W czasie “surfowania” po internecie władował mi virus Trojan Downloader Agent Acd. Mój ArcaVir nie mógł go usunąć ani przenieść do kwarantanny ale po późniejszym skanowaniu systemu już go niebyło.
Żeby się upewnić że nic niemam daje loga do sprawdzenia:
Logfile of HijackThis v1.99.1
Scan saved at 15:42:31, on 06-01-08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOW\SYSTEM\KERNEL32.DLL
C:\WINDOW\SYSTEM\MSGSRV32.EXE
C:\WINDOW\SYSTEM\MPREXE.EXE
C:\WINDOW\SYSTEM\mmtask.tsk
C:\WINDOW\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ARCAVIR\BIN\NETMONSV.EXE
C:\WINDOW\EXPLORER.EXE
C:\WINDOW\SYSTEM\LVCOMS.EXE
C:\WINDOW\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ARCAVIR\BIN\ABMENU.EXE
C:\PROGRAM FILES\ARCAVIR\BIN\AVMON.EXE
C:\PROGRAM FILES\ARCAVIR\BIN\ABREGMON.EXE
C:\PROGRAM FILES\ARCAVIR\BIN\ARCASCAN.EXE
C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE
C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE
C:\WINDOW\SYSTEM\TAPISRV.EXE
C:\WINDOW\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WINDOW\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\PERFECT SERIES\OPTICAL MOUSE\3.0\MOUSE32A.EXE
C:\WINDOW\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\WINDOW\PULPIT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOW\SYSTEM\SAFEIE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOW\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOW\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVComs] C:\WINDOW\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOW\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 - HKLM\..\Run: [AVMON] C:\Program Files\ArcaVir\Bin\AVMon.exe
O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\ARCAVIR\BIN\ABregmon.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\ARCAVIR\BIN\NETMONSV.EXE
O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta - C:\PROGRAM FILES\WELLGET\nxall.htm
O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - C:\PROGRAM FILES\WELLGET\nxcatch.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .3gp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab