Zaśmiecony komp koleżanki

Dla specjalistów Bezpieczeństwo
#1

Witam, koleżanka miała mnóstwo wirusów itp, pousuwała co mogła, ale nadal komp nie chodzi tak jak powinien, proszę o sprawdzenie i z góry dzięki za pomoc:

a z silentem sa problemy wyskakuje coś w stylu “dostep do hosta skryptow sys win jest wyl…”,

Złączono Posta : 04.01.2007 (Czw) 0:01

o udało się:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

"MSMSGS" = ""D:\Program Files\Messenger\msmsgs.exe" /background" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"BearShare" = ""D:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."]

"QuickTime Task" = ""D:\Program Files\QuickTime Alternative\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k"

"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]

"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVG7_CC" = "D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"mkstray" = "D:\Program Files\mks_vir_2007\bin\mkstray.exe" ["MKS Sp z o.o."]

"mks_mail" = "D:\Program Files\mks_vir_2007\bin\mks_mail.exe" ["MKS sp. z o. o."]

"MKSRegmon" = "D:\Program Files\mks_vir_2007\bin\mksregmon.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Google Toolbar Helper"

                   \InProcServer32\(Default) = "d:\program files\google\googletoolbar3.dll" ["Google Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}" = "ABBYYPDFContextMenuExtension"

  -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"

                   \InProcServer32\(Default) = "D:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll" ["ABBYY (BIT Software)"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

  -> {HKLM...CLSID} = "iTunes"

                   \InProcServer32\(Default) = "D:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"

  -> {HKLM...CLSID} = "ACTHUMBNAIL"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]

"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Ikona obsługi nakładki Podpisów cyfrowych AutoCAD"

  -> {HKLM...CLSID} = "AcSignIcon"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]

"{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}" = "Zinio Shell Extension"

  -> {HKLM...CLSID} = "Zinio Magazine"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."]

"{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}" = "Zinio Magazine Column Provider"

  -> {HKLM...CLSID} = "MyMagazinesColumn Class"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  -> {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]


HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}\(Default) = "Zinio Magazine Column Provider"

  -> {HKLM...CLSID} = "MyMagazinesColumn Class"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ABBYYPDFContextMenuExtension\(Default) = "{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}"

  -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"

                   \InProcServer32\(Default) = "D:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll" ["ABBYY (BIT Software)"]

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"

  -> {HKLM...CLSID} = "MkS_Vir Shell Extension"

                   \InProcServer32\(Default) = "D:\Program Files\mks_vir_2007\bin\mksshell.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"

  -> {HKLM...CLSID} = "MkS_Vir Shell Extension"

                   \InProcServer32\(Default) = "D:\Program Files\mks_vir_2007\bin\mksshell.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]



Default executables:

--------------------


HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"

<> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""D:\WINDOWS\notepad.exe" "%1"" [MS]

HKLM\Software\Classes\.scr\(Default) = "AutoCADLTScriptFile"

<> HKLM\Software\Classes\AutoCADLTScriptFile\shell\open\command\(Default) = "D:\WINDOWS\NOTEPAD.EXE "%1"" [MS]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Cholera\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "D:\WINDOWS\system32\ssstars.scr" [MS]



Startup items in "Cholera" & "All Users" startup folders:

---------------------------------------------------------


D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Action Manager 32" -> shortcut to: "D:\Program Files\ScannerU\AM32.exe" [null data]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

D:\Program Files\mks_vir_2007\bin\\mkslsp.dll [null data], 01 - 03, 15

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 14

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

  -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "d:\program files\google\googletoolbar3.dll" ["Google Inc."]

"{4D5C8C2A-D075-11D0-B416-00C04FB90376}"

  -> {HKLM...CLSID} = "Pasek poleceń Microsoft"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

  -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "d:\program files\google\googletoolbar3.dll" ["Google Inc."]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

AVG E-mail Scanner, AVGEMS, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

AVG7 Alert Manager Server, Avg7Alrt, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

C-DillaCdaC11BA, C-DillaCdaC11BA, "D:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]

MkS_Scan, MkS_Scan, "D:\Program Files\mks_vir_2007\bin\mks_scan.exe" [empty string]

mks_vir file monitor, MksVirMonSvc, "D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe" [null data]

MksFwall, MksFwall, ""D:\Program Files\mks_vir_2007\bin\MksFwall.exe"" [null data]

MksPC, MksPC, ""D:\Program Files\mks_vir_2007\bin\MksPC.exe"" [null data]

MksUpdate, MksUpdate, ""D:\Program Files\mks_vir_2007\bin\mksupdate.exe"" ["MKS sp. z O. O."]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 334 seconds.

---------- (total run time: 647 seconds)

Złączono Posta _: 04.01.2007 (Czw) 0:03_o udało się:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

"MSMSGS" = ""D:\Program Files\Messenger\msmsgs.exe" /background" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"BearShare" = ""D:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."]

