witam,
program spybot S&D wykrywa mi Smitfraud-C, nie mogę go usunąć, jego działalność objawia się odpalaniem IE (normalnie używam FF) i wchodzeniem na strony:
w FF także odpala mi jakieś, ale już nie tak często:
poniżej załączam logi:
Trend Micro HijackThis v2.0.0 (BETA)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:07:16, on 2007-05-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Avast4\ashDisp.exe
C:\WINDOWS\System32\hkcmd.exe
D:\Download\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {20B9CDC9-E6F4-472A-9E32-14D8DE912342} - C:\WINDOWS\system32\khffcbc.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programy\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\seleuivf.dll
O2 - BHO: (no name) - {75D43664-BBB4-4C42-B124-79A4F508FA13} - C:\WINDOWS\system32\rfensaji.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {884AF835-DC39-43D3-959C-C01678CE28B2} - C:\WINDOWS\system32\rqrpp.dll (file missing)
O2 - BHO: (no name) - {914C681F-6C16-4E9B-9DA1-7E743CA77076} - C:\WINDOWS\system32\efeba.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programy\FlashGet\getflash.dll
O4 - HKLM\..\Run: [STARTRIGHT] "D:\Programy\StartRight\StartRight.exe" -go
O4 - HKLM\..\RunOnce: [STARTRIGHT] "D:\Programy\StartRight\StartRight.exe" -pre
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Programy\AVI_TO_AMV\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - D:\Programy\AVI_TO_AMV\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Programy\AVI_TO_AMV\MediaManager\grab.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Programy\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\Programy\FlashGet\jc_all.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\Programy\AutoCad\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://D:\Programy\AutoCad\AcDcToday.ocx
O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Programy\AutoCad\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Programy\AutoCad\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: efeba - C:\WINDOWS\system32\efeba.dll
O20 - Winlogon Notify: khffcbc - khffcbc.dll (file missing)
O20 - Winlogon Notify: rqrpp - C:\WINDOWS\system32\rqrpp.dll (file missing)
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 4876 bytes
Silent Runners
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"STARTRIGHT" = ""D:\Programy\StartRight\StartRight.exe" -go " ["www.joejoesoft.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"STARTRIGHT" = ""D:\Programy\StartRight\StartRight.exe" -pre " ["www.joejoesoft.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{20B9CDC9-E6F4-472A-9E32-14D8DE912342}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\khffcbc.dll" [file not found]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch5 Class"
\InProcServer32\(Default) = "D:\Programy\FlashGet\jccatch.dll" ["FlashGet"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Programy\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{55DB983C-BDBF-426f-86F0-187B02DDA39B}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\seleuivf.dll" [null data]
{75D43664-BBB4-4C42-B124-79A4F508FA13}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\rfensaji.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
{884AF835-DC39-43D3-959C-C01678CE28B2}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\rqrpp.dll" [file not found]
{914C681F-6C16-4E9B-9DA1-7E743CA77076}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\efeba.dll" [null data]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "gFlash Class"
\InProcServer32\(Default) = "D:\Programy\FlashGet\getflash.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}" = "PSPad"
-> {HKLM...CLSID} = "PSPad"
\InProcServer32\(Default) = "D:\Programy\PSPADE~1\PSPADS~1.DLL" [null data]
"{1EBC3533-B289-409F-9924-B84B3F0717D2}" = "AceFTP Context Menu Shell Extension"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\ACEFTP~1\ftpcntxt.dll" ["Visicom Media Inc."]
"{7850a720-705f-11d0-a9eb-0080488625e5}" = "BestCrypt Shell Extension"
-> {HKLM...CLSID} = "BestCrypt Shell Extension"
\InProcServer32\(Default) = "D:\Programy\Shared\BCShExt.dll" ["Jetico, Inc."]
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {HKLM...CLSID} = "ImageExtractorShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {HKLM...CLSID} = "CInfoTipShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> "{20B9CDC9-E6F4-472A-9E32-14D8DE912342}" = "*n" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\khffcbc.dll" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> efeba\DLLName = "C:\WINDOWS\system32\efeba.dll" [null data]
<> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<> khffcbc\DLLName = "khffcbc.dll" [file not found]
<> rqrpp\DLLName = "C:\WINDOWS\system32\rqrpp.dll" [file not found]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AceFTP\(Default) = "{1EBC3533-B289-409F-9924-B84B3F0717D2}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\ACEFTP~1\ftpcntxt.dll" ["Visicom Media Inc."]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}"
-> {HKLM...CLSID} = "BestCrypt Shell Extension"
\InProcServer32\(Default) = "D:\Programy\Shared\BCShExt.dll" ["Jetico, Inc."]
