Jakies wirusy

Dla specjalistów Bezpieczeństwo
#1

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

#2
  1. Wyłączasz przywracanie systemu
  1. Start => uruchom => cmd => w konsoli, która się otworzy wpisujesz:
  1. Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

c:\rev.exe

C:\WINDOWS\System32\mswsus.exe

C:\WINDOWS\SYSCFG16.EXE

C:\WINDOWS\System32\dllcache\updtftpini.exe

po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, a dopiero po wklejeniu ostatniej zgadzasz się na restart.

  1. Zaznaczony folder usuń ręcznie w trybie awaryjnym:

C:\Program Files** MyGlobalSearch**

  1. Usuwasz w hjt:
  1. Nowy log z HijackThis oraz SilentRunners.
#3

jednego loga nie bylo co podales do skasowania ;/ a jeden jeszcze mnie zastanawia czy nie trzeba czasem skasowac :

a nie bylo tego loga w hijakckthis:

a pozatym dzieki jezeli to wszystko

#4

Poszukaj pliku na dysku i usuń ręcznie w trybie awaryjnym jeśli będzie, a wpis w hjt.

Potem proszę wkleić log z SilentRunners.

#5

nie znalazlem tego recznie ale skasowalem w hjt

o to log z sillent ;

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”]

“TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”]

“SunJavaUpdateSched” = “C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe” [null data]

“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“MSConfig” = “C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto” [MS]

“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture”

-> {HKLM…CLSID} = “BitComet Helper”

\InProcServer32(Default) = “C:\Program Files\BitComet\tools\BitCometBHO.dll” [“BitComet”]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]

{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)

-> {HKLM…CLSID} = “Windows Live Sign-in Helper”

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}” = “Messenger Sharing Folders”

-> {HKLM…CLSID} = “Moje foldery udostępniania”

\InProcServer32(Default) = “C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll” [MS]

“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”

-> {HKLM…CLSID} = “RealOne Player Context Menu Class”

\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]

“{AD392E40-428C-459F-961E-9B147782D099}” = “UltraISO”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]

Startup items in “emo” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

“{37B85A29-692B-4205-9CAD-2626E4993404}”

-> {HKLM…CLSID} = “My Global Search Bar”

\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL” [file not found]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{37B85A29-692B-4205-9CAD-2626E4993404}”

-> {HKLM…CLSID} = “My Global Search Bar”

\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL” [file not found]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}”

Running Services (Display Name, Service Name, Path {Service DLL}):

Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”]

<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 64 seconds, including 6 seconds for message boxes)

#6

Otwórz notatnik i wklej w nim to:

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa :slight_smile:

Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.

Pozatym przejrzyj: Lista zbędników w autostarcie oraz Optymalizacja XP.

Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie. :slight_smile:

#7

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS]

“Komunikator” = ““C:\Program Files\Tlen.pl\tlen.exe” --confdir=home” [“o2.pl Sp. z o.o.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”]

“TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”]

“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“MSConfig” = “C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto” [MS]

“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture”

-> {HKLM…CLSID} = “BitComet Helper”

\InProcServer32(Default) = “C:\Program Files\BitComet\tools\BitCometBHO.dll” [“BitComet”]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]

{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)

-> {HKLM…CLSID} = “Windows Live Sign-in Helper”

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}” = “Messenger Sharing Folders”

-> {HKLM…CLSID} = “Moje foldery udostępniania”

\InProcServer32(Default) = “C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll” [MS]

“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”

-> {HKLM…CLSID} = “RealOne Player Context Menu Class”

\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]

“{AD392E40-428C-459F-961E-9B147782D099}” = “UltraISO”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]

Startup items in “emo” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Złączono Posta : 19.12.2006 (Wto) 16:08

ehh to nie to chyba jeszcze raz

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS]

“Komunikator” = ““C:\Program Files\Tlen.pl\tlen.exe” --confdir=home” [“o2.pl Sp. z o.o.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”]

“TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”]

“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“MSConfig” = “C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto” [MS]

“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture”

-> {HKLM…CLSID} = “BitComet Helper”

\InProcServer32(Default) = “C:\Program Files\BitComet\tools\BitCometBHO.dll” [“BitComet”]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]

