\System32\ctfmon.exe
PID: 896 ( 580) SVCHOST.EXE
PID: 948 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
PID: 992 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
PID: 1012 ( 580) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID: 1108 (1080) C:\WINDOWS\Explorer.EXE
PID: 1128 ( 580) C:\WINDOWS\system32\spoolsv.exe
PID: 1220 ( 580) ALG.EXE
PID: 1232 ( 580) C:\Program Files\AVPersonal\AVGUARD.EXE
PID: 1244 ( 580) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PID: 1292 ( 580) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1304 ( 580) C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1348 ( 580) C:\Program Files\AVPersonal\AVWUPSRV.EXE
PID: 1360 ( 580) C:\WINDOWS\System32\CTsvcCDA.exe
PID: 1428 ( 580) C:\WINDOWS\System32\nvsvc32.exe
PID: 1540 (1108) C:\BITWARE\NT\bwprnmon.exe
PID: 1588 ( 580) C:\WINDOWS\System32\svchost.exe
PID: 1740 ( 580) C:\WINDOWS\System32\MsPMSPSv.exe
PID: 2492 ( 748) WMIPRVSE.EXE
PID: 2904 ( 772) C:\WINDOWS\System32\wuauclt.exe
PID: 2968 (2972) C:\DOCUME~1\jarek\USTAWI~1\Temp\INS2E.tmp
PID: 2972 (1108) C:\Documents and Settings\jarek\Pulpit\aida32.exe
PID: 3040 (3008) C:\Program Files\AOL 9.0\waol.exe
PID: 3204 (3040) C:\Program Files\AOL 9.0\shellmon.exe
PID: 3216 (3040) C:\Program Files\Common Files\Aol\aoltpspd.exe
— Browser start & search pages list —
Spybot - Search && Destroy browser pages report, 2005-01-30 18:42:59
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl … r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl … r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl … r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
— Winsock Layered Service Provider list —
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [uDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Obszar nazw rozpoznawania lokalizacji w sieci (NLA)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
witajcie!
Na ekranie monitora pojawiła mi się jakaś nakładka z jakimś glupim komunikatem po angielsku (jakieś ostrzeżenie) . Restartuje kompa i nic, przeskanowalem antywirem i tez nic (mimo ze wykryl troche trojanow i dialerow). Chce jakos usunąć to g… ale nie mogę. Doradzcie mi cos jesli mozecie. Mam XP a zrobilo mi sie to na uzytkowniku mojego brata. Na moim wszystko jest ok.
Na wszelki wypadek podaje tez swojego loga:
Logfile of HijackThis v1.97.7
Scan saved at 21:15:00, on 2005-01-30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Fmctrl.EXE
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Progra~1\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\SEBASTIAN\Niepewne\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll
O2 - BHO: (no name) - {E673776E-B98F-C751-89D9-E0ABD8700295} - C:\WINDOWS\System32\tply.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [systemTray] SysTray.Exe
O4 - HKLM…\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM…\Run: [WildTangent CDA] RUNDLL32.exe “C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll”,cdaEngineMain
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM…\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM…\Run: [webHancer Survey Companion] “C:\Program Files\webHancer\Programs\whSurvey.exe”
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Progra~1\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [sysTime] C:\WINDOWS\System32\systime.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra ‘Tools’ menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra ‘Tools’ menuitem: Show &Related Links (HKLM)
O16 - DPF: komentator - http://sport.onet.pl/komentator.cab
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap … loader.cab
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} (iiittt Class) - http://www.begin2search.com/toolbar/bar/winb2s32.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTIn … e-c282.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/ … mv9VCM.CAB
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://advnt01.com/dialer/russia.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdat … t/opuc.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets … refid=2732
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc … wflash.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
Tiffany
Wyłącz przywracanie systemu
Start kompa do awaryjnego
Usuń
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll
O2 - BHO: (no name) - {E673776E-B98F-C751-89D9-E0ABD8700295} - C:\WINDOWS\System32\tply.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: komentator - http://sport.onet.pl/komentator.cab
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} (iiittt Class) - http://www.begin2search.com/toolbar/bar/winb2s32.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c282.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://advnt01.com/dialer/russia.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Restart kompa.
Pełno trojanów
Do tego skan programami :
ETD Security Scanner 3.0
http://www.download.com/ETD-Security-Sc … 29424.html
Szukasz i kasujesz plik DESKTOP.HTML z C:\WINDOWS\WEB
oraz obrazki o nazwach i_01.gif Może ich byż mase
Następnie Panel Sterowania ekran Pulpit Dostosuj Pulpit … Sieć web Usuń stronę syfa.
