Co z tym ekranem?


(Kordakordas) #1

Na moim ekranie znikła mi wczoraj tapeta.Pojawił się napis po angielsku ,nie pamiętam jaki ale cos związane z ostrzezeniem,teraz mam tylko biały migający dziwnie ekran.Jak klikne prawym myszy to jak by to była jakas strona internetowa.pomózcie :o


(Qbek50) #2

pewnie masz jakiś syf na dysku :frowning:

skan SpyBot S&D:

i Ad-Aware:

http://www.dobreprogramy.pl/index.php?dz=2&id=107&t=55

jak problem nie zniknie to daj loga z HiJackThis


(Adarek) #3

To jest trojan CWS ! !!

CWShredder 2.12

Restart i dajesz tu loga z programu HijackThis do sprawdzenia .

A..... I jeszcze odwoedz ten scanet antywirusuwy online :

http://housecall.trendmicro.com/houseca ... t_corp.asp


(Kordakordas) #4

Scanowałem co ś wykrył ale ekran ten sam to log z hijackLogfile of HijackThis v1.99.0

Scan saved at 13:42:40, on 2005-01-30

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\PROGRA~1\DAP\DAP.EXE

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\AdStatus Service\AdStatServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

C:\BITWARE\NT\bwprnmon.exe

C:\Program Files\AdStatus Service\AdStatKeep.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 5 dla hijackthis.zip\HijackThis.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

O4 - HKLM..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

O4 - HKLM..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKLM..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min

O4 - HKLM..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe

O4 - HKLM..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

O4 - HKCU..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

O4 - Global Startup: SATARaid.lnk = ?

O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe

O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


(Adarek) #5

Wyłącz przywracanie systemu.

Start do trybu awaryjnego

Usuń

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) 

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" 

O4 - Global Startup: SATARaid.lnk = ?


O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe

Usuwasz foldery , ręcznie :

Internet Optimizer z C:\Program Files

AdStatus Service z C:\Program Files

Szukasz i kasujesz plik DESKTOP.HTML z C:\WINDOWS\WEB

oraz obrazki o nazwach i_01.gif Może ich byż mase !!

Następnie Panel Sterowania ekran Pulpit Dostosuj Pulpit ... Sieć web Usuń stronę syfa.

Restartuj kompa i znajdz gdzieś na necie HijackThis ale wersję v1.98.2

Uruchom ją i jak będzie pozycja 21 C:\WINDOWS\system32\system32.dll kasujesz.

Restart kompa i powinno być ok.


(Kordakordas) #6

Wielkie dzięki PHYLBY!!!Mam czysty ekran nie skasowałem DESKTOP.HTML i obrazków i_01.gif bo nie mogłem ich odnalesc.niestety mysle ze to nie koniec moich kłopotów bo mój komp strasznie wolno pracuje to moj nowy log ale z tej samej wersji hijack (tamtej jeszcze nie mam)Logfile of HijackThis v1.99.0

Scan saved at 17:36:23, on 2005-01-30

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

C:\PROGRA~1\DAP\DAP.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\BITWARE\NT\bwprnmon.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 7 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

O4 - HKLM..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

O4 - HKLM..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKLM..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

O4 - HKCU..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe

O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip..{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145

O17 - HKLM\System\CS1\Services\Tcpip..{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145

O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


(Adarek) #7

Kliknij >>> HijackThis v1.98.2

Te pliki są ukryte . Daj na widok pokaż pliki chronione i ukryte.

W szukaj wpisz DESKTOP.HTML i zaznacz aby szukał w ukrytych

Jest w C:\WINDOWS\WEB .

Odinastaluj DAP-a zawiera szpiegów i zainstaluj jakiś darmowy . Np:

NetAnts 1.25 , Star Downloader 1.44

http://www.dobreprogramy.com/index.php?dz=1&t=20

W uruchom wpisz msconfig >>> zakładka uruchamianie , odchacz

  • QuickTime\qttask

  • UpdReg

  • CTHELPER

  • BITWARE\NT\bwprnmon

Sprawdz system tym programem :

Pestpatrol

Zrób mu uptade bazy wirusów i usuń co znajdzie.

Restart kompa i daj loga ze starszej wersji.

I znajdz i usuń pliki o któtych pisałem.


(Kordakordas) #8

zaraz to zrobię pokaze jeszcze raport ze spybot to on

--- Search result list ---

Alexa Related: What's related link (Zastąp plik, nothing done)

C:\WINDOWS\Web\related.htm

Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)

HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer

Download Accelerator Plus ads: Banner (Zastąp plik, nothing done)

C:\PROGRA~1\DAP\dap.gif

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSUpdates

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSProxy

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSNoTrigger

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSLeech

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSFileList

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSCategory

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSADS

Download Accelerator Plus ads: Default ad category (Zmiany rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultCategory=Default

Download Accelerator Plus ads: IE extension (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions{669695BC-A811-4A9D-8CDF-BA8C795F261C}

Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)

HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert

DyFuCA.InternetOptimizer: Global settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\Software\Avenue Media

DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer

DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA

DyFuCA.InternetOptimizer: User settings (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Avenue Media

--- Spybot - Search && Destroy version: 1.3 ---

2004-05-12 Includes\Cookies.sbi

2004-05-12 Includes\Dialer.sbi

2004-05-12 Includes\Hijackers.sbi

2004-05-12 Includes\Keyloggers.sbi

2004-05-12 Includes\LSP.sbi

2004-05-12 Includes\Malware.sbi

2004-05-12 Includes\Revision.sbi

2004-05-12 Includes\Security.sbi

2004-05-12 Includes\Spybots.sbi

2004-05-12 Includes\Tracks.uti

2004-05-12 Includes\Trojans.sbi

--- System information ---

Windows XP (Build: 2600) Dodatek Service Pack. 1

--- Startup entries list ---

Located: HK_LM:Run, AOLDialer

command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

size: 497240

MD5: 0fbbab949dc3de2377677770d7fe0cfb

Located: HK_LM:Run, avast!