{9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided)

-> {HKLM…CLSID} = “Windows Live Sign-in Helper”

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}” = “Messenger Sharing Folders”

-> {HKLM…CLSID} = “Moje foldery udostępniania”

\InProcServer32(Default) = “C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll” [MS]

“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”

-> {HKLM…CLSID} = “RealOne Player Context Menu Class”

\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]

“{AD392E40-428C-459F-961E-9B147782D099}” = “UltraISO”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]

Startup items in “emo” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [empty string]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}”

Running Services (Display Name, Service Name, Path {Service DLL}):

Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”]

<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 169 seconds, including 8 seconds for message boxes)

#8

Jest ok.

Pozamykaj porty robakom. W tym celu użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

#9

mam juz ten program…sa na zielone wszystkie oprocz jednego na zolto…wiec powinno byc ok.Ale wlasnie robie scandisca na bezpieczenstwo.onet.pl i mi wykrywa Trojany … jakis ZASU.a bodajze …

Złączono Posta : 19.12.2006 (Wto) 16:16

hmm jezeli to jest istotne to nie mam zadnego antywirusa i firewalla ;d

#10

Proszę podać dokładne lokalizacje do plików, które są wykrywane jako zainfekowane.

Najlepiej wklej raport - w nim wszystko będą dokładne wyniki.

Koniecznie zainstaluj jakiegoś.

http://forum.dobreprogramy.pl/viewtopic.php?t=60116

#11

ok zainstaluje a co do lokalizacji to na tym gownianym onecie w skanerze nie ma dziennika i nie wiem jakie byly lokalizacje…wiem tylko ze je pousuwalem tym skanerem bo bylo to mozliwe

#12

Pobierz program AVG Anti-Spyware zrób update i przeskanuj.

Potem wrzuć z niego raport.

#13

tego jest tyle ze nie wiem co wybrac…podaj mi jak mozesz konkretnego linka juz do sciagniecia jakiegos firewalla do blokowania wirow trojanow hakerow … dzieki …

#14

Zrób tak jak radziłem - zrób skan AVG Anti-Spyware i pokaż raport.

Po zainstalowaniu i uruchomieniu programu w zakładce Scanner (a w w niej w części Scan ) możesz przeskanować system.

Po zakończeniu skanowania proszę kliknąć Save Report , a potem przejść do zakładki Reports , odnaleźć ostatni raport i wkleić go na Forum.

#15

oto raport troche tego syfu bylo… ;d

AVG Anti-Spyware - Scan Report

  • Created at: 17:10:51 2006-12-19

  • Scan result:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.

C:!KillBox\mswsus.exe -> Backdoor.SdBot : No action taken.

C:\WINDOWS\system32.exe -> Backdoor.SdBot : No action taken.

E:\Gry\mu2\Apocalypse - New\Launcher.exe -> Backdoor.Sturf : No action taken.

E:\Gry\mu\Apocalypse - New\Launcher.exe -> Backdoor.Sturf : No action taken.

C:\WINDOWS\system32\drivers\ndisfilter.sys -> Backdoor.Zosu.a : No action taken.

:mozilla.378:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.379:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.380:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.381:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.382:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.383:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.384:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.385:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.386:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.387:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.388:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.389:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.390:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.391:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.392:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.393:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.394:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.461:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.464:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.567:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\emo\Cookies\emo@2o7[1].txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\emo\Cookies\emo@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.

:mozilla.142:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.143:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

C:\Documents and Settings\emo\Cookies\emo@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.164:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.165:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.419:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.420:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.571:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.572:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.71:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.72:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.81:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.85:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

C:\Documents and Settings\emo\Cookies\emo@ad.adocean[2].txt -> TrackingCookie.Adocean : No action taken.

C:\Documents and Settings\emo\Cookies\emo@gde.adocean[2].txt -> TrackingCookie.Adocean : No action taken.

C:\Documents and Settings\emo\Cookies\emo@my.adocean[1].txt -> TrackingCookie.Adocean : No action taken.

:mozilla.308:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.309:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.311:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.312:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.314:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.

:mozilla.480:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adtech : No action taken.

