Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

AntiVormis i co dalej? Komputer bardzo wolno działa.

24 Gru 2006 01:06 2909 14
  • Poziom 10  
    Witam !!

    Mam wielki problem z komputerem. Podczas surfowania w internecie wyskoczył mi w prawym dolnym rogu (koło zegara) komunikat: SYSTEM ALERT ! Że system wykrył aktywność wirusów, żebym kliknął na dymek i wtedy pojawi mi się program do wyleczenia wirusów.

    No to klikam, pojawia się AntiVormis, instaluje bo się na tym nie znam a tu nagle Panda 2007 (trail) szaleje, że to jest jakiś "nieporządany program".

    Przeskanowałem system na wszystkie znane mi sposoby i juz nic nie wykrywam, żadnych spywarów, wirusów itp ale ciągle miga mi ten komunikta i komputer chociać Core2 Duo to chodzi mi jak moje statre poczciwe PII 300 MHz


    Co zrobic? Jak temu zaradzić? Pomocy !



    PS

    Poniżej zamieszczam mój rejestr (Hijackthis):

    Logfile of HijackThis v1.99.1
    Scan saved at 00:48:10, on 2006-12-24
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files (D)\Panda 2007\pavsrv51.exe
    D:\Program Files (D)\Panda 2007\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files (D)\Panda 2007\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    d:\program files (d)\panda 2007\firewall\PNMSRV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\GEARSec.exe
    D:\Program Files (D)\Nero 7\InCD\InCDsrv.exe
    D:\Program Files (D)\Norton Ghost 10.0\Agent\VProSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files (D)\Panda 2007\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    D:\Program Files (D)\Panda 2007\AntiSpam\pskmssvc.exe
    D:\Program Files (D)\Panda 2007\PsImSvc.exe
    D:\Program Files (D)\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe
    D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\Program Files (D)\iTunes\iTunesHelper.exe
    D:\Program Files (D)\Nero 7\InCD\InCD.exe
    D:\Program Files (D)\NoSpy\AntiSpyNT.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files (D)\NoSpy\AntiSpy\TSAntiSpy.exe
    D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqSTE08.exe
    D:\Program Files (D)\HP Deskjet\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe
    D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\Program Files (D)\iTunes\iTunesHelper.exe
    D:\Program Files (D)\Nero 7\InCD\InCD.exe
    D:\Program Files (D)\NoSpy\AntiSpyNT.exe
    D:\Program Files (D)\NoSpy\AutoUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\Program Files (D)\DeltaCalendar\DeltaCalendar.exe
    D:\Program Files (D)\Spyware Doctor\swdoctor.exe
    D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    D:\Program Files (D)\NoSpy\AntiSpy\TSAntiSpy.exe
    D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqSTE08.exe
    D:\Program Files (D)\HP Deskjet\Digital Imaging\Product Assistant\bin\hprblog.exe
    D:\Program Files (D)\Panda 2007\apvxdwin.exe
    D:\Program Files (D)\Panda 2007\SRVLOAD.EXE
    d:\program files (d)\panda 2007\WebProxy.exe
    C:\Documents and Settings\Dom\Pulpit\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    F3 - REG:win.ini: load=d:\progra~1\Collins\watch.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files (D)\Adobe\Acrobat 7.0.8\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - D:\Program Files (D)\NoSpy\PopupBlocker\PopupBlocker.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (D)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files (D)\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AMFNoSpy] D:\Program Files (D)\NoSpy\AntiSpyNT.exe
    O4 - HKLM\..\Run: [AMFNoSpyUpdate] D:\Program Files (D)\NoSpy\AutoUpdate.exe
    O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files (D)\Panda 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files (D)\Panda 2007\Inicio.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files (D)\Adobe\Acrobat 7.0.8\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - D:\Program Files (D)\NoSpy\PopupBlocker\PopupBlocker.dll
    O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - D:\Program Files (D)\NoSpy\PopupBlocker\PopupBlocker.dll
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
    O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
    O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files (D)\Nero 7\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files (D)\Norton Ghost 10.0\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Program Files (D)\Panda 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Program Files (D)\Panda 2007\pavsrv51.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\Program Files (D)\Panda 2007\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\program files (d)\panda 2007\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - D:\Program Files (D)\Panda 2007\PsImSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files (D)\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - D:\Program Files (D)\Panda 2007\TPSrv.exe
  • Pomocny post
    R.I.P. Zasłużony dla elektroda
    nataniel napisał:
    komputer chociać Core2 Duo to chodzi mi jak moje statre poczciwe PII 300 MHz. Co zrobic? Jak temu zaradzić?