command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

size: 98352

MD5: 8da93b410d163cf5b93a3aa262dd458a

Located: HK_LM:Run, AVGCtrl

command: C:\Program Files\AVPersonal\AVGNT.EXE /min

Located: HK_LM:Run, ControlPanel

command: C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

Located: HK_LM:Run, CTStartup

command: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

Located: HK_LM:Run, DownloadAccelerator

command: C:\PROGRA~1\DAP\DAP.EXE /STARTUP

file: C:\PROGRA~1\DAP\DAP.EXE

size: 1565696

MD5: ea231c3b1aeb365cc5d22dc7c0623424

Located: HK_LM:Run, EPSON Stylus CX6600 Series

command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

size: 98304

MD5: 7577019a01c57ea335b1e33dda25a3dd

Located: HK_LM:Run, Jet Detection

command: "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

file: C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

size: 28672

MD5: 7df5f447de9e4600f8c77a00d86d210b

Located: HK_LM:Run, NavRegReminder

command: "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

file: C:\WINDOWS\temp\NavBrowser.exe

size: 212992

MD5: 8f947be87c849bb5df3dddc75cad208f

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\RUNDLL32.EXE

size: 31744

MD5: b0065d0558cf97154a429311dd8c4329

Located: HK_LM:Run, nwiz

command: nwiz.exe /install

file: C:\WINDOWS\system32\nwiz.exe

size: 741376

MD5: 136dca0809ff9a4c5470b64a65044ae4

Located: HK_LM:Run, QuickTime Task

command: "C:\Program Files\QuickTime\qttask.exe" -atboottime

file: C:\Program Files\QuickTime\qttask.exe

size: 98304

MD5: 9b4c1812595c389ab9ccf1ff3b315248

Located: HK_LM:Run, UpdReg

command: C:\WINDOWS\UpdReg.EXE

file: C:\WINDOWS\UpdReg.EXE

size: 90112

MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_LM:Run, WINDVDPatch

command: CTHELPER.EXE

file: C:\WINDOWS\system32\CTHELPER.EXE

size: 24576

MD5: 3c7a868402b2dd7b65ac32bed886d9e5

Located: HK_LM:Run, Zone Labs Client

command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

size: 714000

MD5: 839fbb1afbac1bbf1ec5974c11dc96b9

Located: HK_CU:Run, CTFMON.EXE

command: C:\WINDOWS\System32\ctfmon.exe

file: C:\WINDOWS\System32\ctfmon.exe

size: 13312

MD5: 0c4c012b0a8960f48a666c240a7baa3d

Located: HK_CU:Run, NvMediaCenter

command: RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

file: C:\WINDOWS\system32\RUNDLL32.EXE

size: 31744

MD5: b0065d0558cf97154a429311dd8c4329

Located: HK_CU:Run, TaskBar

command: "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

size: 122880

MD5: 4d3912f39e77f605d5be1e1531515fbb

Located: HK_CU:Run, TaskTray

command: "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

size: 163840

MD5: dd12fa3c35b37b595fa66d8494e54abd

Located: Startup (common), AOL 9.0 Tray-Symbol.lnk

command: C:\Program Files\AOL 9.0\aoltray.exe

file: C:\Program Files\AOL 9.0\aoltray.exe

size: 156784

MD5: 0243b985d3b4f7699f922a572bc54057

Located: Startup (common), BitWare Print Monitor.lnk

command: C:\BITWARE\NT\bwprnmon.exe

file: C:\BITWARE\NT\bwprnmon.exe

size: 54272

MD5: cdb8a9500e97bc8ddf6d160cd313c9ca

--- Browser helper object list ---

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)

BHO name:

CLSID name: AcroIEHlprObj Class

description: Adobe Acrobat reader

classification: Legitimate

known filename: ACROIEHELPER.OCX

info link: http://www.adobe.com/products/acrobat/readstep2.html

info source: TonyKlein

Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\

Long name: AcroIEHelper.ocx

Short name: ACROIE~1.OCX

Date (created): 2005-01-23 18:56:14

Date (last access): 2005-01-30

Date (last write): 2001-03-02 12:02:04

Filesize: 37808

Attributes: archive

MD5: 8394ABFC1BE196A62C9F532511936DF7

CRC32: 71D6E350

Version: 0.1.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()

BHO name:

CLSID name:

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDHelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\PROGRA~1\SPYBOT~1\

Long name: SDHelper.dll

Short name: SDHELPER.DLL

Date (created): 2004-05-12 01:03:00

Date (last access): 2005-01-30

Date (last write): 2004-05-12 01:03:00

Filesize: 744960

Attributes: archive

MD5: ABF5BA518C6A5ED104496FF42D19AD88

CRC32: 5587736E

Version: 0.1.0.3

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)

BHO name:

CLSID name: EpsonToolBandKicker Class

Path: C:\Program Files\EPSON\EPSON Web-To-Page\

Long name: EPSON Web-To-Page.dll

Short name: EPSONW~1.DLL

Date (created): 2005-01-25 18:58:16

Date (last access): 2005-01-30

Date (last write): 2004-02-10 14:08:58

Filesize: 339968

Attributes: archive

MD5: 230F34EB9C919978C23E6939120DB35C

CRC32: D4C5D89F

Version: 0.1.0.0

--- ActiveX list ---

DirectAnimation Java Classes (DirectAnimation Java Classes)

DPF name: DirectAnimation Java Classes

CLSID name:

description:

classification: Legitimate

known filename: %WINDIR%\Java\classes\dajava.cab

info link:

info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)

DPF name: Microsoft XML Parser for Java

CLSID name:

description:

classification: Legitimate

known filename: %WINDIR%\Java\classes\xmldso.cab

info link:

info source: Patrick M. Kolla

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)

DPF name:

CLSID name: ActiveScan Installer Class

Path: C:\WINDOWS\Downloaded Program Files\

Long name: asinst.dll

Short name:

Date (created): 2005-01-24 17:00:26

Date (last access): 2005-01-30

Date (last write): 2005-01-24 17:00:26

Filesize: 110592

Attributes: archive

MD5: BE23978B4E6B26A5200A6D358A48E44C

CRC32: 8E896EE3

Version: 0.57.0.2

--- Process list ---

Spybot - Search && Destroy process list report, 2005-01-30 18:42:58

PID: 0 ( 0) [system]