"QuickTime Task" = ""D:\Program Files\QuickTime Alternative\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k"

"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]

"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"AVG7_CC" = "D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"mkstray" = "D:\Program Files\mks_vir_2007\bin\mkstray.exe" ["MKS Sp z o.o."]

"mks_mail" = "D:\Program Files\mks_vir_2007\bin\mks_mail.exe" ["MKS sp. z o. o."]

"MKSRegmon" = "D:\Program Files\mks_vir_2007\bin\mksregmon.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Google Toolbar Helper"

                   \InProcServer32\(Default) = "d:\program files\google\googletoolbar3.dll" ["Google Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}" = "ABBYYPDFContextMenuExtension"

  -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"

                   \InProcServer32\(Default) = "D:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll" ["ABBYY (BIT Software)"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

  -> {HKLM...CLSID} = "iTunes"

                   \InProcServer32\(Default) = "D:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"

  -> {HKLM...CLSID} = "ACTHUMBNAIL"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]

"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Ikona obsługi nakładki Podpisów cyfrowych AutoCAD"

  -> {HKLM...CLSID} = "AcSignIcon"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]

"{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}" = "Zinio Shell Extension"

  -> {HKLM...CLSID} = "Zinio Magazine"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."]

"{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}" = "Zinio Magazine Column Provider"

  -> {HKLM...CLSID} = "MyMagazinesColumn Class"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  -> {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]


HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}\(Default) = "Zinio Magazine Column Provider"

  -> {HKLM...CLSID} = "MyMagazinesColumn Class"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ABBYYPDFContextMenuExtension\(Default) = "{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}"

  -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"

                   \InProcServer32\(Default) = "D:\Program Files\ABBYY PDF Transformer 1.0\PDFShellExtension.dll" ["ABBYY (BIT Software)"]

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"

  -> {HKLM...CLSID} = "MkS_Vir Shell Extension"

                   \InProcServer32\(Default) = "D:\Program Files\mks_vir_2007\bin\mksshell.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "D:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"

  -> {HKLM...CLSID} = "MkS_Vir Shell Extension"

                   \InProcServer32\(Default) = "D:\Program Files\mks_vir_2007\bin\mksshell.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]



Default executables:

--------------------


HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"

<> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""D:\WINDOWS\notepad.exe" "%1"" [MS]

HKLM\Software\Classes\.scr\(Default) = "AutoCADLTScriptFile"

<> HKLM\Software\Classes\AutoCADLTScriptFile\shell\open\command\(Default) = "D:\WINDOWS\NOTEPAD.EXE "%1"" [MS]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Cholera\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "D:\WINDOWS\system32\ssstars.scr" [MS]



Startup items in "Cholera" & "All Users" startup folders:

---------------------------------------------------------


D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Action Manager 32" -> shortcut to: "D:\Program Files\ScannerU\AM32.exe" [null data]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

D:\Program Files\mks_vir_2007\bin\\mkslsp.dll [null data], 01 - 03, 15

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 14

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

  -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "d:\program files\google\googletoolbar3.dll" ["Google Inc."]

"{4D5C8C2A-D075-11D0-B416-00C04FB90376}"

  -> {HKLM...CLSID} = "Pasek poleceń Microsoft"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

  -> {HKLM...CLSID} = "&Google"

                   \InProcServer32\(Default) = "d:\program files\google\googletoolbar3.dll" ["Google Inc."]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

AVG E-mail Scanner, AVGEMS, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

AVG7 Alert Manager Server, Avg7Alrt, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

C-DillaCdaC11BA, C-DillaCdaC11BA, "D:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]

MkS_Scan, MkS_Scan, "D:\Program Files\mks_vir_2007\bin\mks_scan.exe" [empty string]

mks_vir file monitor, MksVirMonSvc, "D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe" [null data]

MksFwall, MksFwall, ""D:\Program Files\mks_vir_2007\bin\MksFwall.exe"" [null data]

MksPC, MksPC, ""D:\Program Files\mks_vir_2007\bin\MksPC.exe"" [null data]

MksUpdate, MksUpdate, ""D:\Program Files\mks_vir_2007\bin\mksupdate.exe"" ["MKS sp. z O. O."]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 334 seconds.

---------- (total run time: 647 seconds)
#2

Zaptaszkowujesz w/w wpisy w HJT i klikasz FIXChecked.

Na SR się nie znam :slight_smile:

#3

Log z Silenta jest Ok.

Zrób skan http://www.ewido.net/en/ i wklej raport.

Poczytaj - XP - Optymalizacja, odchudzanie dla trochę bardziej zaawansowanych. Lub Optymalizacja i odchudzanie Windowsa XP dla trochę mniej zaawansowanych.

Zwykła wersja programu BearShare posiada w sobie syf dlatego proponuję go usunąć. A jeśli koniecznie chcesz z niego korzystać to zainstaluj wersję Lite, która jest pozbawiona syfu.

