Mój komputer rozsyła spam- jakim cudem?

Dla specjalistów Bezpieczeństwo
#1

Witam. Netodawca ograniczył mi dostep do internetu z powodu rozyłania spamu. Antywirusy i inne niz nie znajdują, komp nie dawno po formacie (wcześniej też to samo było). Skanowałem już wszystkim SpyBote, AVG AS, Nod32, G Data AV, oraz różne witaminki (tak to nazwać?) Symanteca. Wklejam log z HJT. Przejrzałem go i nic ciekawego nie widze.

Logfile of HijackThis v1.99.1

Scan saved at 20:40:21, on 2007-02-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Sygate\SPF\smc.exe

D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

D:\Program Files\Eset\nod32krn.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\ATI Technologies\ATI.ACE\cli.exe

D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

D:\Program Files\Eset\nod32kui.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\ATI Technologies\ATI.ACE\cli.exe

D:\Program Files\ATI Technologies\ATI.ACE\cli.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\foobar2000\foobar2000.exe

D:\Documents and Settings\Krzysiek\Pulpit\skanerki antywirusowe\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

Kiedy chce jakąś strone wczytać to pisze “HomeNet Technologies SPAM!!!”

Pisze tam komunikat, że dostęp został ograniczony blabla bla i tam podaja, żeby aktualizować system, ściągnąc antywira, skanowac jakimiś programikawi blabla.

Oczywiście ja to znam na blache i mam nawet lepsze sposoby od nich dlatego nie wiem co robić. Zamieszczam screena z zrzutem ekranu z oknem cmd po wpisaniu komendy “netstat” Prosze o pomoc.

CMD–>Netstat-screen

#2

Może ktoś mi pomóc. Z dnia na dzień jest gorzej. :confused:

#3

Miałem tak samo, napisałem mu że już mam Ad-Aware i Avast!'a i wszystko gra. Musisz mieć antywirusy, i często skanować kompa.

#4

Mojego kumpla tez blokneliw radiowce. Tez rozsyłał spama na serwery itp. Zainstalował SP2 i po problemie maił

#5

antywirusa mam :slight_smile: noda 32, spybota i avg :slight_smile: Sp2 też mam.

#6

Log z Silenta.

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "D:\WINDOWS\system32\ctfmon.exe" [MS]

"Start WingMan Profiler" = "(empty string)" [file not found]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"ATICCC" = ""D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]

"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"nod32kui" = ""D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Groove GFS Browser Helper"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{1CAA843A-6DBD-40EF-AB71-8F7B209997C0}" = "IntelliType Pro Key Settings Control Panel Property Page"

  -> {HKLM...CLSID} = "ITPropertyPage Class"

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Hardware\Keyboard\itcpl.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

  -> {HKLM...CLSID} = "SimpleShlExt Class"

                   \InProcServer32\(Default) = "D:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"

  -> {HKLM...CLSID} = "Groove GFS Browser Helper"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"

  -> {HKLM...CLSID} = "Groove Folder Synchronization"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"

  -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"

  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"

  -> {HKLM...CLSID} = "Groove XML Icon Handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"

  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"

  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Outlook File Icon Extension"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{B4B924A2-EBDA-11DA-95DA-00E08161165F}" = "Dodatki Spika"

  -> {HKLM...CLSID} = "SpikShellExt Class"

                   \InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]

"{2F5AC606-70CF-461C-BFE1-734234536262}" = "WindowBlinds CPL Extension"

  -> {HKLM...CLSID} = "DisplayCplExt Class"

                   \InProcServer32\(Default) = "D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll" ["Stardock.Net, Inc"]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

<> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<> "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

<> WB\DLLName = "D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll" ["Stardock"]


HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

                   \InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]

Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"

  -> {HKLM...CLSID} = "SpikShellExt Class"

                   \InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

VIDEOTRANS\(Default) = "{C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}"

  -> {HKLM...CLSID} = "AmvTransform Class"

                   \InProcServer32\(Default) = "D:\Program Files\MP3 Player Utilities 4.00\AMVConverter\AmvTransform.dll" [empty string]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "D:\Program Files\Eset\nodshex.dll" [null data]

Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"

  -> {HKLM...CLSID} = "SpikShellExt Class"

                   \InProcServer32\(Default) = "D:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]


HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoSaveSettings" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Desktop|

Don't save settings at exit}


"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "D:\WINDOWS\system32\sstext3d.scr" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

D:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 19

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 18

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]


{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Send to OneNote"

"MenuText" = "S&end to OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

  -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

NOD32 Kernel Service, NOD32krn, ""D:\Program Files\Eset\nod32krn.exe"" ["Eset "]

Sygate Personal Firewall, SmcService, "D:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor S330\Driver = "CNMLM45.DLL" ["CANON INC."]

Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 90 seconds, including 5 seconds for message boxes)
#7

Oba logi czyste.

Przeskanuj AVG Anti-Spyware i wrzuć raport.

Czy jesteś w sieci lokalnej?

#8

Raport z AVG. Chyba zaraz napisze do admina. Tylko nie wiem co mu napisać? Przedstawić mu logi, raporty? Może dać odnośnik do tego tematu? Sam już nie wiem. Aha i jeszcze coś, bo podobno jak przyjdzie do ciebie jakiś spam to i ty później możesz do rozsyłać. Dlatego znacie jakiś program antyspamowy, który by się zintegrował z Microsoft Office Outlook 2007?

AVG Anti-Spyware - Scan Report

  • Created at: 13:31:49 2007-02-24

  • Scan result:

:mozilla.197:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.282:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.2o7 : No action taken.

:mozilla.204:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.205:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.101:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.102:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.146:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.147:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.243:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.260:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.261:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.68:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.71:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Adocean : No action taken.

:mozilla.155:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Com : No action taken.

:mozilla.435:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Cqcounter : No action taken.

:mozilla.414:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Falkag : No action taken.

:mozilla.136:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.

:mozilla.137:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.

:mozilla.466:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.

:mozilla.467:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.

:mozilla.121:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Information : No action taken.

:mozilla.122:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Information : No action taken.

:mozilla.123:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Information : No action taken.

:mozilla.430:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Itrack : No action taken.

:mozilla.438:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Onestat : No action taken.

:mozilla.439:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Onestat : No action taken.

:mozilla.311:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Overture : No action taken.

:mozilla.412:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Quarterserver : No action taken.

:mozilla.337:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.

:mozilla.120:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Revenue : No action taken.

:mozilla.358:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.

:mozilla.359:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.

:mozilla.360:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.

:mozilla.69:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.70:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.368:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.

:mozilla.72:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.73:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.74:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.75:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.76:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.157:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

:mozilla.158:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

:mozilla.159:D:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\03v2ofoj.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

::Report end

Jeśli chodzi o “No action taken” to ja te cookie usunąłem tylko za szybko raport zasejwowałem. Pozdro.

#9

Wczoraj napisałeś, że jesteś w sieci lokalnej, a dziś edytowałeś posta. Jeśli jesteś w sieci to możliwe, że nie Ty rozsyłasz ten spam tylko ktoś z sieci dlatego radziłbym to sprawdzić.

AVG znalazł tylko niegroźne ciasteczka. Możesz je usunąć jeśli chcesz ale po tym będziesz musiał ustawiać od nowa autologowanie na forach etc.

Tutaj znajdziesz programy antyspamowe:

http://dobreprogramy.pl/index.php?dz=1&t=81

Proponowałbym wypróbować Spamihilator’a. Testowałem go jakiś czas temu i nie jest zły.