PID: 4 ( 0) System

PID: 364 (1108) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

PID: 376 (1108) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

PID: 384 (1108) C:\Program Files\QuickTime\qttask.exe

PID: 392 (1108) C:\WINDOWS\System32\CTHELPER.EXE

PID: 428 (1108) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

PID: 440 ( 4) \SystemRoot\System32\smss.exe

PID: 496 (1108) C:\PROGRA~1\DAP\DAP.EXE

PID: 512 ( 440) CSRSS.EXE

PID: 536 ( 440) \??\C:\WINDOWS\system32\winlogon.exe

PID: 580 ( 536) C:\WINDOWS\system32\services.exe

PID: 592 ( 536) C:\WINDOWS\system32\lsass.exe

PID: 748 ( 580) C:\WINDOWS\system32\svchost.exe

PID: 772 ( 580) C:\WINDOWS\System32\svchost.exe

PID: 808 (1108) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

PID: 840 ( 580) SVCHOST.EXE

PID: 852 (1108) C:\WINDOWS\System32\ctfmon.exe

PID: 896 ( 580) SVCHOST.EXE

PID: 948 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

PID: 992 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

PID: 1012 ( 580) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PID: 1108 (1080) C:\WINDOWS\Explorer.EXE

PID: 1128 ( 580) C:\WINDOWS\system32\spoolsv.exe

PID: 1220 ( 580) ALG.EXE

PID: 1232 ( 580) C:\Program Files\AVPersonal\AVGUARD.EXE

PID: 1244 ( 580) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

PID: 1292 ( 580) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PID: 1304 ( 580) C:\Program Files\Alwil Software\Avast4\ashServ.exe

PID: 1348 ( 580) C:\Program Files\AVPersonal\AVWUPSRV.EXE

PID: 1360 ( 580) C:\WINDOWS\System32\CTsvcCDA.exe

PID: 1428 ( 580) C:\WINDOWS\System32\nvsvc32.exe

PID: 1540 (1108) C:\BITWARE\NT\bwprnmon.exe

PID: 1588 ( 580) C:\WINDOWS\System32\svchost.exe

PID: 1740 ( 580) C:\WINDOWS\System32\MsPMSPSv.exe

PID: 2492 ( 748) WMIPRVSE.EXE

PID: 2904 ( 772) C:\WINDOWS\System32\wuauclt.exe

PID: 2968 (2972) C:\DOCUME~1\jarek\USTAWI~1\Temp\INS2E.tmp

PID: 2972 (1108) C:\Documents and Settings\jarek\Pulpit\aida32.exe

PID: 3040 (3008) C:\Program Files\AOL 9.0\waol.exe

PID: 3204 (3040) C:\Program Files\AOL 9.0\shellmon.exe

PID: 3216 (3040) C:\Program Files\Common Files\Aol\aoltpspd.exe

--- Browser start & search pages list ---

Spybot - Search && Destroy browser pages report, 2005-01-30 18:42:59

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\SYSTEM32\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

about:blank

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\SYSTEM32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

about:blank

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [\*]

Protocol 1: MSAFD Tcpip [uDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [\*]

Protocol 2: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [\*]

Protocol 3: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] SEQPACKET 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] DATAGRAM 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] SEQPACKET 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] DATAGRAM 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] SEQPACKET 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] DATAGRAM 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] SEQPACKET 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] DATAGRAM 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP

Namespace Provider 1: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS

Namespace Provider 2: Obszar nazw rozpoznawania lokalizacji w sieci (NLA)

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace


(Kordakordas) #9

zaraz to zrobię pokaze jeszcze raport ze spybot to on

--- Search result list ---

Alexa Related: What's related link (Zastąp plik, nothing done)

C:\WINDOWS\Web\related.htm

Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)

HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer

Download Accelerator Plus ads: Banner (Zastąp plik, nothing done)

C:\PROGRA~1\DAP\dap.gif

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSUpdates

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSProxy

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSNoTrigger

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSLeech

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSFileList

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSCategory

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSADS

Download Accelerator Plus ads: Default ad category (Zmiany rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultCategory=Default

Download Accelerator Plus ads: IE extension (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions{669695BC-A811-4A9D-8CDF-BA8C795F261C}

Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)

HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert

DyFuCA.InternetOptimizer: Global settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\Software\Avenue Media

DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer

DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA

DyFuCA.InternetOptimizer: User settings (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Avenue Media

--- Spybot - Search && Destroy version: 1.3 ---

2004-05-12 Includes\Cookies.sbi

2004-05-12 Includes\Dialer.sbi

2004-05-12 Includes\Hijackers.sbi

2004-05-12 Includes\Keyloggers.sbi

2004-05-12 Includes\LSP.sbi

2004-05-12 Includes\Malware.sbi

2004-05-12 Includes\Revision.sbi

2004-05-12 Includes\Security.sbi

2004-05-12 Includes\Spybots.sbi

2004-05-12 Includes\Tracks.uti

2004-05-12 Includes\Trojans.sbi

--- System information ---

Windows XP (Build: 2600) Dodatek Service Pack. 1

--- Startup entries list ---

Located: HK_LM:Run, AOLDialer

command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

size: 497240

MD5: 0fbbab949dc3de2377677770d7fe0cfb

Located: HK_LM:Run, avast!