PSPad\(Default) = "{8903F6C9-25E3-40AC-A98F-E6D35CD0469C}"
-> {HKLM...CLSID} = "PSPad"
\InProcServer32\(Default) = "D:\Programy\PSPADE~1\PSPADS~1.DLL" [null data]
TzShell\(Default) = "{B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}"
-> {HKLM...CLSID} = "TzShell"
\InProcServer32\(Default) = "D:\Programy\TUGZip\TzShell.dll" [file not found]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AceFTP\(Default) = "{1EBC3533-B289-409F-9924-B84B3F0717D2}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\ACEFTP~1\ftpcntxt.dll" ["Visicom Media Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" ["ALWIL Software"]
BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}"
-> {HKLM...CLSID} = "BestCrypt Shell Extension"
\InProcServer32\(Default) = "D:\Programy\Shared\BCShExt.dll" ["Jetico, Inc."]
FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
-> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"
\InProcServer32\(Default) = "D:\Programy\Abbyy Fine Reader\FECMenu.dll" ["ABBYY Software"]
TzShell\(Default) = "{B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}"
-> {HKLM...CLSID} = "TzShell"
\InProcServer32\(Default) = "D:\Programy\TUGZip\TzShell.dll" [file not found]
Default executables:
--------------------
HKLM\Software\Classes\.scr\(Default) = "AutoCADLTScriptFile"
<> HKLM\Software\Classes\AutoCADLTScriptFile\shell\open\command\(Default) = "C:\WINDOWS\NOTEPAD.EXE "%1"" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Dominik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "D:\Programy\FlashGet\flashget.exe" ["FlashGet.com"]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
STI Simulator, STI Simulator, "C:\WINDOWS\System32\PAStiSvc.exe" [null data]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
PDFCreator\Driver = "pdfcmnnt.dll" [null data]
----------
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 307 seconds, including 19 seconds for message boxes)
a to wyniki ze SpyBota jak dam “napraw”, to niby usuwa wszystko, ale potem na nowo to samo
Smitfraud-C.Toolbar888: Ustawienia (Klucz rejestru, nothing done)
HKEY_USERS\S-1-5-21-515967899-1060284298-1343024091-1003\Software\Microsoft\aldd
MediaPlex: Cookie wyszukujące (Internet Explorer: Dominik) (Cookie, nothing done)
MediaPlex: Cookie wyszukujące (Firefox: default) (Cookie, nothing done)
SystemDoctor2006: Cookie wyszukujące (Firefox: default) (Cookie, nothing done)
SystemDoctor2006: Cookie wyszukujące (Firefox: default) (Cookie, nothing done)
SystemDoctor2006: Cookie wyszukujące (Firefox: default) (Cookie, nothing done)
SystemDoctor2006: Cookie wyszukujące (Firefox: default) (Cookie, nothing done)
SystemDoctor2006: Cookie wyszukujące (Firefox: default) (Cookie, nothing done)
Winsoftware.WinAntiVirusPro2006: Cookie wyszukujące (Firefox: default) (Cookie, nothing done)
SystemDoctor2006: Cookie wyszukujące (Firefox: default) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-05-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-02 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-05-02 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-05-02 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-05-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-05-02 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-05-02 Includes\PUPSC.sbi (*)
2007-05-02 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-05-02 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-05-02 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-02 Includes\Trojans.sbi (*)
2007-05-02 Includes\TrojansC.sbi (*)
co do programu StartRight, to jego kontroluję, bo zawsze jak jakiś nowy program chce się odpalić razem z systemem, to mnie pyta, co z nim zrobić (ostatnio nie pozwoliłem na uruchomienie: rundll32.exe “C:\WINDOWS\System32\qhngfdbe.dll”)
bardzo proszę o pomoc
pozdrawiam serdecznie
Dominik
