Logfile of HijackThis v1.99.1
Scan saved at 21:31:20, on 2006-12-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\winguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Mrówka\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NetBuster] C:\Documents and Settings\Mrówka\Pulpit\NetBuster.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\winguard.exe
O4 - HKLM\..\Run: [Skaner] F:\Mrowencja\Progsy\ochraniacz\OPZTskaner.exe
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe /tsr
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{18B10049-0ACF-4EB0-B23D-91713ECF9959}: NameServer = 153.19.250.100,153.19.120.250
O17 - HKLM\System\CS1\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
kwitek27
Proszę o lekturę poniższych tematów:
http://forum.dobreprogramy.pl/viewtopic.php?t=66889
http://forum.dobreprogramy.pl/viewtopic.php?t=36654
I proszę o dostosowanie się do zasad tam panujących:
-
- Proszę nazywać tematy konkretnie, aby było wiadomo, jaki problem masz.
AMm na kompie nastepujace szkodniki:advertising.com,HitBox,MediaPlex,Tradedoubler,Zedo.Kilkakrotnie usuwalam je Spybotem,ale dalej sie pojawiaja.Poza tym komputer zachowuje sie dziwnie.Czasami okna same mi sie zamykaja i nie moge wyciac plikow z pulpitu,bo pojawia sie komunikat,ze plik jest obecnie uzywany przez inny program(a nie jest).Czy mozliwe ze ktos mi sie wlamal?
Ściągasz narzędzie KillBox, zaznaczasz Delete on Reboot, potem klikasz All Files i wklejasz do pola Full Path of File to Delete ścieżkę:
C:\WINDOWS\system32\winguard.exe
Klikasz X i reset sysa.
W HJT zaznaczasz wpisy i klikasz na dole “Fix checked” :
Po zabiegach nowe logi z HiJacka oraz Silent Runners (zaznaczasz No i czekasz aż skończy pracować w tle).
w HJ po tym jak wcisnelam fix checked,kilknelam yes zamiast no;/Co teraz?
W HJT jak kliknęłaś “Fix checked” to jest ok
W Silencie masz zaznaczyć “No”.
Jest Ok
W HJT zaznaczasz wpisy i klikasz na dole “Fix checked” :
To jakiś Twój progs?
Otwórz notatnik i wklej w nim to:
Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG
Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa
Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.
opis tutaj
Pozatym przejrzyj: Lista zbędników w autostarcie
oraz Optymalizacja XP.
Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie.
juz sie robi.A ochraniacz moj.Zamyka strony pornograficzne,nie chce miec syfu na kompie,a ktos czasem lubi wlazic na takie stronki na moim kompie,wiec zablokowalam.
Złączono Posta : 03.12.2006 (Nie) 23:34
Pojawia sie blad w jv 16 PT po tym jak klikam start.chca zebym zaznaczyla co ma byc wyczyszczone
Złączono Posta : 03.12.2006 (Nie) 23:39
dokladnie pojawia sie:"BLAD!Nic nie zostalo zaznaczone."Tak ma byc?
Złączono Posta : 03.12.2006 (Nie) 23:52
i jeszcze jeden problem.Co to jest Run Dll32 cmicnfg?Mam to odznaczyc w autostracie?Boje sie ze cos popsuje:)Albo Nero checker?To chyba niepotrzebne?