    A może niech kolega uruchamia jeszcze jakieś kilkanaście aplikacji wraz ze startem Windows? To z pewnością przyśpieszy pracę systemu.
    Niech kolega zastanowi się, czy tak wiele różnych aplikacji musi zawsze startować wraz z Windows. Aplikacje te wskazane są w logu z hijackthis wierszami posiadającymi 04 na początku.
  • Poziom 10  
    No a co z tym AntiVormisem i ciagle pojawiającym sie SYSTEM ALERT ! ?

    Aplikacji teraz jest dużo bo na gwałt instaluję ante spyware !! A z pozostałymi aplikacjami wszystko chodziło bez zarzutów?

    Masz jakieś sugestie co z tym zrobić?
  • Poziom 37  
    nataniel napisał:
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    To jest szpieg Realteka. W zasadzie nie groźny, ale lubi kolega być szpiegowany? Można kliknąć Fix w hjt.

    Tego nie znam, ale biorąc pod uwagę umiejscowienie, prawdopodobnie właśnie to jest przyczyną komunikatu przy zegarze:
    nataniel napisał:
    O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll
    Jeśli to, co napisałem w następnym akapicie potwierdzi się, proszę postępować według opisu z podanego linku. Jeśli nie, proszę wklić log z Silent Runners.

    nataniel napisał:
    No a co z tym AntiVormisem i ciagle pojawiającym sie SYSTEM ALERT ! ?[...]
    Czy kolega dobrze przepisał nazwę? A może chodzi AntiVermins? Jeśli tak, proszę przejrzeć to:
    http://www.mks.com.pl/forum/viewtopic.php?t=1601
  • Poziom 10  
    Tak... to to paskudztwo. Mam dokładnie ten sam problem. I opis jak sobie z nim poradzić (na forum Mks) jest chyba trochę dla mnie za trudny.

    Na razie zrobiłe tak:

    włączylem NortonGhosta i postawiłem system sprzed 12h. Czy to wystarczy? Czy musze dalej analizowac i próbować usuwać wpisy do rejestru? Kasować pliki.. etc.
  • Poziom 37  
    Proszę wkleić nowe nogi z HijackThis i Silent Runners.

    P.S. Nie wiem co trudnego widzi kolega w opisie z podanego przeze mnie wcześniej linka. Wszystko jest opisane krok po kroku. Bardziej chyba się koledze nie chciało, niż nie wiedział jak.
  • Poziom 10  
    Oto Log:

    Cytat:

    Logfile of HijackThis v1.99.1
    Scan saved at 02:57:27, on 2006-12-24
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe
    D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\Program Files (D)\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\GEARSec.exe
    D:\Program Files (D)\Nero 7\InCD\InCDsrv.exe
    D:\Program Files (D)\Nero 7\InCD\InCD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\Program Files (D)\Norton Ghost 10.0\Agent\VProSvc.exe
    D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files (D)\HP Deskjet\Digital Imaging\Product Assistant\bin\hprblog.exe
    D:\Downloads\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files (D)\Adobe\Acrobat 7.0.8\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (D)\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\aVAST\ashDisp.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (D)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files (D)\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WinClock] D:\Program Files (D)\WinClock Biz\winclock.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files (D)\Adobe\Acrobat 7.0.8\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files (D)\aVAST\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files (D)\aVAST\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files (D)\aVAST\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files (D)\aVAST\ashWebSv.exe" /service (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files (D)\Nero 7\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mediabee (MBXmlRpc) - Unknown owner - D:\Program Files (D)\MediaBee\src\py\dist\MediabeeService.exe (file missing)
    O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files (D)\Norton Ghost 10.0\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




    I co dalej?
  • Poziom 37  
    A gdzie log z Sillent Runners?