:mozilla.481:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Adtech : No action taken.

:mozilla.305:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Advertising : No action taken.

:mozilla.306:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Advertising : No action taken.

:mozilla.307:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Advertising : No action taken.

:mozilla.313:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.

:mozilla.476:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Bfast : No action taken.

:mozilla.323:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.

:mozilla.341:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.

:mozilla.344:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.

:mozilla.136:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.

:mozilla.141:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.

:mozilla.502:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Com : No action taken.

:mozilla.243:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.

:mozilla.137:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.138:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.139:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.140:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.455:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.456:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.457:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.458:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.263:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.

:mozilla.264:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.

:mozilla.352:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.

:mozilla.353:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.

:mozilla.415:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.

:mozilla.424:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.

:mozilla.100:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.

:mozilla.101:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.

:mozilla.102:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.

:mozilla.98:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.

:mozilla.99:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.

:mozilla.548:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Ivwbox : No action taken.

:mozilla.675:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.

:mozilla.676:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.

:mozilla.677:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.

:mozilla.664:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.

:mozilla.153:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.

:mozilla.295:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Onestat : No action taken.

:mozilla.296:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Onestat : No action taken.

:mozilla.589:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Overture : No action taken.

:mozilla.252:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Paycounter : No action taken.

:mozilla.602:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.

:mozilla.603:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.

:mozilla.604:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.

:mozilla.605:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.

:mozilla.160:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Revenue : No action taken.

:mozilla.161:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Revenue : No action taken.

:mozilla.511:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.

:mozilla.512:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.

:mozilla.172:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.173:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.174:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.175:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.176:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.177:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.178:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.179:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.180:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.181:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.182:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.183:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.184:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.185:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.186:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.187:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.188:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.189:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.190:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.191:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.192:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.193:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.194:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.195:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.196:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.197:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.198:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.199:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.200:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.201:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.202:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.203:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.204:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.205:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.206:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.207:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.208:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.209:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.210:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.211:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.212:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.213:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.214:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.215:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.216:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.217:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.218:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.219:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.220:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.221:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

:mozilla.91:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.

:mozilla.92:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.

:mozilla.354:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.

:mozilla.355:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.

:mozilla.356:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.

:mozilla.357:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.

:mozilla.358:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.

:mozilla.132:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.

:mozilla.133:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.

:mozilla.134:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.

:mozilla.76:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.77:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.78:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.79:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.80:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

C:\Documents and Settings\emo\Cookies\emo@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.154:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.

:mozilla.155:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.

:mozilla.156:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.

:mozilla.157:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.

:mozilla.158:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.

:mozilla.159:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.

:mozilla.289:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.

:mozilla.144:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.145:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.146:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.148:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.234:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

:mozilla.235:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

:mozilla.236:C:\Documents and Settings\emo\Dane aplikacji\Mozilla\Firefox\Profiles\n956d8v3.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

::Report end

#16

Usuń wszystko, co znalazł. Dodatkowo usuń ten folder z dysku: C:\ !KillBox

Użyj tego narzędzia -> http://dobreprogramy.pl/index.php?dz=2&id=1188&t=59 i usuń nim wszystko, co znajdzie :slight_smile:

#17

mam jeszcze pytania co do firewalla…jak mam wszystko poustawiac?zebym mogl kiedy chce grac w cos przez internet bo z teog co wiem to firewall blokuje nawet gierki jezeli go nie wylacze czy costam.Chyba trzeba poprosstu dodac programy do listy w firewallarze ktorych nie chce blokowac tak?

#18

W zasadzie tak ;]

Jakiego masz firewalla? Jeśli Kerio to proponuję poczytać:

http://forum.dobreprogramy.pl/viewtopic.php?t=35065

jest tam bardzo ładnie opisana jego konfiguracja, która powinna Ci pomóc w jego konfiguracji…

#19

http://www.kerio.pl/download.aspx sciaglem stad tego Kerio ale tam w tym poscie co podales jest troche inaczej…z ta instalacja…wiec nie wiem jak dokladnie teraz to zrobic…

#20

Sciągnij w takim razie wersje, która jest opisana w tym temacie -> http://forum.dobreprogramy.pl/viewtopic.php?t=35065