Powracające szkodniki w systemie - logi


(Quicamittoo) #1
Logfile of HijackThis v1.99.1

Scan saved at 21:31:20, on 2006-12-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\winguard.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\DC++\DCPlusPlus.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Documents and Settings\Mrówka\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NetBuster] C:\Documents and Settings\Mrówka\Pulpit\NetBuster.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\winguard.exe

O4 - HKLM\..\Run: [Skaner] F:\Mrowencja\Progsy\ochraniacz\OPZTskaner.exe

O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe /tsr

O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{18B10049-0ACF-4EB0-B23D-91713ECF9959}: NameServer = 153.19.250.100,153.19.120.250

O17 - HKLM\System\CS1\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(squeet) #2

kwitek27

Proszę o lekturę poniższych tematów:

:arrow: http://forum.dobreprogramy.pl/viewtopic.php?t=66889

:arrow: http://forum.dobreprogramy.pl/viewtopic.php?t=36654

I proszę o dostosowanie się do zasad tam panujących:

  • Proszę nazywać tematy konkretnie, aby było wiadomo, jaki problem masz.

(Quicamittoo) #3

AMm na kompie nastepujace szkodniki:advertising.com,HitBox,MediaPlex,Tradedoubler,Zedo.Kilkakrotnie usuwalam je Spybotem,ale dalej sie pojawiaja.Poza tym komputer zachowuje sie dziwnie.Czasami okna same mi sie zamykaja i nie moge wyciac plikow z pulpitu,bo pojawia sie komunikat,ze plik jest obecnie uzywany przez inny program(a nie jest).Czy mozliwe ze ktos mi sie wlamal?


(Joan Sunshine) #4

Ściągasz narzędzie KillBox, zaznaczasz Delete on Reboot, potem klikasz All Files i wklejasz do pola Full Path of File to Delete ścieżkę:

C:\WINDOWS\system32\winguard.exe

Klikasz X i reset sysa.

W HJT zaznaczasz wpisy i klikasz na dole "Fix checked" :

Po zabiegach nowe logi z HiJacka oraz Silent Runners (zaznaczasz No i czekasz aż skończy pracować w tle). :slight_smile:


(Quicamittoo) #5

w HJ po tym jak wcisnelam fix checked,kilknelam yes zamiast no;/Co teraz?


(Joan Sunshine) #6

W HJT jak kliknęłaś "Fix checked" to jest ok :wink:

W Silencie masz zaznaczyć "No".


(Quicamittoo) #7


(Gutek) #8

Jest Ok :slight_smile:


(Joan Sunshine) #9

W HJT zaznaczasz wpisy i klikasz na dole "Fix checked" :

To jakiś Twój progs?

Otwórz notatnik i wklej w nim to:

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa :slight_smile:

Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.

opis tutaj

Pozatym przejrzyj: Lista zbędników w autostarcie

oraz Optymalizacja XP.

Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie. :slight_smile:


(Quicamittoo) #10

juz sie robi.A ochraniacz moj.Zamyka strony pornograficzne,nie chce miec syfu na kompie,a ktos czasem lubi wlazic na takie stronki na moim kompie,wiec zablokowalam.

Złączono Posta : 03.12.2006 (Nie) 23:34

Pojawia sie blad w jv 16 PT po tym jak klikam start.chca zebym zaznaczyla co ma byc wyczyszczone

Złączono Posta : 03.12.2006 (Nie) 23:39

dokladnie pojawia sie:"BLAD!Nic nie zostalo zaznaczone."Tak ma byc?

Złączono Posta : 03.12.2006 (Nie) 23:52

i jeszcze jeden problem.Co to jest Run Dll32 cmicnfg?Mam to odznaczyc w autostracie?Boje sie ze cos popsuje:)Albo Nero checker?To chyba niepotrzebne?

Złączono Posta : 04.12.2006 (Pon) 12:08

Tradedoubler dalej siedzi;/

Złączono Posta : 04.12.2006 (Pon) 15:53

Juz o mnie zapomnieliscie:( Tak czy inaczej dzieki wielkie!Pozbylam sie troche tego syfu.Ale Tradedoubler zostal:(


(Bbieniol) #11

Wrzuć nowe logi :slight_smile:


(Quicamittoo) #12
Logfile of HijackThis v1.99.1

Scan saved at 18:30:54, on 2006-12-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

F:\Mrowencja\Progsy\ochraniacz\OPZTskaner.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Documents and Settings\Mrówka\Pulpit\mksvir2006setup.exe

C:\DOCUME~1\MRWKA~1\USTAWI~1\Temp\RarSFX0\wincheck.exe

C:\Documents and Settings\Mrówka\Pulpit\mksvir2006setup.exe

C:\DOCUME~1\MRWKA~1\USTAWI~1\Temp\RarSFX1\wincheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Mrówka\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Skaner] F:\Mrowencja\Progsy\ochraniacz\OPZTskaner.exe