    To pozostało:
    nataniel napisał:
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  • Poziom 10  
    Cytat:

    "Silent Runners.vbs", revision 49, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
    "WinClock" = "D:\Program Files (D)\WinClock Biz\winclock.exe" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
    "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
    "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
    "HP Software Update" = "D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
    "avast!" = "D:\PROGRA~1\aVAST\ashDisp.exe" [null data]
    "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
    "Norton Ghost 10.0" = ""D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe"" ["Symantec Corporation"]
    "Adobe Photo Downloader" = ""D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "iTunesHelper" = ""D:\Program Files (D)\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
    "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
    "InCD" = "D:\Program Files (D)\Nero 7\InCD\InCD.exe" ["Nero AG"]
    "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "D:\Program Files (D)\Adobe\Acrobat 7.0.8\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "D:\Program Files (D)\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
    -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
    -> {HKLM...CLSID} = "IE Microsoft AutoComplete"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
    -> {HKLM...CLSID} = "History Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {HKLM...CLSID} = "DesktopContext Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {HKLM...CLSID} = "NVIDIA CPL Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {HKLM...CLSID} = "Desktop Explorer"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {HKLM...CLSID} = "nView Desktop Context Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "D:\Program Files (D)\aVAST\ashShell.dll" ["ALWIL Software"]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "D:\Program Files (D)\Ms Office 2003\OFFICE11\msohev.dll" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "D:\Program Files (D)\WinRAR\rarext.dll" [null data]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "D:\Program Files (D)\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]



    Dodano po 3 [minuty]:

    Wkleje jeszcze raz bo chyba w tamtym żle dałem:

    Cytat:

    "Silent Runners.vbs", revision 49, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
    "WinClock" = "D:\Program Files (D)\WinClock Biz\winclock.exe" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
    "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
    "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
    "HP Software Update" = "D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
    "avast!" = "D:\PROGRA~1\aVAST\ashDisp.exe" [null data]
    "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
    "Norton Ghost 10.0" = ""D:\Program Files (D)\Norton Ghost 10.0\Agent\GhostTray.exe"" ["Symantec Corporation"]
    "Adobe Photo Downloader" = ""D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "iTunesHelper" = ""D:\Program Files (D)\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
    "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
    "InCD" = "D:\Program Files (D)\Nero 7\InCD\InCD.exe" ["Nero AG"]
    "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "D:\Program Files (D)\Adobe\Acrobat 7.0.8\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "D:\Program Files (D)\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
    -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
    -> {HKLM...CLSID} = "IE Microsoft AutoComplete"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
    -> {HKLM...CLSID} = "History Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {HKLM...CLSID} = "DesktopContext Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {HKLM...CLSID} = "NVIDIA CPL Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {HKLM...CLSID} = "Desktop Explorer"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {HKLM...CLSID} = "nView Desktop Context Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "D:\Program Files (D)\aVAST\ashShell.dll" ["ALWIL Software"]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "D:\Program Files (D)\Ms Office 2003\OFFICE11\msohev.dll" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "D:\Program Files (D)\WinRAR\rarext.dll" [null data]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "D:\Program Files (D)\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "D:\Program Files (D)\Adobe\Acrobat 7.0.8\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "D:\Program Files (D)\aVAST\ashShell.dll" ["ALWIL Software"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "D:\Program Files (D)\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "D:\Program Files (D)\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "D:\Program Files (D)\aVAST\ashShell.dll" ["ALWIL Software"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "D:\Program Files (D)\WinRAR\rarext.dll" [null data]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Łukasz Klima.KLIMIKA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


    Startup items in "Łukasz Klima" & "All Users" startup folders:
    --------------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
    "Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
    "Adobe Reader Speed Launch" -> shortcut to: "D:\Program Files (D)\Adobe\Acrobat 7.0.8\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
    "HP Digital Imaging Monitor" -> shortcut to: "D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]


    Enabled Scheduled Tasks:
    ------------------------

    "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
    "HPpromotions journeysoftware" -> launches: "C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe /N "journeysoftware" -r" ["hp"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    "ButtonText" = "Badanie"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    .NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]
    avast! Antivirus, avast! Antivirus, ""D:\Program Files (D)\aVAST\ashServ.exe"" [null data]
    avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files (D)\aVAST\aswUpdSv.exe"" [null data]
    avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files (D)\aVAST\ashMaiSv.exe" /service" ["ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, ""D:\Program Files (D)\aVAST\ashWebSv.exe" /service" ["ALWIL Software"]
    GEARSecurity, GEARSecurity, "C:\WINDOWS\System32\GEARSec.exe" ["GEAR Software"]
    InCD Helper, InCDsrv, "D:\Program Files (D)\Nero 7\InCD\InCDsrv.exe" ["Nero AG"]
    iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
    Norton Ghost, Norton Ghost, "D:\Program Files (D)\Norton Ghost 10.0\Agent\VProSvc.exe" ["Symantec Corporation"]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
    Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
    Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
    Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
    PCL Language Monitor\Driver = "hpz3l3xu.dll" ["Hewlett-Packard Company"]