Złączono Posta : 04.12.2006 (Pon) 12:08
Tradedoubler dalej siedzi;/
Złączono Posta : 04.12.2006 (Pon) 15:53
Juz o mnie zapomnieliscie:( Tak czy inaczej dzieki wielkie!Pozbylam sie troche tego syfu.Ale Tradedoubler zostal:(
Wrzuć nowe logi
Logfile of HijackThis v1.99.1
Scan saved at 18:30:54, on 2006-12-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
F:\Mrowencja\Progsy\ochraniacz\OPZTskaner.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Mrówka\Pulpit\mksvir2006setup.exe
C:\DOCUME~1\MRWKA~1\USTAWI~1\Temp\RarSFX0\wincheck.exe
C:\Documents and Settings\Mrówka\Pulpit\mksvir2006setup.exe
C:\DOCUME~1\MRWKA~1\USTAWI~1\Temp\RarSFX1\wincheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mrówka\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Skaner] F:\Mrowencja\Progsy\ochraniacz\OPZTskaner.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MKS_VIR_2006] C:\Program Files\MKS_VIR_2006\mks2006.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner2k7/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{18B10049-0ACF-4EB0-B23D-91713ECF9959}: NameServer = 153.19.250.100,153.19.120.250
O17 - HKLM\System\CS1\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS_VIR_2006\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS_VIR_2006\mks_scan.exe
Użyj tego narzędzia -> http://www.idg.pl/ftp/pc_9705/ATF.Cleaner…html i usuń nim wszystkie pliki tymczasowe
Zrób skan AVG AntySpyware 7.5 po update
Przeskanuj komputer programami Ad-aware SE Personal 1.06 oraz Spybot Search & Destroy 1.4
przeskanowalam AVG Anti-Spyware,ale podczas kasowania zainfekowanych plikow wyskoczylo:Error while deleting!A Spybot wciaz wykrywa Tradedoublera,usuwam go i przy kolejnym skanowaniu znowu Spybot go znajduje :-x
Nowe logi:
Logfile of HijackThis v1.99.1
Scan saved at 00:19:13, on 2006-12-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\MKS_VIR_2006\mksmonsv.exe
C:\WINDOWS\System32\svchost.exe
F:\Mrowencja\Progsy\ochraniacz\OPZTskaner.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\MKS_VIR_2006\mks2006.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MKS_VIR_2006\mks_scan.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mrówka\Pulpit\SEKJURITI\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Skaner] F:\Mrowencja\Progsy\ochraniacz\OPZTskaner.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [MKS_VIR_2006] C:\Program Files\MKS_VIR_2006\mks2006.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MailScanner] C:\Program Files\MKS_VIR_2006\Mks_mail.exe
O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2006\mksfirewall.dll
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner2k7/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{18B10049-0ACF-4EB0-B23D-91713ECF9959}: NameServer = 153.19.250.100,153.19.120.250
O17 - HKLM\System\CS1\Services\Tcpip\..\{16BD25D4-0C79-40E2-A63A-13D2079DCB95}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS_VIR_2006\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS_VIR_2006\mks_scan.exe
Złączono Posta : 05.12.2006 (Wto) 0:20
A RESZTE ZALECEN TEZ OCZYWISCIE WYKONALAM:)
Log jest ok. Tradedoubler to wynik używania IE i jeśli będzie on Twoją przeglądarką, to Tradedoublera będziesz mieć zawsze i od razu po jej otwarciu. Na Twoim miejscu - używałabym liska tak jak teraz, albo Operki
Poza tym - masz 2 antywiry, zdecyduj się, bo jednego trzeba usunąć.
No dobrze,nie uzywam juz IE.Ale czy jest jakis sposob na pozbycie sie tego Trdadoublera?Usunelam go Spybotem,nie wchodzilam do netu przez IE a on dalej jest.Czy w ogole mozna wyrzucic calkiem IE?
Hmm spróbuj Ad-aware, u mnie Tradedoublera wykosił bez problemu i skutecznie.
Co do IE - odpowiedź brzmi: nie. Jest on niestety integralną częścią systemu operacyjnego i jeśli spróbujesz go wyciąć, system się posypie
Ad-aware nie wykryl mi Tradedoublera,za to wykryl TrojanClicker.Chyba format musze zrobic co?
Chyba nie
Pokaż raport z Ad-aware, określ, gdzie dokładnie wykrywa tego trojana.