O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MKS_VIR_2006] C:\Program Files\MKS_VIR_2006\mks2006.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner2k7/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{18B10049-0ACF-4EB0-B23D-91713ECF9959}: NameServer = 153.19.250.100,153.19.120.250

O17 - HKLM\System\CS1\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS_VIR_2006\mksmonsv.exe

O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS_VIR_2006\mks_scan.exe

(Bbieniol) #13

Użyj tego narzędzia -> http://www.idg.pl/ftp/pc_9705/ATF.Cleaner..html i usuń nim wszystkie pliki tymczasowe :slight_smile:

Zrób skan AVG AntySpyware 7.5 po update :slight_smile:

Przeskanuj komputer programami Ad-aware SE Personal 1.06 oraz Spybot Search & Destroy 1.4


(Quicamittoo) #14

przeskanowalam AVG Anti-Spyware,ale podczas kasowania zainfekowanych plikow wyskoczylo:Error while deleting!A Spybot wciaz wykrywa Tradedoublera,usuwam go i przy kolejnym skanowaniu znowu Spybot go znajduje :-x

Nowe logi:

Logfile of HijackThis v1.99.1

Scan saved at 00:19:13, on 2006-12-05

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\MKS_VIR_2006\mksmonsv.exe

C:\WINDOWS\System32\svchost.exe

F:\Mrowencja\Progsy\ochraniacz\OPZTskaner.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\MKS_VIR_2006\mks2006.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\MKS_VIR_2006\mks_scan.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Mrówka\Pulpit\SEKJURITI\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Skaner] F:\Mrowencja\Progsy\ochraniacz\OPZTskaner.exe

O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [MKS_VIR_2006] C:\Program Files\MKS_VIR_2006\mks2006.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MailScanner] C:\Program Files\MKS_VIR_2006\Mks_mail.exe

O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner2k7/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{18B10049-0ACF-4EB0-B23D-91713ECF9959}: NameServer = 153.19.250.100,153.19.120.250

O17 - HKLM\System\CS1\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS_VIR_2006\mksmonsv.exe

O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS_VIR_2006\mks_scan.exe

Złączono Posta : 05.12.2006 (Wto) 0:20

A RESZTE ZALECEN TEZ OCZYWISCIE WYKONALAM:)


(Joan Sunshine) #15

Log jest ok. Tradedoubler to wynik używania IE i jeśli będzie on Twoją przeglądarką, to Tradedoublera będziesz mieć zawsze i od razu po jej otwarciu. Na Twoim miejscu - używałabym liska tak jak teraz, albo Operki :slight_smile:

Poza tym - masz 2 antywiry, zdecyduj się, bo jednego trzeba usunąć.


(Quicamittoo) #16

No dobrze,nie uzywam juz IE.Ale czy jest jakis sposob na pozbycie sie tego Trdadoublera?Usunelam go Spybotem,nie wchodzilam do netu przez IE a on dalej jest.Czy w ogole mozna wyrzucic calkiem IE?


(Joan Sunshine) #17

Hmm spróbuj Ad-aware, u mnie Tradedoublera wykosił bez problemu i skutecznie.

Co do IE - odpowiedź brzmi: nie. Jest on niestety integralną częścią systemu operacyjnego i jeśli spróbujesz go wyciąć, system się posypie :wink:


(Quicamittoo) #18

Ad-aware nie wykryl mi Tradedoublera,za to wykryl TrojanClicker.Chyba format musze zrobic co?


(Joan Sunshine) #19

Chyba nie :wink:

Pokaż raport z Ad-aware, określ, gdzie dokładnie wykrywa tego trojana.


(Quicamittoo) #20

Win32.TrojanClicker zlokalizowany:C:\Documents and Settings\All Users\Dane Aplikacji\Kaspersky Lab\A VP6\PdmHist\eb0.7 A9B8CB601C71866.history\00000004.bak

Logi:

Ad-Aware SE Build 1.06r1

Logfile Created on:5 grudnia 2006 14:03:46

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R136 04.12.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):37 total references

Win32.TrojanClicker(TAC index:10):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file


Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects



2006-12-05 14:03:46 - Scan started. (Full System Scan)


 MRU List Object Recognized!

    Location: : C:\Documents and Settings\Mrówka\recent

    Description : list of recently opened documents



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles

    Description : list of recently used files in adobe reader



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\adobe\photoshop\7.0\visiteddirs

    Description : adobe photoshop 7 recent work folders



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\ahead\cover designer\recent file list

    Description : list of recently used files in ahead cover designer



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\ahead\nero - burning rom\recent file list

    Description : list of recently used files in nero burning rom



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\direct3d\mostrecentapplication

    Description : most recent application to use microsoft direct3d



 MRU List Object Recognized!