    ----------
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 35 seconds, including 18 seconds for message boxes)


    Zwłoka spowodowana poszukiwaniem programu. Sorry
  • Poziom 10  
    Oto log (pdczas działania programu wyskoczył komunikat, że nie może odnaleźć jakiś 2 plików):

    Cytat:

    SmitFraudFix v2.131

    Scan done at 11:20:27,17, 2006-12-24
    Run from C:\Documents and Settings\ťukasz Klima.KLIMIKA\Pulpit\SmitfraudFix
    OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End



    Dodano po 2 [minuty]:



    Nie mam tego pliku !!

    Cytat:
    sun tez z dysku plik: C:\Windows\System32\hjpprpu.dll


    Dodano po 4 [minuty]:

    A oto log z Combofix:




    Cytat:

    ťukasz Klima - 06-12-24 11:30:56,79 Dodatek Service Pack 2
    ComboFix 06.11.27 - Running from: "C:\Documents and Settings\ťukasz Klima.KLIMIKA\Pulpit"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-24 to 2006-12-24 ))))))))))))))))))))))))))))))))))


    2006-12-24 11:20 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2006-12-24 11:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2006-12-24 11:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2006-12-24 11:20 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2006-12-24 11:20 3,486 --a------ C:\WINDOWS\system32\tmp.reg
    2006-12-24 11:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2006-12-24 11:20 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2006-12-21 01:14 <DIR> d-------- C:\WINDOWS\Minidump
    2006-12-20 20:58 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
    2006-12-06 12:59 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2006-12-04 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
    2006-11-28 08:13 <DIR> d---s---- C:\Documents and Settings\Lukasz Klima.KLIMIKA\UserData
    2006-11-26 13:31 <DIR> d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\AdobeAUM
    2006-11-24 01:14 <DIR> d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Ahead
    2006-11-24 00:49 <DIR> d-------- C:\Program Files\Common Files\Ahead