#4

exJuno jeżeli masz kłopoty z interpretacją logów, to tego nie rób, tylko się ucz. Nieprawidłowa porada z Twojej strony może przynieść więcej szkody niż pożytku :!:

#5

no i raport:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------


 + Created at:	21:01:07 2007-01-04


 + Scan result:	




D:\Program Files\Altnet -> Adware.Altnet : Ignored.

D:\Program Files\Altnet\Download Manager -> Adware.Altnet : Ignored.

D:\Program Files\Altnet\Download Manager\altinst1.dll -> Adware.Altnet : Ignored.

D:\Program Files\Altnet\Download Manager\altinst2.dll -> Adware.Altnet : Ignored.

D:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Ignored.

HKU\S-1-5-21-583907252-448539723-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignored.

HKU\S-1-5-21-583907252-448539723-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Ignored.

HKU\S-1-5-21-583907252-448539723-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} -> Adware.Generic : Ignored.

HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@site.www.adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@www.adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.

:mozilla.27:C:\WINDOWS\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.27:C:\WINDOWS\Profiles\■■■■■■■\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.27:C:\WINDOWS\Profiles\gość\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.28:C:\WINDOWS\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.28:C:\WINDOWS\Profiles\■■■■■■■\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.28:C:\WINDOWS\Profiles\gość\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.7:C:\WINDOWS\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.7:C:\WINDOWS\Profiles\■■■■■■■\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.7:C:\WINDOWS\Profiles\gość\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.8:C:\WINDOWS\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.8:C:\WINDOWS\Profiles\■■■■■■■\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

:mozilla.8:C:\WINDOWS\Profiles\gość\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Cookies\basia@ad.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Cookies\basia@ad.adocean[3].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Cookies\basia@ad.adocean[4].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Cookies\basia@gde.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Cookies\basia@gde.adocean[3].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Cookies\basia@gde.adocean[4].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Cookies\basia@idg.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Cookies\basia@my.adocean[1].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\■■■■■■■\Cookies\basia@ad.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\■■■■■■■\Cookies\basia@ad.adocean[3].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\■■■■■■■\Cookies\basia@ad.adocean[4].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\■■■■■■■\Cookies\basia@gde.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\■■■■■■■\Cookies\basia@gde.adocean[3].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\■■■■■■■\Cookies\basia@gde.adocean[4].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\■■■■■■■\Cookies\basia@idg.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\■■■■■■■\Cookies\basia@my.adocean[1].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\■■■■■■■\Cookies\■■■■■■■@idg.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\gość\Cookies\basia@ad.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\gość\Cookies\basia@ad.adocean[3].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\gość\Cookies\basia@ad.adocean[4].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\gość\Cookies\basia@gde.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\gość\Cookies\basia@gde.adocean[3].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\gość\Cookies\basia@gde.adocean[4].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\gość\Cookies\basia@idg.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

C:\WINDOWS\Profiles\gość\Cookies\basia@my.adocean[1].txt -> TrackingCookie.Adocean : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@ad.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@czgde.adocean[1].txt -> TrackingCookie.Adocean : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@gde.adocean[1].txt -> TrackingCookie.Adocean : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@gde.adocean[3].txt -> TrackingCookie.Adocean : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@my.adocean[1].txt -> TrackingCookie.Adocean : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@myao.adocean[1].txt -> TrackingCookie.Adocean : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@pracuj.adocean[2].txt -> TrackingCookie.Adocean : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@com[1].txt -> TrackingCookie.Com : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@ivwbox[3].txt -> TrackingCookie.Ivwbox : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@data2.perf.overture[1].txt -> TrackingCookie.Overture : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.

:mozilla.14:C:\WINDOWS\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.

:mozilla.14:C:\WINDOWS\Profiles\■■■■■■■\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.

:mozilla.14:C:\WINDOWS\Profiles\gość\Dane aplikacji\Mozilla\Firefox\Profiles\4vwdht0z.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@trafic[1].txt -> TrackingCookie.Trafic : Ignored.

D:\Documents and Settings\■■■■■■■\Cookies\■■■■■■■@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Ignored.

D:\Program Files\Integram\Budownictwo\integram1.exe -> Trojan.Proxcrak.A : Ignored.

D:\System Volume Information\_restore{E6495C24-9A8E-41A2-8C85-1E51BEE77036}\RP302\A0094461.exe/td.exe -> Worm.Agent.v : Ignored.

D:\System Volume Information\_restore{E6495C24-9A8E-41A2-8C85-1E51BEE77036}\RP302\A0094461.exe/zgo.exe -> Worm.Agent.v : Ignored.



::Report end
#6

Użyj tego narzędzia -> http://dobreprogramy.pl/index.php?dz=2&id=1188&t=59 -> i usuń nim wszystko, co znajdzie :slight_smile: