prośba o sprawdzenie loga

**Posty:** 9 · przez **kubiniak** 04 Sty 2006, 23:15

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 21:11:19, on 2006-01-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\System32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\ArcaVir\Bin\ABmenu.exe D:\Program Files\ArcaVir\Bin\ABregmon.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Tlen.pl\tlen.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\ArcaVir\Bin\NetMonSv.exe D:\PROGRA~1\INCRED~1\bin\IMApp.exe D:\Program Files\ArcaVir\Bin\avmonsv.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\ArcaVir\Bin\arcascan.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Internet Explorer\iexplore.exe D:\PROGRA~1\DAP\DAP.EXE D:\Documents and Settings\A\Pulpit\pobrane z DAP\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.ols.vectranet.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: D:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - D:\WINDOWS\system32\st3.dll (file missing) O2 - BHO: D:\WINDOWS\system32\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - D:\WINDOWS\system32\adsldpbe.dll (file missing) O2 - BHO: D:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - D:\WINDOWS\adsldpbd.dll (file missing) O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - D:\WINDOWS\prflbmsgp32.dll (file missing) O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - D:\WINDOWS\system32\azesearch4.ocx (file missing) O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - D:\WINDOWS\system32\iasada.dll (file missing) O3 - Toolbar: Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - D:\WINDOWS\system32\azesearch4.ocx (file missing) O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ABmenu] D:\Program Files\ArcaVir\Bin\ABmenu.exe O4 - HKLM\..\Run: [ABREGMON] D:\Program Files\ArcaVir\Bin\ABregmon.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [IncrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://arcaonline.arcabit.com O15 - Trusted Zone: http://skaner.mks.com.pl O15 - Trusted Zone: *.coolwebsearch.com O15 - Trusted Zone: *.searchmeup.com O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - D:\Program Files\Autodesk\Inventor Professional 9\bin\HSPCLPRO10.dll O20 - Winlogon Notify: gs - D:\WINDOWS\adsldpbd.dll (file missing) O20 - Winlogon Notify: msctl32.dll - D:\WINDOWS\system32\msctl32.dll (file missing) O20 - Winlogon Notify: st3 - D:\WINDOWS\system32\st3.dll (file missing) O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - D:\Program Files\ArcaVir\Bin\NetMonSv.exe O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - D:\Program Files\ArcaVir\Bin\avmonsv.exe O23 - Service: ArcaScan - ArcaBit - D:\Program Files\ArcaVir\Bin\arcascan.exe O23 - Service: arcaserv - ArcaBit Sp. z o. o. - D:\Program Files\ArcaVir\bin\arcaserv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

Miałem problem z SpySheriff usuwałem już sporo plików ale jeszcze komp coś slabo chodzi.
Zrobiłem też wpis do rejestru jak pisał kolega picasso. Co dalej

**Posty:** 8694 · przez **Red** 04 Sty 2006, 23:56

Podaj jeszcze log z http://www.silentrunners.org/

otwierasz link>> http://www.silentrunners.org/Silent%20Runners.vbs >>zapisujesz jako na pulpicie>>klikasz dwa razy >>masz wybor i wybierasz no>>i czekasz troszke az wygeneruje sie cały log do konca
wrzucasz na forum

**Posty:** 9 · przez **kubiniak** 05 Sty 2006, 00:16

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "Komunikator" = "D:\Program Files\Tlen.pl\tlen.exe" [null data] "Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"] "IncrediMail" = "D:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "ABmenu" = "D:\Program Files\ArcaVir\Bin\ABmenu.exe" ["ArcaBit"] "ABREGMON" = "D:\Program Files\ArcaVir\Bin\ABregmon.exe" ["ArcaBit"] "KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++} "Flag" = 2 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}\(Default) = "D:\WINDOWS\system32\st3.dll" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\st3.dll" [file not found] {7507739F-BC2E-4DC3-B233-816783C25DC9}\(Default) = "D:\WINDOWS\system32\adsldpbe.dll" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\adsldpbe.dll" [file not found] {826B2228-BC09-49F2-B5F8-42CE26B1B712}\(Default) = "D:\WINDOWS\adsldpbd.dll" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\adsldpbd.dll" [file not found] {C7CF1142-0785-4B12-A280-B64681E4D45E}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\prflbmsgp32.dll" [file not found] {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}\(Default) = "ZToolbar Activator Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\azesearch4.ocx" [file not found] {f65b197f-8260-4d52-909a-f70118e646eb}\(Default) = "AddressBar Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\iasada.dll" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [file not found] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"] "{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego" -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"] "{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"] "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 DragDrop Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Property Sheet Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}" = "st3" -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\st3.dll" [file not found] INFECTION WARNING! "{C7CF1142-0785-4B12-A280-B64681E4D45E}" = "z" -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\prflbmsgp32.dll" [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! gs\DLLName = "D:\WINDOWS\adsldpbd.dll" [file not found] INFECTION WARNING! msctl32.dll\DLLName = "D:\WINDOWS\system32\msctl32.dll" [file not found] INFECTION WARNING! st3\DLLName = "D:\WINDOWS\system32\st3.dll" [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data] IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

