Problem


(123448) #1

ETD Security Scanner po każdym właczeniu komputera i przeskanowaniu owym programem wykrywa mi następujace rzeczy: (one tylko się pojawiaja jak skanuje poraz 1 tym ETD system a jak za drugim razem robie scan żeby się upewnić to jest dobrze)

*** ETD Security Scanner v3.0 Professional ***

*** Report generated at 05-02-14 12:49:27 ***

Suspicious items found: 34

[- Item 1 -]

File name: C:\WINDOWS*.bat

CRC verified: No

Description: Win32.Swen.A / N/A

Product Name: Not defined

Product Version: Not defined

File Version: Not defined

File Description: Not defined

Private Build: Not defined

Special Build: Not defined

Company Name: Not defined

Internal Name: Not defined

Original FileName: Not defined

Legal Copyright: Not defined

Legal Trademarks: Not defined

Comments: Not defined

[- Item 2 -]

Registry key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\userassist{75048700-ef1f-11d0-9888-006097deacf9}\count

CRC verified: N/A

Description: NGD Dialer (Adware) / NGD Dialer is a dialer that has the ability to hijack your modem and dial toll numbers that access paid...

[- Item 3 -]

Registry key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices

CRC verified: N/A

Description: 711 Trojan (Trojan Horse) / 711 Trojan is a remote access trojan with the ability to disable anti-virus and firewall programs....

[- Item 4 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: BoonPie / N/A

[- Item 5 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: BoonPie / N/A

[- Item 6 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: CoolWebSearch / N/A

[- Item 7 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: CoolWebSearch / N/A

[- Item 8 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Jumpincowz IRC Vulnerability / N/A

[- Item 9 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Jumpincowz IRC Vulnerability / N/A

[- Item 10 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Litmus / N/A

[- Item 11 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Litmus / N/A

[- Item 12 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Lop / N/A

[- Item 13 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Lop / N/A

[- Item 14 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Sex Farm Gmbx / N/A

[- Item 15 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Sex Farm Gmbx / N/A

[- Item 16 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Trojan.Win32.Ilka32 / N/A

[- Item 17 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Trojan.Win32.Ilka32 / N/A

[- Item 18 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: UTWente-NL / N/A

[- Item 19 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: UTWente-NL / N/A

[- Item 20 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Backdoor.Agobot / N/A

[- Item 21 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Backdoor.Agobot / N/A

[- Item 22 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Backdoor.RBot / N/A

[- Item 23 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Backdoor.RBot / N/A

[- Item 24 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Backdoor.SDBot / N/A

[- Item 25 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Backdoor.SDBot / N/A

[- Item 26 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Kwbot.C / N/A

[- Item 27 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Kwbot.C / N/A

[- Item 28 -]

Registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Kwbot.P / N/A

[- Item 29 -]

Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.Kwbot.P / N/A

[- Item 30 -]

Registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.RD-Bot Trojan / N/A

[- Item 31 -]

Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: Win32.RD-Bot Trojan / N/A

[- Item 32 -]

Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: XXOR / N/A

[- Item 33 -]

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

CRC verified: N/A

Description: XXOR / N/A

[- Item 34 -]

Registry key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservicesonce

CRC verified: N/A

Description: Death (Trojan Horse) / Death is a remote access trojan that allows an unauthorized user to access your certain aspects of your computer....

jeżeli macie chwilke czasu to poprosze o wasza pomoc :frowning:


(Bad Boy 85) #2

zrób skan jakimś natyvirem online a najlepiej wklej log z hjackt.


(123448) #3

chodzi ci log z Hijacka ?

inne programy od spyware nic nie wykrywaja tylko z tym ETD coś nie tak jest

prosze oto log:

Logfile of HijackThis v1.99.0

Scan saved at 13:03:37, on 05-02-14

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MON.EXE

C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE

C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE

C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE

C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE

C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE

C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_SCAN.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\WINAMP\WINAMP.EXE

C:\PROGRAM FILES\SCANSPYWARE V3.8.0.4\SCANNER.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL

O4 - HKLM..\Run: [smcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui

O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe

O4 - HKLM..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe

O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM..\RunServices: [smcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui

O4 - HKLM..\RunServices: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM..\RunServices: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\RunServices: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM..\RunServices: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe

O4 - HKLM..\RunServices: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe

O4 - HKLM..\RunServices: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\RunServices: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\RunServices: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKCU..\Run: [ETD Security Scanner] "C:\PROGRAM FILES\ETD SECURITY SCANNER\ETD SECURITY SCANNER.EXE" /s

O4 - HKCU..\Run: [spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU..\RunServices: [ETD Security Scanner] "C:\PROGRAM FILES\ETD SECURITY SCANNER\ETD SECURITY SCANNER.EXE" /s

O4 - HKCU..\RunServices: [spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q

O4 - HKCU..\RunServices: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\RunServices: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.pcsecurityshield.com ... avxnew.dll

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = O17 - HKLM\System\CCS\Services\VxD\MSTCP:

NameServer =


(Musg) #4

log masz czysty


(123448) #5

nie może mi ktoś pomóc :x ? chodzi mi o ten 1 post !!