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-24 11:16 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-12-23 16:06 -------- d-------- C:\Program Files\Internet Explorer
    2006-12-21 22:29 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\uTorrent
    2006-12-18 00:07 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Skype
    2006-12-14 20:26 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-12-03 01:05 -------- d-------- C:\Program Files\XviD
    2006-11-26 13:31 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-11-26 13:31 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Adobe
    2006-11-26 13:26 319 --a------ C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\AdobeDLM.log
    2006-11-26 13:26 0 --a------ C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\dm.ini
    2006-11-24 00:49 -------- d-------- C:\Program Files\Common Files
    2006-11-23 23:22 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Apple Computer
    2006-11-23 23:08 -------- d-------- C:\Program Files\QuickTime
    2006-11-23 23:08 -------- d-------- C:\Program Files\iPod
    2006-11-23 23:08 -------- d-------- C:\Program Files\Apple Software Update
    2006-11-21 16:53 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Macromedia
    2006-11-21 16:50 -------- d---s---- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Microsoft
    2006-11-19 23:55 -------- d-------- C:\Program Files\Skype
    2006-11-19 23:49 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\AdobeUM
    2006-11-19 22:46 -------- d-------- C:\Program Files\Adobe
    2006-11-19 14:56 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Winamp
    2006-11-19 14:38 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\FMA
    2006-11-19 14:37 -------- d-------- C:\Program Files\Microsoft Windows Script
    2006-11-19 14:34 -------- d-------- C:\Program Files\Usb to Serial Driver 1.12.25
    2006-11-19 12:36 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
    2006-11-19 12:36 -------- d-------- C:\Program Files\Common Files\Symantec Shared
    2006-11-19 12:33 -------- d-------- C:\Program Files\Symantec
    2006-11-19 12:10 -------- d-------- C:\Program Files\Common Files\Macromedia
    2006-11-19 02:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-11-19 02:46 -------- d-------- C:\Program Files\Common Files\DESIGNER
    2006-11-19 02:26 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Mozilla
    2006-11-19 02:09 -------- d-------- C:\Program Files\Windows Media Player
    2006-11-19 01:55 -------- d-------- C:\Program Files\DivXCodec
    2006-11-19 01:43 -------- d-------- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\Identities
    2006-11-19 01:41 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-11-19 01:23 -------- d-------- C:\Program Files\DivX
    2006-11-19 00:56 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-11-19 00:56 -------- d-------- C:\Program Files\Common Files\ODBC
    2006-11-19 00:55 62 --ahs---- C:\Documents and Settings\Lukasz Klima.KLIMIKA\Dane aplikacji\desktop.ini
    2006-11-19 00:28 -------- d-------- C:\Program Files\HP
    2006-11-19 00:28 -------- d-------- C:\Program Files\Common Files\HP
    2006-11-19 00:27 -------- d-------- C:\Program Files\Hewlett-Packard
    2006-11-19 00:16 -------- d-------- C:\Program Files\Marvell
    2006-11-19 00:12 -------- d-------- C:\Program Files\Realtek
    2006-11-19 00:09 -------- d-------- C:\Program Files\Intel
    2006-11-19 00:07 -------- d--h----- C:\Program Files\Uninstall Information
    2006-11-19 00:04 0 -rahs---- C:\MSDOS.SYS
    2006-11-19 00:04 0 -rahs---- C:\IO.SYS
    2006-11-19 00:04 0 --a------ C:\CONFIG.SYS
    2006-11-19 00:04 0 --a------ C:\AUTOEXEC.BAT
    2006-11-19 00:03 -------- d--h----- C:\Program Files\WindowsUpdate
    2006-11-19 00:03 -------- d-------- C:\Program Files\Outlook Express
    2006-11-19 00:03 -------- d-------- C:\Program Files\NetMeeting
    2006-11-19 00:03 -------- d-------- C:\Program Files\Common Files\Services
    2006-11-19 00:02 -------- d-------- C:\Program Files\Movie Maker
    2006-11-19 00:02 -------- d-------- C:\Program Files\Common Files\System
    2006-11-19 00:02 -------- d-------- C:\Program Files\Common Files\MSSoap
    2006-11-19 00:01 -------- d-------- C:\Program Files\Windows NT
    2006-11-19 00:01 -------- d-------- C:\Program Files\MSN Gaming Zone
    2006-11-19 00:01 -------- d-------- C:\Program Files\Messenger
    2006-11-19 00:01 -------- d-------- C:\Program Files\ComPlus Applications
    2006-11-01 14:57 1138688 --a------ C:\WINDOWS\system32\xvidcore.dll
    2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-09-25 17:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
    "WinClock"="D:\\Program Files (D)\\WinClock Biz\\winclock.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SkyTel"="SkyTel.EXE"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "HP Software Update"="D:\\Program Files (D)\\HP Deskjet\\HP Software Update\\HPWuSchd2.exe"
    "avast!"="D:\\PROGRA~1\\aVAST\\ashDisp.exe"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "Norton Ghost 10.0"="\"D:\\Program Files (D)\\Norton Ghost 10.0\\Agent\\GhostTray.exe\""
    "Adobe Photo Downloader"="\"D:\\Program Files (D)\\Adobe\\Album Starter 3.0\\3.0\\Apps\\apdproxy.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"D:\\Program Files (D)\\iTunes\\iTunesHelper.exe\""
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "InCD"="D:\\Program Files (D)\\Nero 7\\InCD\\InCD.exe"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20061224-023157-150
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files (D)\HP Deskjet\HP Software Update\HPWuSchd2.exe
    backup-20061224-023157-246
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    backup-20061224-023157-257
    O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files (D)\Spyware Doctor\swdoctor.exe" /Q
    backup-20061224-023157-349
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    backup-20061224-023157-407
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    backup-20061224-023157-456
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (D)\iTunes\iTunesHelper.exe"
    backup-20061224-023157-503
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    backup-20061224-023157-616
    O4 - HKLM\..\Run: [AMFNoSpy] D:\Program Files (D)\NoSpy\AntiSpyNT.exe
    backup-20061224-023157-680
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files (D)\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    backup-20061224-023157-698
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    backup-20061224-023157-759
    O4 - HKCU\..\Run: [CoolCalendar] D:\Program Files (D)\CoolCalendar\CoolCalendar.exe
    backup-20061224-023157-766
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files (D)\Adobe\Album Starter 3.0\3.0\Apps\apdproxy.exe"
    backup-20061224-023157-851
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    backup-20061224-023157-862
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files (D)\HP Deskjet\Digital Imaging\bin\hpqtra08.exe
    backup-20061224-023157-883
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    backup-20061224-023157-951
    O4 - HKLM\..\Run: [AMFNoSpyUpdate] D:\Program Files (D)\NoSpy\AutoUpdate.exe
    backup-20061224-023157-973
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    backup-20061224-023157-979
    O4 - Startup: YearPlanner.lnk = D:\Program Files (D)\YearPlanner\YearPlanner.exe