command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

size: 98352

MD5: 8da93b410d163cf5b93a3aa262dd458a

Located: HK_LM:Run, AVGCtrl

command: C:\Program Files\AVPersonal\AVGNT.EXE /min

Located: HK_LM:Run, ControlPanel

command: C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

Located: HK_LM:Run, CTStartup

command: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

Located: HK_LM:Run, DownloadAccelerator

command: C:\PROGRA~1\DAP\DAP.EXE /STARTUP

file: C:\PROGRA~1\DAP\DAP.EXE

size: 1565696

MD5: ea231c3b1aeb365cc5d22dc7c0623424

Located: HK_LM:Run, EPSON Stylus CX6600 Series

command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

size: 98304

MD5: 7577019a01c57ea335b1e33dda25a3dd

Located: HK_LM:Run, Jet Detection

command: "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

file: C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

size: 28672

MD5: 7df5f447de9e4600f8c77a00d86d210b

Located: HK_LM:Run, NavRegReminder

command: "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

file: C:\WINDOWS\temp\NavBrowser.exe

size: 212992

MD5: 8f947be87c849bb5df3dddc75cad208f

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\RUNDLL32.EXE

size: 31744

MD5: b0065d0558cf97154a429311dd8c4329

Located: HK_LM:Run, nwiz

command: nwiz.exe /install

file: C:\WINDOWS\system32\nwiz.exe

size: 741376

MD5: 136dca0809ff9a4c5470b64a65044ae4

Located: HK_LM:Run, QuickTime Task

command: "C:\Program Files\QuickTime\qttask.exe" -atboottime

file: C:\Program Files\QuickTime\qttask.exe

size: 98304

MD5: 9b4c1812595c389ab9ccf1ff3b315248

Located: HK_LM:Run, UpdReg

command: C:\WINDOWS\UpdReg.EXE

file: C:\WINDOWS\UpdReg.EXE

size: 90112

MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_LM:Run, WINDVDPatch

command: CTHELPER.EXE

file: C:\WINDOWS\system32\CTHELPER.EXE

size: 24576

MD5: 3c7a868402b2dd7b65ac32bed886d9e5

Located: HK_LM:Run, Zone Labs Client

command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

size: 714000

MD5: 839fbb1afbac1bbf1ec5974c11dc96b9

Located: HK_CU:Run, CTFMON.EXE

command: C:\WINDOWS\System32\ctfmon.exe

file: C:\WINDOWS\System32\ctfmon.exe

size: 13312

MD5: 0c4c012b0a8960f48a666c240a7baa3d

Located: HK_CU:Run, NvMediaCenter

command: RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

file: C:\WINDOWS\system32\RUNDLL32.EXE

size: 31744

MD5: b0065d0558cf97154a429311dd8c4329

Located: HK_CU:Run, TaskBar

command: "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

size: 122880

MD5: 4d3912f39e77f605d5be1e1531515fbb

Located: HK_CU:Run, TaskTray

command: "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

size: 163840

MD5: dd12fa3c35b37b595fa66d8494e54abd

Located: Startup (common), AOL 9.0 Tray-Symbol.lnk

command: C:\Program Files\AOL 9.0\aoltray.exe

file: C:\Program Files\AOL 9.0\aoltray.exe

size: 156784

MD5: 0243b985d3b4f7699f922a572bc54057

Located: Startup (common), BitWare Print Monitor.lnk

command: C:\BITWARE\NT\bwprnmon.exe

file: C:\BITWARE\NT\bwprnmon.exe

size: 54272

MD5: cdb8a9500e97bc8ddf6d160cd313c9ca

--- Browser helper object list ---

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)

BHO name:

CLSID name: AcroIEHlprObj Class

description: Adobe Acrobat reader

classification: Legitimate

known filename: ACROIEHELPER.OCX

info link: http://www.adobe.com/products/acrobat/readstep2.html

info source: TonyKlein

Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\

Long name: AcroIEHelper.ocx

Short name: ACROIE~1.OCX

Date (created): 2005-01-23 18:56:14

Date (last access): 2005-01-30

Date (last write): 2001-03-02 12:02:04

Filesize: 37808

Attributes: archive

MD5: 8394ABFC1BE196A62C9F532511936DF7

CRC32: 71D6E350

Version: 0.1.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()

BHO name:

CLSID name:

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDHelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\PROGRA~1\SPYBOT~1\

Long name: SDHelper.dll

Short name: SDHELPER.DLL

Date (created): 2004-05-12 01:03:00

Date (last access): 2005-01-30

Date (last write): 2004-05-12 01:03:00

Filesize: 744960

Attributes: archive

MD5: ABF5BA518C6A5ED104496FF42D19AD88

CRC32: 5587736E

Version: 0.1.0.3

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)

BHO name:

CLSID name: EpsonToolBandKicker Class

Path: C:\Program Files\EPSON\EPSON Web-To-Page\

Long name: EPSON Web-To-Page.dll

Short name: EPSONW~1.DLL

Date (created): 2005-01-25 18:58:16

Date (last access): 2005-01-30

Date (last write): 2004-02-10 14:08:58

Filesize: 339968

Attributes: archive

MD5: 230F34EB9C919978C23E6939120DB35C

CRC32: D4C5D89F

Version: 0.1.0.0

--- ActiveX list ---

DirectAnimation Java Classes (DirectAnimation Java Classes)

DPF name: DirectAnimation Java Classes

CLSID name:

description:

classification: Legitimate

known filename: %WINDIR%\Java\classes\dajava.cab

info link:

info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)

DPF name: Microsoft XML Parser for Java

CLSID name:

description:

classification: Legitimate

known filename: %WINDIR%\Java\classes\xmldso.cab

info link:

info source: Patrick M. Kolla

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)

DPF name:

CLSID name: ActiveScan Installer Class

Path: C:\WINDOWS\Downloaded Program Files\

Long name: asinst.dll

Short name:

Date (created): 2005-01-24 17:00:26

Date (last access): 2005-01-30

Date (last write): 2005-01-24 17:00:26

Filesize: 110592

Attributes: archive

MD5: BE23978B4E6B26A5200A6D358A48E44C

CRC32: 8E896EE3

Version: 0.57.0.2

--- Process list ---

Spybot - Search && Destroy process list report, 2005-01-30 18:42:58

PID: 0 ( 0) [system]

PID: 4 ( 0) System

PID: 364 (1108) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

PID: 376 (1108) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

PID: 384 (1108) C:\Program Files\QuickTime\qttask.exe

PID: 392 (1108) C:\WINDOWS\System32\CTHELPER.EXE

PID: 428 (1108) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

PID: 440 ( 4) \SystemRoot\System32\smss.exe

PID: 496 (1108) C:\PROGRA~1\DAP\DAP.EXE

PID: 512 ( 440) CSRSS.EXE

PID: 536 ( 440) \??\C:\WINDOWS\system32\winlogon.exe

PID: 580 ( 536) C:\WINDOWS\system32\services.exe

PID: 592 ( 536) C:\WINDOWS\system32\lsass.exe

PID: 748 ( 580) C:\WINDOWS\system32\svchost.exe

PID: 772 ( 580) C:\WINDOWS\System32\svchost.exe

PID: 808 (1108) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

PID: 840 ( 580) SVCHOST.EXE

PID: 852 (1108) C:\WINDOWS\System32\ctfmon.exe

PID: 896 ( 580) SVCHOST.EXE

PID: 948 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

PID: 992 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

PID: 1012 ( 580) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PID: 1108 (1080) C:\WINDOWS\Explorer.EXE

PID: 1128 ( 580) C:\WINDOWS\system32\spoolsv.exe

PID: 1220 ( 580) ALG.EXE

PID: 1232 ( 580) C:\Program Files\AVPersonal\AVGUARD.EXE

PID: 1244 ( 580) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

PID: 1292 ( 580) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PID: 1304 ( 580) C:\Program Files\Alwil Software\Avast4\ashServ.exe

