Wirus spamer jak go usunąć

Mr.Irek · 3 Wrzesień 2007 19:18

Sprawdzcie prosze czy nie mam wirusa ktory rozsyla spamy z mojego kompa? Przesylam logi

Logfile of HijackThis v1.99.1 Scan saved at 21:06:45, on 2007-09-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\Ahead\InCD\InCDsrv.exe H:\WINDOWS\Explorer.EXE H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\RTHDCPL.EXE H:\WINDOWS\system32\RunDLL32.exe H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe H:\Program Files\lg_fwupdate\fwupdate.exe H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe H:\Program Files\Picasa2\PicasaMediaDetector.exe H:\Program Files\Common Files\Symantec Shared\ccApp.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Messenger\msmsgs.exe H:\Program Files\Skype\Phone\Skype.exe H:\WINDOWS\ATKKBService.exe H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe H:\Program Files\Common Files\LightScribe\LSSrvc.exe H:\Program Files\Norton AntiVirus\navapsvc.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Skype\Plugin Manager\SkypePM.exe H:\WINDOWS\system32\wuauclt.exe H:\Program Files\Internet Explorer\iexplore.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Gadu-Gadu\gg.exe H:\Program Files\Outlook Express\msimn.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\ANTYWIRUSY\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - H:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] “H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LGODDFU] “H:\Program Files\lg_fwupdate\fwupdate.exe” blrun O4 - HKLM…\Run: [sunJavaUpdateSched] “H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM…\Run: [ccApp] H:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM…\Run: [ccRegVfy] H:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM…\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Onet.pl AutoUpdate] “H:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” /updateexetsr O4 - HKCU…\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “H:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bitComet] “H:\Program Files\BitComet\BitComet.exe” O4 - HKCU…\Run: [skype] “H:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [OM_Monitor] H:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU…\Run: [Gadu-Gadu] “H:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [NBJ] “H:\Program Files\Ahead\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [eMuleAutoStart] H:\Program Files\eMule\emule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download all links using BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - H:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe “Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “H:\WINDOWS\system32\ctfmon.exe” [MS] “MSMSGS” = ““H:\Program Files\Messenger\msmsgs.exe” /background” [MS] “BitComet” = ““H:\Program Files\BitComet\BitComet.exe”” [“www.BitComet.com”] “Skype” = ““H:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “OM_Monitor” = “H:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart” [file not found] “Gadu-Gadu” = ““H:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “NBJ” = ““H:\Program Files\Ahead\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”] “eMuleAutoStart” = “H:\Program Files\eMule\emule.exe -AutoStart” [“http://www.emule-project.net”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “NvCplDaemon” = “RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS] “RemoteControl” = ““H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “LGODDFU” = ““H:\Program Files\lg_fwupdate\fwupdate.exe” blrun” [“BL”] “SunJavaUpdateSched” = ““H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “Picasa Media Detector” = “H:\Program Files\Picasa2\PicasaMediaDetector.exe” [“Google Inc.”] “ccApp” = “H:\Program Files\Common Files\Symantec Shared\ccApp.exe” [“Symantec Corporation”] “ccRegVfy” = “H:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe” [“Symantec Corporation”] “NeroFilterCheck” = “H:\WINDOWS\system32\NeroCheck.exe” [“Nero AG”] “Onet.pl AutoUpdate” = ““H:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” /updateexetsr” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)” -> {HKLM…CLSID} = “Skype add-on (mastermind)” \InProcServer32(Default) = “H:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “H:\Program Files\BitComet\tools\BitCometBHO.dll” [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] {BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = “NAV Helper” -> {HKLM…CLSID} = “CNavExtBho Class” \InProcServer32(Default) = “H:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “H:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “H:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “H:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “H:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “H:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “H:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “H:\Program Files\WinRAR\rarext.dll” [null data] “{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW” -> {HKLM…CLSID} = “Shell Extension for CDRW” \InProcServer32(Default) = “H:\Program Files\Ahead\InCD\incdshx.dll” [“Nero AG”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “H:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“GRISOFT s.r.o.”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “H:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “H:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “H:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“GRISOFT s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “H:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “H:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “H:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “H:\WINDOWS\ACD Wallpaper.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “H:\WINDOWS\ACD Wallpaper.bmp” Active Desktop web content (hidden if disabled): HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ “FriendlyName” = “” “Source” = “http://photos.allegro.pl/photos/oryginal/17/1791/179196/17919675/179196757” “SubscribedURL” = “http://photos.allegro.pl/photos/oryginal/17/1791/179196/17919675/179196757” Startup items in “Kasia” & “All Users” startup folders: ------------------------------------------------------- H:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” -> shortcut to: “H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] Enabled Scheduled Tasks: ------------------------ “Norton AntiVirus - Scan my computer” -> launches: “H:\PROGRA~1\NORTON~1\NAVW32.exe /task:H:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca” [“Symantec Corporation”] “Symantec NetDetect” -> launches: “H:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “H:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “H:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” = “Norton AntiVirus” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “H:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_02” \InProcServer32(Default) = “H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_02” \InProcServer32(Default) = “H:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll” [“Sun Microsystems, Inc.”] {77BF5300-1474-4EC7-9980-D32B190E9B07}\ “ButtonText” = “Skype” “CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}” -> {HKLM…CLSID} = “Skype add-on (button)” \InProcServer32(Default) = “H:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL” [“Skype Technologies S.A.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “H:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ATK Keyboard Service, ATKKeyboardService, “H:\WINDOWS\ATKKBService.exe” [“ASUSTeK COMPUTER INC.”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“GRISOFT s.r.o.”] InCD Helper, InCDsrv, “H:\Program Files\Ahead\InCD\InCDsrv.exe” [“Nero AG”] LightScribeService Direct Disc Labeling Service, LightScribeService, ““H:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Norton AntiVirus Auto Protect Service, navapsvc, “H:\Program Files\Norton AntiVirus\navapsvc.exe” [“Symantec Corporation”] NVIDIA Display Driver Service, NVSvc, “H:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Symantec Event Manager, ccEvtMgr, ““H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] ---------- (launch time: 2007-09-03 21:14:57) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 57 seconds, including 8 seconds for message boxes)