Pobiera i instaluje Sp2
Znalazłem Desktop.html w c:\windows usunąć go tam? Obrazków nie znalazłem.Zrobiłem gruntowny skan avastem wykrył win32.codbas-12(trj)tego nie moze usunąć ręcznie tez nie mogę(nie może odnalesc sciezki),eadmee.dll,js:classloade-6,js:classloade-5,vbs:malware(gen),win32:dialer-e(trj),js:nocheat-2, te usuną.to log Logfile of HijackThis v1.98.2
Scan saved at 01:01:23, on 2005-01-31
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\PestPatrol\CookiePatrol.exe
c:\Program Files\PestPatrol\PPMemCheck.exe
c:\Program Files\PestPatrol\PPControl.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip2.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NetAnts.IE.Monitor - {57E91B41-F40A-11D1-B792-444553540000} - C:\Program Files\NetAnts\AntAPI.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe”
O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 “EPSON Stylus CX6600 Series” /O6 “USB001” /M “Stylus CX6600”
O4 - HKLM…\Run: [NavRegReminder] “C:\WINDOWS\temp\NavBrowser.exe” /r /i “C:\WINDOWS\temp\NavLoad.ini”
O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM…\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM…\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU…\Run: [TaskTray] “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe”
O4 - HKCU…\Run: [TaskBar] “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe”
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra ‘Tools’ menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip…{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip…{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145
a to log z nowej wersji Logfile of HijackThis v1.99.0
Scan saved at 01:02:27, on 2005-01-31
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\PestPatrol\CookiePatrol.exe
c:\Program Files\PestPatrol\PPMemCheck.exe
c:\Program Files\PestPatrol\PPControl.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 8 dla hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NetAnts.IE.Monitor - {57E91B41-F40A-11D1-B792-444553540000} - C:\Program Files\NetAnts\AntAPI.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe”
O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 “EPSON Stylus CX6600 Series” /O6 “USB001” /M “Stylus CX6600”
O4 - HKLM…\Run: [NavRegReminder] “C:\WINDOWS\temp\NavBrowser.exe” /r /i “C:\WINDOWS\temp\NavLoad.ini”
O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM…\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM…\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU…\Run: [TaskTray] “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe”
O4 - HKCU…\Run: [TaskBar] “C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe”
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra ‘Tools’ menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip…{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip…{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Sprawdziłem system pestpatrolem ale narazie nie wiem dokładnie jak z niego korzystac to jego r"",Pest,Pest Info,File Info,""
16,DyFuCA,Category: Adware Background Info: Click here,In Registry: HKEY_CURRENT_USER\software\avenue media,""
2,Cydoor,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In Registry: HKEY_CURRENT_USER\software\cydoor,""
17,DyFuCA,Category: Adware Background Info: Click here,In Registry: HKEY_LOCAL_MACHINE\software\avenue media,""
18,DyFuCA,Category: Adware Background Info: Click here,In Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca,""
19,DyFuCA,Category: Adware Background Info: Click here,In Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer,""
21,Cydoor Directory,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In Directory: C:\WINDOWS\system32\adcache Date: 20050130 21:54:04,""
1,CWS.GoogleMS.3,Category: Adware Background Info: Click here,In Registry: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\xxxtoolbar.com,""
3,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_CLASSES_ROOT\clsid{235d7a27-de65-49f0-bfcf-d5c3bc3b2e67},""
4,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_CLASSES_ROOT\clsid{62999427-33fc-4baf-9c9c-bce6bd127f08},""
5,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_CLASSES_ROOT\dapiebar.cbareventer,""
6,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_CLASSES_ROOT\dapiebar.dapiebarband,""
7,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_LOCAL_MACHINE\software\classes\clsid{235d7a27-de65-49f0-bfcf-d5c3bc3b2e67},""
8,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_LOCAL_MACHINE\software\classes\clsid{62999427-33fc-4baf-9c9c-bce6bd127f08},""
9,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_LOCAL_MACHINE\software\classes\clsid{82351441-9094-11d1-a24b-00a0c932c7df},""
10,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_LOCAL_MACHINE\software\classes\interface{5252ac41-94bb-11d1-b2e7-444553540000},""
11,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_LOCAL_MACHINE\software\classes\interface{82351440-9094-11d1-a24b-00a0c932c7df},""
12,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_LOCAL_MACHINE\software\classes\interface{f32c7705-1dad-4b09-b60a-40f1d9b3dbc9},""
13,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_LOCAL_MACHINE\software\classes\protocols\name-space handler\https\zda|pattern1,""
14,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_LOCAL_MACHINE\software\classes\typelib{82351433-9094-11d1-a24b-00a0c932c7df},""