PID: 1348 ( 580) C:\Program Files\AVPersonal\AVWUPSRV.EXE

PID: 1360 ( 580) C:\WINDOWS\System32\CTsvcCDA.exe

PID: 1428 ( 580) C:\WINDOWS\System32\nvsvc32.exe

PID: 1540 (1108) C:\BITWARE\NT\bwprnmon.exe

PID: 1588 ( 580) C:\WINDOWS\System32\svchost.exe

PID: 1740 ( 580) C:\WINDOWS\System32\MsPMSPSv.exe

PID: 2492 ( 748) WMIPRVSE.EXE

PID: 2904 ( 772) C:\WINDOWS\System32\wuauclt.exe

PID: 2968 (2972) C:\DOCUME~1\jarek\USTAWI~1\Temp\INS2E.tmp

PID: 2972 (1108) C:\Documents and Settings\jarek\Pulpit\aida32.exe

PID: 3040 (3008) C:\Program Files\AOL 9.0\waol.exe

PID: 3204 (3040) C:\Program Files\AOL 9.0\shellmon.exe

PID: 3216 (3040) C:\Program Files\Common Files\Aol\aoltpspd.exe

--- Browser start & search pages list ---

Spybot - Search && Destroy browser pages report, 2005-01-30 18:42:59

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\SYSTEM32\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

about:blank

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\SYSTEM32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

about:blank

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [\*]

Protocol 1: MSAFD Tcpip [uDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [\*]

Protocol 2: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [\*]

Protocol 3: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] SEQPACKET 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] DATAGRAM 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] SEQPACKET 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] DATAGRAM 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] SEQPACKET 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] DATAGRAM 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] SEQPACKET 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] DATAGRAM 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP

Namespace Provider 1: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS

Namespace Provider 2: Obszar nazw rozpoznawania lokalizacji w sieci (NLA)

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace


(Kordakordas) #10

zaraz to zrobię pokaze jeszcze raport ze spybot to on

--- Search result list ---

Alexa Related: What's related link (Zastąp plik, nothing done)

C:\WINDOWS\Web\related.htm

Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)

HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer

Download Accelerator Plus ads: Banner (Zastąp plik, nothing done)

C:\PROGRA~1\DAP\dap.gif

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSUpdates

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSProxy

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSNoTrigger

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSLeech

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSFileList

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSCategory

Download Accelerator Plus ads: Ad category (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSADS

Download Accelerator Plus ads: Default ad category (Zmiany rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultCategory=Default

Download Accelerator Plus ads: IE extension (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions{669695BC-A811-4A9D-8CDF-BA8C795F261C}

Download Accelerator Plus ads: Root class (Klucz rejestru, nothing done)

HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Zmiany rejestru, nothing done)

HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert

DyFuCA.InternetOptimizer: Global settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\Software\Avenue Media

DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer

DyFuCA.InternetOptimizer: Uninstall settings (Klucz rejestru, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA

DyFuCA.InternetOptimizer: User settings (Klucz rejestru, nothing done)

HKEY_USERS\S-1-5-21-1935655697-1343024091-682003330-1003\Software\Avenue Media

--- Spybot - Search && Destroy version: 1.3 ---

2004-05-12 Includes\Cookies.sbi

2004-05-12 Includes\Dialer.sbi

2004-05-12 Includes\Hijackers.sbi

2004-05-12 Includes\Keyloggers.sbi

2004-05-12 Includes\LSP.sbi

2004-05-12 Includes\Malware.sbi

2004-05-12 Includes\Revision.sbi

2004-05-12 Includes\Security.sbi

2004-05-12 Includes\Spybots.sbi

2004-05-12 Includes\Tracks.uti

2004-05-12 Includes\Trojans.sbi

--- System information ---

Windows XP (Build: 2600) Dodatek Service Pack. 1

--- Startup entries list ---

Located: HK_LM:Run, AOLDialer

command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

size: 497240

MD5: 0fbbab949dc3de2377677770d7fe0cfb

Located: HK_LM:Run, avast!

command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

size: 98352

MD5: 8da93b410d163cf5b93a3aa262dd458a

Located: HK_LM:Run, AVGCtrl

command: C:\Program Files\AVPersonal\AVGNT.EXE /min

Located: HK_LM:Run, ControlPanel

command: C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

Located: HK_LM:Run, CTStartup

command: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

Located: HK_LM:Run, DownloadAccelerator

command: C:\PROGRA~1\DAP\DAP.EXE /STARTUP

file: C:\PROGRA~1\DAP\DAP.EXE

size: 1565696

MD5: ea231c3b1aeb365cc5d22dc7c0623424

Located: HK_LM:Run, EPSON Stylus CX6600 Series

command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

size: 98304

MD5: 7577019a01c57ea335b1e33dda25a3dd

Located: HK_LM:Run, Jet Detection

command: "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

file: C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

size: 28672

MD5: 7df5f447de9e4600f8c77a00d86d210b

Located: HK_LM:Run, NavRegReminder

command: "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

file: C:\WINDOWS\temp\NavBrowser.exe

size: 212992

MD5: 8f947be87c849bb5df3dddc75cad208f

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\RUNDLL32.EXE

size: 31744

MD5: b0065d0558cf97154a429311dd8c4329

Located: HK_LM:Run, nwiz

command: nwiz.exe /install

file: C:\WINDOWS\system32\nwiz.exe

size: 741376

MD5: 136dca0809ff9a4c5470b64a65044ae4

Located: HK_LM:Run, QuickTime Task

command: "C:\Program Files\QuickTime\qttask.exe" -atboottime

file: C:\Program Files\QuickTime\qttask.exe

size: 98304

MD5: 9b4c1812595c389ab9ccf1ff3b315248

Located: HK_LM:Run, UpdReg

command: C:\WINDOWS\UpdReg.EXE

file: C:\WINDOWS\UpdReg.EXE

size: 90112

MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_LM:Run, WINDVDPatch

command: CTHELPER.EXE

file: C:\WINDOWS\system32\CTHELPER.EXE

size: 24576

MD5: 3c7a868402b2dd7b65ac32bed886d9e5

Located: HK_LM:Run, Zone Labs Client

command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

size: 714000

MD5: 839fbb1afbac1bbf1ec5974c11dc96b9

Located: HK_CU:Run, CTFMON.EXE

command: C:\WINDOWS\System32\ctfmon.exe

file: C:\WINDOWS\System32\ctfmon.exe

size: 13312

MD5: 0c4c012b0a8960f48a666c240a7baa3d

Located: HK_CU:Run, NvMediaCenter

command: RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

file: C:\WINDOWS\system32\RUNDLL32.EXE

size: 31744

MD5: b0065d0558cf97154a429311dd8c4329

Located: HK_CU:Run, TaskBar

command: "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

size: 122880

MD5: 4d3912f39e77f605d5be1e1531515fbb

Located: HK_CU:Run, TaskTray

command: "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

file: C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

size: 163840

MD5: dd12fa3c35b37b595fa66d8494e54abd

Located: Startup (common), AOL 9.0 Tray-Symbol.lnk

command: C:\Program Files\AOL 9.0\aoltray.exe

file: C:\Program Files\AOL 9.0\aoltray.exe

size: 156784

MD5: 0243b985d3b4f7699f922a572bc54057

Located: Startup (common), BitWare Print Monitor.lnk

command: C:\BITWARE\NT\bwprnmon.exe

file: C:\BITWARE\NT\bwprnmon.exe

size: 54272

MD5: cdb8a9500e97bc8ddf6d160cd313c9ca

--- Browser helper object list ---

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)