Vader666 · 3 Wrzesień 2007 19:27

Daj log z Combofix

Mr.Irek · 3 Wrzesień 2007 19:49

Chyba nie potrafie tego zrobic. Jakos dziwny jest ten Combofix A czy te sa czyste? bo czuje ze mam wirusa ktory rozsyla mi spam z kompa i na moim IP bo mi outlook zablokowal poczte wychodzaca

Krzychuu · 3 Wrzesień 2007 20:11

Opis ComboFixa zanjdziesz tutaj:

http://www.bezpieczenstwosystemow.pl/in … topic=18.0

Mr.Irek · 5 Wrzesień 2007 19:23

Niestety mimo usilnych staran ten program u mnie nie dziala a problem mam nadalk. Nadal nie moge wysylac maili przez outlooka bo mam zablokowane IP. Czy da sie to jakos naprawic? co moge jeszcze zrobic?

adam9870 · 5 Wrzesień 2007 19:27

Logi są ok.

W takim razie wklej log z narzędzia Deckard’s System Scanner.

Mr.Irek · 5 Wrzesień 2007 20:00

Ok prosze bardzo

Deckard’s System Scanner v20070826.66 Run by Kasia on 2007-09-05 21:53:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created a Deckard’s System Scanner Restore Point. – Last 5 Restore Point(s) – 69: 2007-09-05 19:53:58 UTC - RP181 - Deckard’s System Scanner Restore Point 68: 2007-09-05 18:40:56 UTC - RP180 - ComboFix created restore point 67: 2007-09-04 19:09:39 UTC - RP179 - Punkt kontrolny systemu 66: 2007-09-03 15:24:10 UTC - RP178 - Punkt kontrolny systemu 65: 2007-08-31 19:19:58 UTC - RP177 - Punkt kontrolny systemu – First Restore Point – 1: 2007-06-11 18:16:54 UTC - RP113 - Punkt kontrolny systemu Backed up registry hives. Performed disk cleanup. Percentage of Memory in Use: 83% (more than 75%). Total Physical Memory: 256 MiB (512 MiB recommended). – HijackThis (run as Kasia.exe) ----------------------------------------------- Unable to find log (file not found); running clone. – HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-09-05 21:55:12 Platform: Windows XP Dodatek Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Running processes: H:\WINDOWS\system32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Ahead\InCD\InCDsrv.exe H:\WINDOWS\explorer.exe H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\RTHDCPL.exe H:\WINDOWS\system32\rundll32.exe H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe H:\Program Files\lg_fwupdate\fwupdate.exe H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe H:\Program Files\Picasa2\PicasaMediaDetector.exe H:\WINDOWS\ATKKBService.exe H:\Program Files\Common Files\Symantec Shared\ccApp.exe H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Messenger\msmsgs.exe H:\Program Files\Skype\Phone\Skype.exe H:\Program Files\Gadu-Gadu\gg.exe H:\Program Files\Common Files\LightScribe\LSSrvc.exe H:\Program Files\Norton AntiVirus\Navapsvc.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Skype\Plugin Manager\skypePM.exe H:\WINDOWS\system32\wuauclt.exe H:\Program Files\Outlook Express\msimn.exe H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Documents and Settings\Kasia\Pulpit\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - H:\Program Files\Norton AntiVirus\NAVShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton AntiVirus\NAVShExt.dll O4 - HKEY_LOCAL_MACHINE…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKEY_LOCAL_MACHINE…\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKEY_LOCAL_MACHINE…\Run: [nwiz] nwiz.exe /install O4 - HKEY_LOCAL_MACHINE…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKEY_LOCAL_MACHINE…\Run: [RemoteControl] “H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKEY_LOCAL_MACHINE…\Run: [LGODDFU] “H:\Program Files\lg_fwupdate\fwupdate.exe” blrun O4 - HKEY_LOCAL_MACHINE…\Run: [sunJavaUpdateSched] “H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKEY_LOCAL_MACHINE…\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKEY_LOCAL_MACHINE…\Run: [ccApp] H:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKEY_LOCAL_MACHINE…\Run: [ccRegVfy] H:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKEY_LOCAL_MACHINE…\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKEY_LOCAL_MACHINE…\Run: [Onet.pl AutoUpdate] “H:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” /updateexetsr O4 - HKCU…\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “H:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bitComet] “H:\Program Files\BitComet\BitComet.exe” O4 - HKCU…\Run: [skype] “H:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [OM_Monitor] H:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU…\Run: [Gadu-Gadu] “H:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [NBJ] “H:\Program Files\Ahead\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [eMuleAutoStart] H:\Program Files\eMule\emule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download all links using BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll O9 - Extra ‘Tools’ menuitem: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra ‘Tools’ menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/sh … tor/sw.cab O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh … wflash.cab O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - H:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - “H:\Program Files\Common Files\LightScribe\LSSrvc.exe” – File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 asuskbnt (Enhanced Display Driver Helper Service) - h:\windows\system32\drivers\atkkbnt.sys R1 cdrbsdrv - h:\windows\system32\drivers\cdrbsdrv.sys R2 EIO - h:\windows\system32\drivers\eio.sys R3 catchme - h:\docume~1\kasia\ustawi~1\temp\catchme.sys (file missing) R3 pfc (Padus ASPI Shell) - h:\windows\system32\drivers\pfc.