20,MoneyTree,“Category: Dialer Author: [Avenue Media, N.V.] Release Date: 5/7/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer active alert,""
15,Download Accelerator Plus,“Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here”,In Registry: HKEY_LOCAL_MACHINE\software\speedbit,""
35,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_518400.htm Date: 20050130 22:09:22,""
22,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_513200.gif Date: 20050130 21:56:04,""
23,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_514800.gif Date: 20050130 21:56:38,""
24,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_516800.gif Date: 20050130 21:57:16,""
25,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_519800.gif Date: 20050130 21:57:48,""
26,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_535700.gif Date: 20050130 21:58:22,""
27,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_542200.gif Date: 20050130 21:58:54,""
28,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_587400.gif Date: 20050130 21:59:28,""
29,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_645000.gif Date: 20050130 21:59:46,""
30,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_645100.gif Date: 20050130 22:00:04,""
32,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_646000.htm Date: 20050130 22:00:54,""
31,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_646000.swf Date: 20050130 22:00:54,""
34,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_646200.htm Date: 20050130 22:09:16,""
33,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_646200.swf Date: 20050130 22:01:44,""
36,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_2_560300.gif Date: 20050130 22:09:28,""
37,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_2_658000.gif Date: 20050130 22:09:38,""
38,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_512400.htm Date: 20050130 22:09:40,""
39,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_518700.gif Date: 20050130 22:09:52,""
45,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_518700.htm Date: 20050130 22:10:14,""
40,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_540900.gif Date: 20050130 22:10:00,""
46,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_540900.htm Date: 20050130 22:10:14,""
41,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_542400.htm Date: 20050130 22:10:02,""
42,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_655700.htm Date: 20050130 22:10:02,""
43,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_2_634600.htm Date: 20050130 22:10:02,""
47,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_2_646400.htm Date: 20050130 22:10:14,""
44,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_2_646400.swf Date: 20050130 22:10:12,""
56,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_500300.htm Date: 20050130 22:13:02,""
48,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_500300.swf Date: 20050130 22:10:34,""
57,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_502500.htm Date: 20050130 22:13:02,""
49,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_502500.swf Date: 20050130 22:10:52,""
58,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_503000.htm Date: 20050130 22:13:02,""
50,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_503000.swf Date: 20050130 22:11:18,""
59,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_506100.htm Date: 20050130 22:13:02,""
51,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_506100.swf Date: 20050130 22:11:38,""
60,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_506700.htm Date: 20050130 22:13:02,""
52,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_506700.swf Date: 20050130 22:11:56,""
61,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_507000.htm Date: 20050130 22:13:02,""
53,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_507000.swf Date: 20050130 22:12:08,""
62,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_518900.htm Date: 20050130 22:13:02,""
54,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_518900.jpg Date: 20050130 22:12:30,""
55,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_561200.gif Date: 20050130 22:13:00,""
63,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_561200.htm Date: 20050130 22:13:04,""
aport nie wiem czy mam to wszystko usunąć i jak
Witam,
POCZYTAJ, i nie wklejaj takich kobylastych logów, bo to nie ma sensu.
Czekaj cierpliwie i poczytaj o konfiguracji Pest Patrol.
Pobierasz programik KillBox.
http://www.bleepingcomputer.com/files/killbox.php
znajdujesz nim plik albo sam wklejasz /wpiujesz mu scieżkę dostepu i nazwę pliku . Klikasz standatr Kill , Klikasz czerwony znaczek X i OK. Jesli nie skasuje . zaznaczasz drugą pozycję Delate on Rebor. Wtedy nastąpi restart i pwinno być już po trefnym pliku.
Co do Pesta zaznaczasz Selekt All i klikasz Remowe. Na zakładce Options >>>Whats To Search For zaznaczasz jakie typy plików ma wyszukiwać.
Teraz zaznacz wszystko i skasuj. Wykrył kupe szpiegów , po kaazie też.
W msconfig na zakładce uruchamianie możesz odhaczyć 3 wpisy pesta aby nie mulił dodadkowo i i uruchamiał sie razem ze startem systemu.
Tak samo odhacz Nero
Możesz jeszcze usunąć
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
Restart kompa i powinno być ok.