Win32.TrojanClicker zlokalizowany:C:\Documents and Settings\All Users\Dane Aplikacji\Kaspersky Lab\A VP6\PdmHist\eb0.7 A9B8CB601C71866.history\00000004.bak
Logi:
Ad-Aware SE Build 1.06r1
Logfile Created on:5 grudnia 2006 14:03:46
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R136 04.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):37 total references
Win32.TrojanClicker(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
2006-12-05 14:03:46 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Mrówka\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\access\settings
Description : list of recently opened documents in microsoft access
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\office\11.0\publisher\recent file list
Description : list of recent files used by microsoft publisher
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-329068152-562591055-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 696
ThreadCreationTime : 2006-12-05 00:59:41
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 2006-12-05 00:59:47
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 808
ThreadCreationTime : 2006-12-05 00:59:48
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 2006-12-05 00:59:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : System operacyjny Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Usługi i aplikacja Kontroler
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 2006-12-05 00:59:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 2006-12-05 00:59:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1092
ThreadCreationTime : 2006-12-05 00:59:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1128
ThreadCreationTime : 2006-12-05 00:59:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1200
ThreadCreationTime : 2006-12-05 00:59:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1252
ThreadCreationTime : 2006-12-05 00:59:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1360
ThreadCreationTime : 2006-12-05 00:59:52
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [avp.exe]
FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\
ProcessID : 1552
ThreadCreationTime : 2006-12-05 00:59:58
BasePriority : Normal
FileVersion : 6.0.0.299
ProductVersion : 6.0.0.299
ProductName : Kaspersky Anti-Virus
CompanyName : Kaspersky Lab
FileDescription : Kaspersky Anti-Virus
InternalName : AVP
LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : AVP.EXE
#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1636
ThreadCreationTime : 2006-12-05 00:59:58
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:14 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1696
ThreadCreationTime : 2006-12-05 00:59:58
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:15 [wgatray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 228
ThreadCreationTime : 2006-12-05 01:00:04
BasePriority : Normal
FileVersion : 1.5.0554.0
ProductVersion : 1.5.0554.0
ProductName : Windows Genuine Advantage
CompanyName : Microsoft Corporation
FileDescription : Windows Genuine Advantage Notification
InternalName : WgaNotify
LegalCopyright : © 1995-2006 Microsoft Corporation
OriginalFilename : WgaTray.exe
#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 276
ThreadCreationTime : 2006-12-05 01:00:05
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : System operacyjny Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eksplorator Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone.
OriginalFilename : EXPLORER.EXE
#:17 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 356
ThreadCreationTime : 2006-12-05 01:00:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:18 [opztskaner.exe]
FilePath : F:\Mrowencja\Progsy\ochraniacz\
ProcessID : 1160
ThreadCreationTime : 2006-12-05 01:00:14
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : OPZTskaner
CompanyName : BENAROM
InternalName : OPZTskaner
OriginalFilename : OPZTskaner.exe
#:19 [avp.exe]
FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\
ProcessID : 1208
ThreadCreationTime : 2006-12-05 01:00:14
BasePriority : Normal
FileVersion : 6.0.0.299
ProductVersion : 6.0.0.299
ProductName : Kaspersky Anti-Virus
CompanyName : Kaspersky Lab
FileDescription : Kaspersky Anti-Virus
InternalName : AVP
LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : AVP.EXE
#:20 [bitcomet.exe]
FilePath : C:\Program Files\BitComet\
ProcessID : 3812
ThreadCreationTime : 2006-12-05 01:22:15
BasePriority : Normal
FileVersion : 0.70
ProductVersion : 0.70
ProductName : BitComet
CompanyName : www.BitComet.com
FileDescription : BitComet - a BitTorrent Client
InternalName : BitComet.exe
LegalCopyright : Copyright(C) 2003-2005 All Rights Reserved.
#:21 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2236
ThreadCreationTime : 2006-12-05 09:36:46
BasePriority : Normal
#:22 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 536
ThreadCreationTime : 2006-12-05 13:02:58
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.TrojanClicker Object Recognized!
Type : File
Data : 00000004.bak
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab\AVP6\PdmHist\eb0.7A9B8CB601C71866.history\
FileVersion : 5.2600
ProductVersion : 5.2600
ProductName : msqnr16
InternalName : msqnr16
OriginalFilename : msqnr16.exe
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38
Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38
Deep scanning and examining files (I:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for I:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38
Deep scanning and examining files (J:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for J:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
4393 entries scanned.
New critical objects:0
Objects found so far: 38
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38
14:29:29 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:25:42.797
Objects scanned:184923
Objects identified:1
Objects ignored:0
New critical objects:1