Mam jeszcze loga z Ad-Aware bo kolega qrminator mi tez pomaga to go wrzucę może na coś się przyda

[code]

Ad-Aware SE Build 1.06r1
Logfile Created on:4 stycznia 2006 21:46:06
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CrackSpider(TAC index:4):8 total references
DyFuCA(TAC index:3):25 total references
istbar(TAC index:7):6 total references
Possible Browser Hijack attempt(TAC index:3):5 total references
Powerscan(TAC index:5):5 total references
SideFind(TAC index:5):7 total references
Tracking Cookie(TAC index:3):13 total references
ZyncosMark(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

2006-01-04 21:46:06 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 540
ThreadCreationTime : 2006-01-04 19:47:57
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\D:\WINDOWS\system32\
ProcessID : 604
ThreadCreationTime : 2006-01-04 19:47:59
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\D:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 2006-01-04 19:48:00
BasePriority : High

#:4 [services.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 2006-01-04 19:48:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : System operacyjny Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Usługi i aplikacja Kontroler
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 2006-01-04 19:48:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 844
ThreadCreationTime : 2006-01-04 19:48:01
BasePriority : Normal
FileVersion : 6.14.10.4121
ProductVersion : 6.14.10.4121
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 2006-01-04 19:48:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 948
ThreadCreationTime : 2006-01-04 19:48:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1044
ThreadCreationTime : 2006-01-04 19:48:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1088
ThreadCreationTime : 2006-01-04 19:48:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1148
ThreadCreationTime : 2006-01-04 19:48:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1524
ThreadCreationTime : 2006-01-04 19:48:03
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [ati2evxx.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1544
ThreadCreationTime : 2006-01-04 19:48:03
BasePriority : Normal
FileVersion : 6.14.10.4121
ProductVersion : 6.14.10.4121
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:14 [explorer.exe]
FilePath : D:\WINDOWS\
ProcessID : 1644
ThreadCreationTime : 2006-01-04 19:48:03
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : System operacyjny Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eksplorator Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone.
OriginalFilename : EXPLORER.EXE

#:15 [atiptaxx.exe]
FilePath : D:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1720
ThreadCreationTime : 2006-01-04 19:48:05
BasePriority : Normal
FileVersion : 6.14.10.5006
ProductVersion : 6.14.10.5006
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:16 [abmenu.exe]
FilePath : D:\Program Files\ArcaVir\Bin\
ProcessID : 1728
ThreadCreationTime : 2006-01-04 19:48:05
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ArcaVir Tray
CompanyName : ArcaBit
FileDescription : ArcaVir Tray
InternalName : ABMenu
LegalCopyright : Copyright (C) 1997
OriginalFilename : ABMenu.exe

#:17 [abregmon.exe]
FilePath : D:\Program Files\ArcaVir\Bin\
ProcessID : 1736
ThreadCreationTime : 2006-01-04 19:48:05
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Registry Monitor
CompanyName : ArcaBit
FileDescription : Registry Monitor
InternalName : Registry Monitor
LegalCopyright : Copyright (C) 2005
OriginalFilename : Registry Monitor

#:18 [skype.exe]
FilePath : D:\Program Files\Skype\Phone\
ProcessID : 1832
ThreadCreationTime : 2006-01-04 19:48:05
BasePriority : Normal

#:19 [tlen.exe]
FilePath : D:\Program Files\Tlen.pl\
ProcessID : 1868
ThreadCreationTime : 2006-01-04 19:48:06
BasePriority : High

#:20 [gg.exe]
FilePath : D:\Program Files\Gadu-Gadu\
ProcessID : 1876
ThreadCreationTime : 2006-01-04 19:48:06
BasePriority : Normal

#:21 [netmonsv.exe]
FilePath : D:\Program Files\ArcaVir\Bin\
ProcessID : 1992
ThreadCreationTime : 2006-01-04 19:48:12
BasePriority : Normal
FileVersion : 1, 2, 0, 1
ProductVersion : 1, 2, 0, 1
ProductName : ArcaBit Net Monitor
CompanyName : ArcaBit sp. z o.o.
FileDescription : NetMonSV
InternalName : NetMonSV
LegalCopyright : Copyright © 2004
OriginalFilename : NetMonSV.exe
Comments : Kontroluje dane przesyłane przez TCP/IP.