    Location: : software\microsoft\direct3d\mostrecentapplication

    Description : most recent application to use microsoft direct3d



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\direct3d\mostrecentapplication

    Description : most recent application to use microsoft direct X



 MRU List Object Recognized!

    Location: : software\microsoft\direct3d\mostrecentapplication

    Description : most recent application to use microsoft direct X



 MRU List Object Recognized!

    Location: : software\microsoft\directdraw\mostrecentapplication

    Description : most recent application to use microsoft directdraw



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\internet explorer

    Description : last download directory used in microsoft internet explorer



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\internet explorer\typedurls

    Description : list of recently entered addresses in microsoft internet explorer



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\mediaplayer\medialibraryui

    Description : last selected node in the microsoft windows media player media library



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist

    Description : list of recently used files in microsoft windows media player



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\mediaplayer\player\settings

    Description : last open directory used in jasc paint shop pro



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\mediaplayer\preferences

    Description : last playlist index loaded in microsoft windows media player



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\mediaplayer\preferences

    Description : last playlist loaded in microsoft windows media player



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\microsoft management console\recent file list

    Description : list of recent snap-ins used in the microsoft management console



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\access\settings

    Description : list of recently opened documents in microsoft access



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\common\general

    Description : list of recently used symbols in microsoft office



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\powerpoint\recent file list

    Description : list of recent files used by microsoft powerpoint



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\powerpoint\recent templates

    Description : list of recent templates used by microsoft powerpoint



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\powerpoint\recent typeface list

    Description : list of recently used typefaces in microsoft powerpoint



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\powerpoint\recentfolderlist

    Description : list of recent folders used by microsoft powerpoint



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\powerpoint\recenttemplatelist

    Description : list of recent templates used by microsoft powerpoint



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\publisher\recent file list

    Description : list of recent files used by microsoft publisher



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\search assistant\acmru

    Description : list of recent search terms used with the search assistant



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list

    Description : list of files recently opened using microsoft paint



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list

    Description : list of recent files opened using wordpad



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

    Description : list of recent programs opened



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

    Description : list of recently saved files, stored according to file extension



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs

    Description : list of recent documents opened



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru

    Description : mru list for items opened in start | run



 MRU List Object Recognized!

    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

    Description : windows media sdk 



 MRU List Object Recognized!

    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

    Description : windows media sdk 



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows media\wmsdk\general

    Description : windows media sdk 



 MRU List Object Recognized!

    Location: : S-1-5-21-329068152-562591055-725345543-1003\software\winrar\dialogedithistory\extrpath

    Description : winrar "extract-to" history



Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


#:1 [smss.exe]

    FilePath : \SystemRoot\System32\

    ProcessID : 696

    ThreadCreationTime : 2006-12-05 00:59:41

    BasePriority : Normal



#:2 [csrss.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 784

    ThreadCreationTime : 2006-12-05 00:59:47

    BasePriority : Normal



#:3 [winlogon.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 808

    ThreadCreationTime : 2006-12-05 00:59:48

    BasePriority : High



#:4 [services.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 852

    ThreadCreationTime : 2006-12-05 00:59:49

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : System operacyjny Microsoft® Windows®

    CompanyName : Microsoft Corporation

    FileDescription : Usługi i aplikacja Kontroler

    InternalName : services.exe

    LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone.

    OriginalFilename : services.exe


#:5 [lsass.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 864

    ThreadCreationTime : 2006-12-05 00:59:49

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : LSA Shell (Export Version)

    InternalName : lsass.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : lsass.exe


#:6 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1024

    ThreadCreationTime : 2006-12-05 00:59:50

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe


#:7 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1092

    ThreadCreationTime : 2006-12-05 00:59:50

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe


#:8 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1128

    ThreadCreationTime : 2006-12-05 00:59:50

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe


#:9 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1200

    ThreadCreationTime : 2006-12-05 00:59:50

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe


#:10 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1252

    ThreadCreationTime : 2006-12-05 00:59:51

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe


#:11 [spoolsv.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1360

    ThreadCreationTime : 2006-12-05 00:59:52

    BasePriority : Normal

    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

    ProductVersion : 5.1.2600.2696

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Spooler SubSystem App

    InternalName : spoolsv.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : spoolsv.exe


#:12 [avp.exe]

    FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\

    ProcessID : 1552

    ThreadCreationTime : 2006-12-05 00:59:58

    BasePriority : Normal

    FileVersion : 6.0.0.299

    ProductVersion : 6.0.0.299

    ProductName : Kaspersky Anti-Virus

    CompanyName : Kaspersky Lab

    FileDescription : Kaspersky Anti-Virus

    InternalName : AVP

    LegalCopyright : Copyright © Kaspersky Lab 1996-2006.

    LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.