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\HPpromotions journeysoftware.job

    Completion time: 06-12-24 11:31:22.56
    C:\ComboFix.txt ... 06-12-24 11:31


    Dodano po 26 [minuty]:

    I co dalej?
  • Spec od komputerów
    Odinstaluj WinClock, to program typu adware.
    Czy problem nadal wystepuje?
  • Poziom 10  
    Nie już nie nic nie ma System Alert. WinClock'a i YearPlannera juz dawno się pozbyłem. Zostały wpisy do rejestru.

    Teraz skanuje PandaOnline Actice Scaner i juz w połowie skanowanie naliczył mi 31 programow szpiegujących oraz 3 rootkity/narzedzia hackerowskie !!

    Ja z tym wszystkim walczyć?
    Jak się zabezpieczać (Mam SpywareBlastera, Spybot'a, i aVasta).


    Które wpisy z rejestru mogę jescze pousuwać?

    Ten komputer na jeszcze drugiego użytownika, czy naprawiając błędy u siebie naprawię też u niego? (obydwaje mamy status admina)?

    Dodano po 6 [minuty]:

    Wklejam raport z PandaActiveScan:


    Cytat:

    Zdarzenie Status Lokalizacja

    Spyware:Cookie/2o7 Nie wyleczalny C:\Documents and Settings\Dom\Cookies\dom@2o7[2].txt
    Spyware:Cookie/Adserver Nie wyleczalny C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\24g7yhiu.default\cookies.txt[.adserver.o2.pl/]
    Spyware:Cookie/WUpd Nie wyleczalny C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\24g7yhiu.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Yadro Nie wyleczalny C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\24g7yhiu.default\cookies.txt[.yadro.ru/]
    Spyware:Cookie/YieldManager Nie wyleczalny C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\24g7yhiu.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/2o7 Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Cookies\łukasz klima@2o7[1].txt
    Spyware:Cookie/Tradedoubler Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/Statcounter Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/HotLog Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.hotlog.ru/]
    Spyware:Cookie/SpyLog Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.spylog.com/]
    Spyware:Cookie/FastClick Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Tribalfusion Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/YieldManager Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Doubleclick Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/WUpd Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Com.com Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.com.com/]
    Spyware:Cookie/Atlas DMT Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Casalemedia Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/BurstNet Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/QuestionMarket Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/adstat Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.adstat.4u.pl/]
    Spyware:Cookie/Hitbox Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Advertising Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Xiti Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/PointRoll Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Mediaplex Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Maxserving Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/onestat.com Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/2o7 Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/WebtrendsLive Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Overture Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Dane aplikacji\Mozilla\Firefox\Profiles\zf16jymx.default\cookies.txt[.overture.com/]
    Niechciane narzędzia:Application/Processor Nie wyleczalny C:\Documents and Settings\Łukasz Klima.KLIMIKA\Pulpit\SmitfraudFix\Process.exe
    Niechciane narzędzia:Application/Processor Nie wyleczalny C:\WINDOWS\system32\Process.exe
    Niechciane narzędzia:Application/AntiVermins
  • Pomocny post
    Spec od komputerów
    > Teraz skanuje PandaOnline Actice Scaner i juz w
    > połowie skanowanie naliczył mi 31 programow
    > szpiegujących oraz 3 rootkity/narzedzia
    > hackerowskie !!

    Panda znalazla same ciastka + programy do usuwania robakow i nic wiecej.

    > Ja z tym wszystkim walczyć?

    Nic juz nie ma.

    > Jak się zabezpieczać (Mam SpywareBlastera,
    > Spybot'a, i aVasta).

    Nie sciagaj trojanow i nie uruchamiaj ich.

    > Które wpisy z rejestru mogę jescze pousuwać?

    Juz nic nie trzeba usuwac.

    > Ten komputer na jeszcze drugiego użytownika,
    > czy naprawiając błędy u siebie naprawię też u
    > niego? (obydwaje mamy status admina)?

    Tak.
  • Poziom 10  
    Dziękuje !! Wesołych Świąt !!