BHO name:

CLSID name: AcroIEHlprObj Class

description: Adobe Acrobat reader

classification: Legitimate

known filename: ACROIEHELPER.OCX

info link: http://www.adobe.com/products/acrobat/readstep2.html

info source: TonyKlein

Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\

Long name: AcroIEHelper.ocx

Short name: ACROIE~1.OCX

Date (created): 2005-01-23 18:56:14

Date (last access): 2005-01-30

Date (last write): 2001-03-02 12:02:04

Filesize: 37808

Attributes: archive

MD5: 8394ABFC1BE196A62C9F532511936DF7

CRC32: 71D6E350

Version: 0.1.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()

BHO name:

CLSID name:

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDHelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\PROGRA~1\SPYBOT~1\

Long name: SDHelper.dll

Short name: SDHELPER.DLL

Date (created): 2004-05-12 01:03:00

Date (last access): 2005-01-30

Date (last write): 2004-05-12 01:03:00

Filesize: 744960

Attributes: archive

MD5: ABF5BA518C6A5ED104496FF42D19AD88

CRC32: 5587736E

Version: 0.1.0.3

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)

BHO name:

CLSID name: EpsonToolBandKicker Class

Path: C:\Program Files\EPSON\EPSON Web-To-Page\

Long name: EPSON Web-To-Page.dll

Short name: EPSONW~1.DLL

Date (created): 2005-01-25 18:58:16

Date (last access): 2005-01-30

Date (last write): 2004-02-10 14:08:58

Filesize: 339968

Attributes: archive

MD5: 230F34EB9C919978C23E6939120DB35C

CRC32: D4C5D89F

Version: 0.1.0.0

--- ActiveX list ---

DirectAnimation Java Classes (DirectAnimation Java Classes)

DPF name: DirectAnimation Java Classes

CLSID name:

description:

classification: Legitimate

known filename: %WINDIR%\Java\classes\dajava.cab

info link:

info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)

DPF name: Microsoft XML Parser for Java

CLSID name:

description:

classification: Legitimate

known filename: %WINDIR%\Java\classes\xmldso.cab

info link:

info source: Patrick M. Kolla

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)

DPF name:

CLSID name: ActiveScan Installer Class

Path: C:\WINDOWS\Downloaded Program Files\

Long name: asinst.dll

Short name:

Date (created): 2005-01-24 17:00:26

Date (last access): 2005-01-30

Date (last write): 2005-01-24 17:00:26

Filesize: 110592

Attributes: archive

MD5: BE23978B4E6B26A5200A6D358A48E44C

CRC32: 8E896EE3

Version: 0.57.0.2

--- Process list ---

Spybot - Search && Destroy process list report, 2005-01-30 18:42:58

PID: 0 ( 0) [system]

PID: 4 ( 0) System

PID: 364 (1108) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

PID: 376 (1108) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

PID: 384 (1108) C:\Program Files\QuickTime\qttask.exe

PID: 392 (1108) C:\WINDOWS\System32\CTHELPER.EXE

PID: 428 (1108) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

PID: 440 ( 4) \SystemRoot\System32\smss.exe

PID: 496 (1108) C:\PROGRA~1\DAP\DAP.EXE

PID: 512 ( 440) CSRSS.EXE

PID: 536 ( 440) \??\C:\WINDOWS\system32\winlogon.exe

PID: 580 ( 536) C:\WINDOWS\system32\services.exe

PID: 592 ( 536) C:\WINDOWS\system32\lsass.exe

PID: 748 ( 580) C:\WINDOWS\system32\svchost.exe

PID: 772 ( 580) C:\WINDOWS\System32\svchost.exe

PID: 808 (1108) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

PID: 840 ( 580) SVCHOST.EXE

PID: 852 (1108) C:\WINDOWS\System32\ctfmon.exe

PID: 896 ( 580) SVCHOST.EXE

PID: 948 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

PID: 992 (1108) C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

PID: 1012 ( 580) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PID: 1108 (1080) C:\WINDOWS\Explorer.EXE

PID: 1128 ( 580) C:\WINDOWS\system32\spoolsv.exe

PID: 1220 ( 580) ALG.EXE

PID: 1232 ( 580) C:\Program Files\AVPersonal\AVGUARD.EXE

PID: 1244 ( 580) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

PID: 1292 ( 580) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PID: 1304 ( 580) C:\Program Files\Alwil Software\Avast4\ashServ.exe

PID: 1348 ( 580) C:\Program Files\AVPersonal\AVWUPSRV.EXE

PID: 1360 ( 580) C:\WINDOWS\System32\CTsvcCDA.exe

PID: 1428 ( 580) C:\WINDOWS\System32\nvsvc32.exe

PID: 1540 (1108) C:\BITWARE\NT\bwprnmon.exe

PID: 1588 ( 580) C:\WINDOWS\System32\svchost.exe

PID: 1740 ( 580) C:\WINDOWS\System32\MsPMSPSv.exe

PID: 2492 ( 748) WMIPRVSE.EXE

PID: 2904 ( 772) C:\WINDOWS\System32\wuauclt.exe

PID: 2968 (2972) C:\DOCUME~1\jarek\USTAWI~1\Temp\INS2E.tmp

PID: 2972 (1108) C:\Documents and Settings\jarek\Pulpit\aida32.exe

PID: 3040 (3008) C:\Program Files\AOL 9.0\waol.exe

PID: 3204 (3040) C:\Program Files\AOL 9.0\shellmon.exe

PID: 3216 (3040) C:\Program Files\Common Files\Aol\aoltpspd.exe

--- Browser start & search pages list ---

Spybot - Search && Destroy browser pages report, 2005-01-30 18:42:59

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\SYSTEM32\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

about:blank

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\SYSTEM32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

about:blank

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [\*]