    OriginalFilename : AVP.EXE


#:13 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1636

    ThreadCreationTime : 2006-12-05 00:59:58

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe


#:14 [wdfmgr.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1696

    ThreadCreationTime : 2006-12-05 00:59:58

    BasePriority : Normal

    FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)

    ProductVersion : 5.2.3790.1230

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Windows User Mode Driver Manager

    InternalName : WdfMgr

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : WdfMgr.exe


#:15 [wgatray.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 228

    ThreadCreationTime : 2006-12-05 01:00:04

    BasePriority : Normal

    FileVersion : 1.5.0554.0

    ProductVersion : 1.5.0554.0

    ProductName : Windows Genuine Advantage

    CompanyName : Microsoft Corporation

    FileDescription : Windows Genuine Advantage Notification

    InternalName : WgaNotify

    LegalCopyright : © 1995-2006 Microsoft Corporation

    OriginalFilename : WgaTray.exe


#:16 [explorer.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 276

    ThreadCreationTime : 2006-12-05 01:00:05

    BasePriority : Normal

    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 6.00.2900.2180

    ProductName : System operacyjny Microsoft® Windows®

    CompanyName : Microsoft Corporation

    FileDescription : Eksplorator Windows

    InternalName : explorer

    LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone.

    OriginalFilename : EXPLORER.EXE


#:17 [alg.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 356

    ThreadCreationTime : 2006-12-05 01:00:07

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Application Layer Gateway Service

    InternalName : ALG.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : ALG.exe


#:18 [opztskaner.exe]

    FilePath : F:\Mrowencja\Progsy\ochraniacz\

    ProcessID : 1160

    ThreadCreationTime : 2006-12-05 01:00:14

    BasePriority : Normal

    FileVersion : 1.00

    ProductVersion : 1.00

    ProductName : OPZTskaner

    CompanyName : BENAROM

    InternalName : OPZTskaner

    OriginalFilename : OPZTskaner.exe


#:19 [avp.exe]

    FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\

    ProcessID : 1208

    ThreadCreationTime : 2006-12-05 01:00:14

    BasePriority : Normal

    FileVersion : 6.0.0.299

    ProductVersion : 6.0.0.299

    ProductName : Kaspersky Anti-Virus

    CompanyName : Kaspersky Lab

    FileDescription : Kaspersky Anti-Virus

    InternalName : AVP

    LegalCopyright : Copyright © Kaspersky Lab 1996-2006.

    LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.

    OriginalFilename : AVP.EXE


#:20 [bitcomet.exe]

    FilePath : C:\Program Files\BitComet\

    ProcessID : 3812

    ThreadCreationTime : 2006-12-05 01:22:15

    BasePriority : Normal

    FileVersion : 0.70

    ProductVersion : 0.70

    ProductName : BitComet

    CompanyName : www.BitComet.com

    FileDescription : BitComet - a BitTorrent Client

    InternalName : BitComet.exe

    LegalCopyright : Copyright(C) 2003-2005 All Rights Reserved.


#:21 [firefox.exe]

    FilePath : C:\Program Files\Mozilla Firefox\

    ProcessID : 2236

    ThreadCreationTime : 2006-12-05 09:36:46

    BasePriority : Normal



#:22 [ad-aware.exe]

    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

    ProcessID : 536

    ThreadCreationTime : 2006-12-05 13:02:58

    BasePriority : Normal

    FileVersion : 6.2.0.236

    ProductVersion : SE 106

    ProductName : Lavasoft Ad-Aware SE

    CompanyName : Lavasoft Sweden

    FileDescription : Ad-Aware SE Core application

    InternalName : Ad-Aware.exe

    LegalCopyright : Copyright © Lavasoft AB Sweden

    OriginalFilename : Ad-Aware.exe

    Comments : All Rights Reserved


Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 37



Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 37



Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 37



Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 37




Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


 Win32.TrojanClicker Object Recognized!

    Type : File

    Data : 00000004.bak

    TAC Rating : 10

    Category : Malware

    Comment : 

    Object : C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\eb0.7A9B8CB601C71866.history\

    FileVersion : 5.2600

    ProductVersion : 5.2600

    ProductName : msqnr16

    InternalName : msqnr16

    OriginalFilename : msqnr16.exe



Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38



Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Disk Scan Result for D:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38



Deep scanning and examining files (E:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Disk Scan Result for E:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38



Deep scanning and examining files (F:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Disk Scan Result for F:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38



Deep scanning and examining files (H:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Disk Scan Result for H:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38



Deep scanning and examining files (I:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Disk Scan Result for I:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38



Deep scanning and examining files (J:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Disk Scan Result for J:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38



Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

4393 entries scanned.

New critical objects:0

Objects found so far: 38





Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38


14:29:29 Scan Complete


Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:25:42.797

Objects scanned:184923

Objects identified:1

Objects ignored:0

New critical objects:1