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ATKKeyboardService (ATK Keyboard Service) - h:\windows\atkkbservice.exe – Device Manager: Disabled ---------------------------------------------------- No disabled devices found. – Scheduled Tasks ------------------------------------------------------------- 2007-09-05 20:59:34 412 --a------ H:\WINDOWS\Tasks\Symantec NetDetect.job 2007-08-17 23:26:36 464 --a------ H:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job – Files created between 2007-08-05 and 2007-09-05 ----------------------------- 2007-08-20 16:09:51 0 d-------- H:\Program Files\Common Files\Onet.pl 2007-08-18 22:30:39 307200 --a------ H:\WINDOWS\IsUn0415.exe – Find3M Report --------------------------------------------------------------- 2007-09-05 21:47:59 0 d-------- H:\Documents and Settings\Kasia\Dane aplikacji\Skype 2007-09-05 20:59:06 0 d-------- H:\Program Files\eMule 2007-09-05 20:59:06 0 d-------- H:\Program Files\Common Files\Symantec Shared 2007-09-05 20:58:43 0 d-------- H:\Program Files\lg_fwupdate 2007-08-28 21:40:04 43520 --a------ H:\WINDOWS\system32\CmdLineExt03.dll 2007-08-28 20:37:17 0 d-------- H:\Program Files\Google 2007-08-28 10:44:47 0 d-------- H:\Program Files\Java 2007-08-20 16:09:51 0 d-a------ H:\Program Files\Common Files 2007-08-20 16:09:51 0 d-------- H:\Documents and Settings\Kasia\Dane aplikacji\Kamerzysta 2007-08-20 16:09:51 0 d-------- H:\Documents and Settings\Kasia\Dane aplikacji\AutoUpdate 2007-08-18 22:37:15 0 d-------- H:\Documents and Settings\Kasia\Dane aplikacji\Adobe 2007-08-18 22:34:40 0 d-------- H:\Program Files\Common Files\Adobe 2007-07-29 17:36:21 0 d-------- H:\Program Files\Picasa2 2007-07-23 20:22:17 0 d–h----- H:\Program Files\InstallShield Installation Information 2007-07-22 18:30:00 0 d-------- H:\Documents and Settings\Kasia\Dane aplikacji\Free Spider TreeCardGames 2007-07-17 22:33:51 0 d-------- H:\Program Files\Winamp 2007-07-09 20:27:10 0 d-------- H:\Program Files\AskTBar 2007-07-09 18:41:55 0 d-------- H:\Program Files\Ahead 2007-07-09 18:33:02 0 d-------- H:\Program Files\Common Files\Ahead 2007-07-06 17:52:56 0 d-------- H:\Program Files\Gadu-Gadu – Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RTHDCPL”=“RTHDCPL.EXE” [2006-06-13 14:05 H:\WINDOWS\RTHDCPL.exe] “NvCplDaemon”=“H:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22] “nwiz”=“nwiz.exe” [2006-06-01 11:22 H:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 H:\WINDOWS\system32\nvmctray.dll] “RemoteControl”=“H:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 21:24] “LGODDFU”=“H:\Program Files\lg_fwupdate\fwupdate.exe” [2007-04-05 15:46] “SunJavaUpdateSched”=“H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “Picasa Media Detector”=“H:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-06-16 01:15] “ccApp”=“H:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2002-08-19 22:22] “ccRegVfy”=“H:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe” [2002-08-19 22:23] “NeroFilterCheck”=“H:\WINDOWS\system32\NeroCheck.exe” [2006-01-12 15:40] “Onet.pl AutoUpdate”=“H:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“H:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “MSMSGS”=“H:\Program Files\Messenger\msmsgs.exe” [2004-08-04 01:55] “BitComet”=“H:\Program Files\BitComet\BitComet.exe” [2007-01-19 13:51] “Skype”=“H:\Program Files\Skype\Phone\Skype.exe” [2007-01-29 16:51] “OM_Monitor”=“H:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe” [] “Gadu-Gadu”=“H:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “NBJ”=“H:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2006-09-15 13:27] “eMuleAutoStart”=“H:\Program Files\eMule\emule.exe” [2006-09-14 16:15] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] H:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “H:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “H:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] H:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7a6f0492-ab5b-11db-8bc9-e6d999d5b420}] AutoRun\command- J:\Autorun.exe /run Shell00\Command- J:\Autorun.exe /run Shell01\Command- J:\Autorun.exe /action Shell02\Command- J:\Autorun.exe /uninstall – End of Deckard’s System Scanner: finished at 2007-09-05 21:56:37 ------------

Moze cos tu sie znajdzie.

Bieniol · 5 Wrzesień 2007 21:10

Nie widzę nic niepokojącego. Zrób skan AVG AntySpyware 7.5 po update i podziel się z nami raportem

Mr.Irek · 6 Wrzesień 2007 16:06

No przeszukalem kompa AVG. Znalazlo mi trojana.inject.baa oraz backdoor.theff.111 ale nie mam zadnego raportu. Czy nie zaznaczylem jakiejs opcji aby sie ten raport pojawil?

Złączono Posta : 06.09.2007 (Czw) 18:08

chyba ze cos takiego to raport

--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 18:07 2007-09-06 + Scan result: I:\Karol\DVD I DIVX\DivXPack_5_02-006.exe -> Adware.Gator : No action taken. I:\Karol\DTS Tools ( DVD Audio 5.1 AC To DTS )\SurCode CD-pro DTS 1.0.9\Crack\sccdprodts.exe -> Backdoor.Theef.111 : No action taken. H:\Documents and Settings\Kasia\Cookies\kasia@3.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken. H:\Documents and Settings\Kasia\Cookies\kasia@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken. H:\Documents and Settings\Kasia\Cookies\kasia@auto.search.msn[1].txt -> TrackingCookie.Msn : No action taken. H:\Documents and Settings\Kasia\Cookies\kasia@navrcholu[2].txt -> TrackingCookie.Navrcholu : No action taken. H:\Documents and Settings\Kasia\Cookies\kasia@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken. H:\Documents and Settings\Kasia\Cookies\kasia@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken. H:\Documents and Settings\Kasia\Cookies\kasia@yadro[1].txt -> TrackingCookie.Yadro : No action taken. H:\System Volume Information_restore{39BAFB8B-24C3-4E86-8353-A8FC8347D48B}\RP129\A0033097.exe -> Trojan.Inject.ba : No action taken. ::Report end

Gutek · 6 Wrzesień 2007 19:31

temat zamykam wyjaśnij na PW co robią u ciebie cracki?