Protocol 1: MSAFD Tcpip [uDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [\*]

Protocol 2: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [\*]

Protocol 3: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] SEQPACKET 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0510B485-AD17-4646-85E3-B07D2DFE941A}] DATAGRAM 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{286B7EAA-CA1C-4A78-B80D-54D63D08CFEE}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E80B12B7-BB32-4D5F-839C-6ACE7442890D}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7367C572-945F-41AC-8B11-0BD294FFCB36}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] SEQPACKET 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3833E59-2433-43E5-A809-BAFF36F6D24D}] DATAGRAM 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] SEQPACKET 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A153FA0-6B1C-4AC8-8AB6-ACBFFA56C21D}] DATAGRAM 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] SEQPACKET 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05031B14-A000-4203-B554-9CF005F108FF}] DATAGRAM 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP

Namespace Provider 1: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS

Namespace Provider 2: Obszar nazw rozpoznawania lokalizacji w sieci (NLA)

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace


(Adarek) #11

Zainstaluj i uruchom jeszcze program :

http://www.networld.pl/ftp/pc/programy/ ... r.1.3.html


(Alwaro7) #12

witajcie!

Na ekranie monitora pojawiła mi się jakaś nakładka z jakimś glupim komunikatem po angielsku (jakieś ostrzeżenie) . Restartuje kompa i nic, przeskanowalem antywirem i tez nic (mimo ze wykryl troche trojanow i dialerow). Chce jakos usunąć to g..... ale nie mogę. Doradzcie mi cos jesli mozecie. Mam XP a zrobilo mi sie to na uzytkowniku mojego brata. Na moim wszystko jest ok.

Na wszelki wypadek podaje tez swojego loga:

Logfile of HijackThis v1.97.7

Scan saved at 21:15:00, on 2005-01-30

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\Fmctrl.EXE

C:\WINDOWS\System32\RUNDLL32.exe

C:\Program Files\Windows ServeAd\WinServAd.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Progra~1\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\mozilla.org\Mozilla\mozilla.exe

C:\SEBASTIAN\Niepewne\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL

O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll

O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll

O2 - BHO: (no name) - {E673776E-B98F-C751-89D9-E0ABD8700295} - C:\WINDOWS\System32\tply.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Progra~1\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab

O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} (iiittt Class) - http://www.begin2search.com/toolbar/bar/winb2s32.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTIn ... e-c282.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/ ... mv9VCM.CAB

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://advnt01.com/dialer/russia.CAB

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdat ... t/opuc.cab

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets ... refid=2732

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab


(Adarek) #13

Tiffany

Wyłącz przywracanie systemu

Start kompa do awaryjnego

Usuń

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html 

O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll 


O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll 

O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll 

O2 - BHO: (no name) - {E673776E-B98F-C751-89D9-E0ABD8700295} - C:\WINDOWS\System32\tply.dll 

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) 

O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll 


O4 - HKLM\..\Run: [SystemTray] SysTray.Exe 

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE 

O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe 


O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" 

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k 


O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe 

O9 - Extra button: Related (HKLM) 

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) 

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab 

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab 

O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} (iiittt Class) - http://www.begin2search.com/toolbar/bar/winb2s32.cab 

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c282.cab 

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB 

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://advnt01.com/dialer/russia.CAB 

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab 

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx 

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Restart kompa.

Pełno trojanów !!

Do tego skan programami :

Pestpatrol

Ewido Free Security Suite

ETD Security Scanner 3.0

http://www.download.com/ETD-Security-Sc ... 29424.html

CWShredder 2.12

Szukasz i kasujesz plik DESKTOP.HTML z C:\WINDOWS\WEB

oraz obrazki o nazwach i_01.gif Może ich byż mase

Następnie Panel Sterowania ekran Pulpit Dostosuj Pulpit ... Sieć web Usuń stronę syfa.

Pobiera i instaluje Sp2 !!


(Kordakordas) #14

Znalazłem Desktop.html w c:\windows usunąć go tam? Obrazków nie znalazłem.Zrobiłem gruntowny skan avastem wykrył win32.codbas-12(trj)tego nie moze usunąć ręcznie tez nie mogę(nie może odnalesc sciezki),eadmee.dll,js:classloade-6,js:classloade-5,vbs:malware(gen),win32:dialer-e(trj),js:nocheat-2, te usuną.to log Logfile of HijackThis v1.98.2

Scan saved at 01:01:23, on 2005-01-31

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\wuauclt.exe

c:\Program Files\PestPatrol\CookiePatrol.exe

c:\Program Files\PestPatrol\PPMemCheck.exe

c:\Program Files\PestPatrol\PPControl.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip2.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NetAnts.IE.Monitor - {57E91B41-F40A-11D1-B792-444553540000} - C:\Program Files\NetAnts\AntAPI.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

O4 - HKLM..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

O4 - HKLM..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

O4 - HKCU..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm

O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm

O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe

O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip..{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145

O17 - HKLM\System\CS1\Services\Tcpip..{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145

a to log z nowej wersji Logfile of HijackThis v1.99.0

Scan saved at 01:02:27, on 2005-01-31

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\wuauclt.exe

c:\Program Files\PestPatrol\CookiePatrol.exe

c:\Program Files\PestPatrol\PPMemCheck.exe

c:\Program Files\PestPatrol\PPControl.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\Documents and Settings\jarek\Ustawienia lokalne\Temp\Katalog tymczasowy 8 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NetAnts.IE.Monitor - {57E91B41-F40A-11D1-B792-444553540000} - C:\Program Files\NetAnts\AntAPI.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

O4 - HKLM..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

O4 - HKLM..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

O4 - HKCU..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm

O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm

O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe

O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip..{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145

O17 - HKLM\System\CS1\Services\Tcpip..{05031B14-A000-4203-B554-9CF005F108FF}: NameServer = 205.188.146.145

O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


(Kordakordas) #15

Sprawdziłem system pestpatrolem ale narazie nie wiem dokładnie jak z niego korzystac to jego r"",Pest,Pest Info,File Info,""

16,DyFuCA,Category: Adware Background Info: Click here,In Registry: HKEY_CURRENT_USER\software\avenue media,""

2,Cydoor,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In Registry: HKEY_CURRENT_USER\software\cydoor,""

17,DyFuCA,Category: Adware Background Info: Click here,In Registry: HKEY_LOCAL_MACHINE\software\avenue media,""

18,DyFuCA,Category: Adware Background Info: Click here,In Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca,""

19,DyFuCA,Category: Adware Background Info: Click here,In Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer,""

21,Cydoor Directory,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In Directory: C:\WINDOWS\system32\adcache Date: 20050130 21:54:04,""

1,CWS.GoogleMS.3,Category: Adware Background Info: Click here,In Registry: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\xxxtoolbar.com,""

3,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_CLASSES_ROOT\clsid{235d7a27-de65-49f0-bfcf-d5c3bc3b2e67},""

4,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_CLASSES_ROOT\clsid{62999427-33fc-4baf-9c9c-bce6bd127f08},""

5,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_CLASSES_ROOT\dapiebar.cbareventer,""

6,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_CLASSES_ROOT\dapiebar.dapiebarband,""

7,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_LOCAL_MACHINE\software\classes\clsid{235d7a27-de65-49f0-bfcf-d5c3bc3b2e67},""

8,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_LOCAL_MACHINE\software\classes\clsid{62999427-33fc-4baf-9c9c-bce6bd127f08},""

9,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_LOCAL_MACHINE\software\classes\clsid{82351441-9094-11d1-a24b-00a0c932c7df},""

10,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_LOCAL_MACHINE\software\classes\interface{5252ac41-94bb-11d1-b2e7-444553540000},""

11,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_LOCAL_MACHINE\software\classes\interface{82351440-9094-11d1-a24b-00a0c932c7df},""

12,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_LOCAL_MACHINE\software\classes\interface{f32c7705-1dad-4b09-b60a-40f1d9b3dbc9},""

13,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_LOCAL_MACHINE\software\classes\protocols\name-space handler\https\zda|pattern1,""

14,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_LOCAL_MACHINE\software\classes\typelib{82351433-9094-11d1-a24b-00a0c932c7df},""

20,MoneyTree,"Category: Dialer Author: [Avenue Media, N.V.] Release Date: 5/7/2004 0:00:00 Background Info: Click here",In Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer active alert,""

15,Download Accelerator Plus,"Category: Browser Helper Object Author: SpeedBit, Ltd. Release Date: 2/3/2004 0:00:00 Background Info: Click here",In Registry: HKEY_LOCAL_MACHINE\software\speedbit,""

35,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_518400.htm Date: 20050130 22:09:22,""

22,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_513200.gif Date: 20050130 21:56:04,""

23,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_514800.gif Date: 20050130 21:56:38,""

24,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_516800.gif Date: 20050130 21:57:16,""

25,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_519800.gif Date: 20050130 21:57:48,""

26,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_535700.gif Date: 20050130 21:58:22,""

27,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_542200.gif Date: 20050130 21:58:54,""

28,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_587400.gif Date: 20050130 21:59:28,""

29,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_645000.gif Date: 20050130 21:59:46,""

30,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_645100.gif Date: 20050130 22:00:04,""

32,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_646000.htm Date: 20050130 22:00:54,""

31,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_646000.swf Date: 20050130 22:00:54,""

34,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_646200.htm Date: 20050130 22:09:16,""

33,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_1_646200.swf Date: 20050130 22:01:44,""

36,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_2_560300.gif Date: 20050130 22:09:28,""

37,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_0_2_658000.gif Date: 20050130 22:09:38,""

38,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_512400.htm Date: 20050130 22:09:40,""

39,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_518700.gif Date: 20050130 22:09:52,""

45,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_518700.htm Date: 20050130 22:10:14,""

40,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_540900.gif Date: 20050130 22:10:00,""

46,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_540900.htm Date: 20050130 22:10:14,""

41,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_542400.htm Date: 20050130 22:10:02,""

42,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_1_655700.htm Date: 20050130 22:10:02,""

43,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_2_634600.htm Date: 20050130 22:10:02,""

47,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_2_646400.htm Date: 20050130 22:10:14,""

44,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_2_646400.swf Date: 20050130 22:10:12,""

56,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_500300.htm Date: 20050130 22:13:02,""

48,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_500300.swf Date: 20050130 22:10:34,""

57,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_502500.htm Date: 20050130 22:13:02,""

49,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_502500.swf Date: 20050130 22:10:52,""

58,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_503000.htm Date: 20050130 22:13:02,""

50,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_503000.swf Date: 20050130 22:11:18,""

59,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_506100.htm Date: 20050130 22:13:02,""

51,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_506100.swf Date: 20050130 22:11:38,""

60,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_506700.htm Date: 20050130 22:13:02,""

52,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_506700.swf Date: 20050130 22:11:56,""

61,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_507000.htm Date: 20050130 22:13:02,""

53,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_507000.swf Date: 20050130 22:12:08,""

62,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_518900.htm Date: 20050130 22:13:02,""

54,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_518900.jpg Date: 20050130 22:12:30,""

55,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_561200.gif Date: 20050130 22:13:00,""

63,Cydoor?,Category: Adware Author: [Cydoor Desktop Media] Release Date: 2/5/2004 0:00:00 Background Info: Click here,In File: C:\WINDOWS\system32\adcache\B_632_1_3_561200.htm Date: 20050130 22:13:04,""

aport nie wiem czy mam to wszystko usunąć i jak


(Maniooo666) #16

Witam,

POCZYTAJ, i nie wklejaj takich kobylastych logów, bo to nie ma sensu.

Czekaj cierpliwie i poczytaj o konfiguracji Pest Patrol.


(Adarek) #17

Pobierasz programik KillBox.

http://www.bleepingcomputer.com/files/killbox.php

znajdujesz nim plik albo sam wklejasz /wpiujesz mu scieżkę dostepu i nazwę pliku . Klikasz standatr Kill , Klikasz czerwony znaczek X i OK. Jesli nie skasuje . zaznaczasz drugą pozycję Delate on Rebor. Wtedy nastąpi restart i pwinno być już po trefnym pliku.

Co do Pesta zaznaczasz Selekt All i klikasz Remowe. Na zakładce Options >>>Whats To Search For zaznaczasz jakie typy plików ma wyszukiwać.

Teraz zaznacz wszystko i skasuj. Wykrył kupe szpiegów , po kaazie też.

W msconfig na zakładce uruchamianie możesz odhaczyć 3 wpisy pesta aby nie mulił dodadkowo i i uruchamiał sie razem ze startem systemu.

Tak samo odhacz Nero

Możesz jeszcze usunąć

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm 

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm 

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

Restart kompa i powinno być ok.