#:22 [imapp.exe]
FilePath : D:\PROGRA~1\INCRED~1\bin\
ProcessID : 2000
ThreadCreationTime : 2006-01-04 19:48:12
BasePriority : Normal
FileVersion : 4, 5, 0, 2068
ProductVersion : 4, 5, 0, 2068
ProductName : IncrediMail
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediApp
LegalCopyright : Copyright © 2002 IncrediMail, Ltd.
OriginalFilename : IMAPP.EXE

#:23 [avmonsv.exe]
FilePath : D:\Program Files\ArcaVir\Bin\
ProcessID : 2040
ThreadCreationTime : 2006-01-04 19:48:12
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ArcaVir
CompanyName : ArcaBit
FileDescription : ArcaVir Antivirus Monitor
InternalName : ArcaVir Monitor Service
LegalCopyright : Copyright (C) 2005
OriginalFilename : ArcaVir Monitor Service

#:24 [mdm.exe]
FilePath : D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 332
ThreadCreationTime : 2006-01-04 19:48:13
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:25 [sqlservr.exe]
FilePath : D:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\
ProcessID : 436
ThreadCreationTime : 2006-01-04 19:48:15
BasePriority : Normal
FileVersion : 2000.080.0760.00
ProductVersion : 8.00.760
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:26 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 988
ThreadCreationTime : 2006-01-04 19:48:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:27 [alg.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1100
ThreadCreationTime : 2006-01-04 19:49:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [arcascan.exe]
FilePath : D:\Program Files\ArcaVir\Bin\
ProcessID : 2172
ThreadCreationTime : 2006-01-04 19:49:52
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ArcaBit Scanner Component
CompanyName : ArcaBit
FileDescription : ArcaBit Scanner Component
InternalName : ArcaScan
LegalCopyright : Copyright 2004
OriginalFilename : ArcaScan.exe

#:29 [iexplore.exe]
FilePath : D:\Program Files\Internet Explorer\
ProcessID : 2764
ThreadCreationTime : 2006-01-04 19:51:13
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : System operacyjny Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone.
OriginalFilename : IEXPLORE.EXE

#:30 [iexplore.exe]
FilePath : D:\Program Files\Internet Explorer\
ProcessID : 3052
ThreadCreationTime : 2006-01-04 19:54:11
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : System operacyjny Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone.
OriginalFilename : IEXPLORE.EXE

#:31 [dap.exe]
FilePath : D:\PROGRA~1\DAP\
ProcessID : 3664
ThreadCreationTime : 2006-01-04 19:59:17
BasePriority : Normal
FileVersion : 7, 4, 0, 1
ProductVersion : 7, 4, 0, 1
ProductName : Download Accelerator Plus
CompanyName : Speedbit Ltd.
FileDescription : Download Accelerator Plus
InternalName : DAP
LegalCopyright : Copyright (C) 1999 - 2005 Speedbit Ltd.
OriginalFilename : DAP.EXE
Comments : 59

#:32 [ad-aware.exe]
FilePath : D:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2100
ThreadCreationTime : 2006-01-04 20:44:45
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»&raquo;»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CrackSpider Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : addressbar.loader

CrackSpider Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : addressbar.loader.1

CrackSpider Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f65b197f-8260-4d52-909a-f70118e646eb}

CrackSpider Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{38252777-2500-456e-8b3d-a55850306da2}

CrackSpider Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{dea43ce3-d57b-45f6-a4d1-110e652ced11}

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0985c112-2562-46f2-8da6-92648ba4630f}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\software\ist
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\software\ist
Value : config

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\software\ist
Value : referer

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\software\ist
Value : NeverISTsvc

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\software\avenue media

CrackSpider Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\azesearchco

CrackSpider Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\loaderco

CrackSpider Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f65b197f-8260-4d52-909a-f70118e646eb}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dyfuca

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : UninstallString

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind
Value : shoppingautosearch

Powerscan Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment : "account_id"
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\software\powerscan
Value : account_id

Powerscan Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment : "LoadNum"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\powerscan
Value : LoadNum

Powerscan Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment : "account_id"
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\\software\powerscan
Value : account_id

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 41
Objects found so far: 41

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-583907252-926492609-725345543-1003\Software\Microsoft\Internet Explorer\MainStart Pageonet.pl

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.onet.pl/"
TAC Rating : 5
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-583907252-926492609-725345543-1003\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://www.onet.pl/"
Trusted zone presumably compromised : searchmeup.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmeup.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.com
Trusted zone presumably compromised : searchmeup.com
Trusted zone presumably compromised : contentmatch.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Vulnerability
Comment : Trusted zone presumably compromised : contentmatch.net\ny
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Vulnerability
Comment : Trusted zone presumably compromised : contentmatch.net\ny
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny
Value : https

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 45

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : a@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:a@tribalfusion.com/
Expires : 2038-01-01 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : a@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:a@tradedoubler.com/
Expires : 2025-12-30 20:31:38
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : a@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:a@casalemedia.com/
Expires : 2006-12-26 15:32:14
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : a@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:a@mediaplex.com/
Expires : 2009-06-22 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : a@trafic[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:a@trafic.ro/
Expires : 2037-01-11 15:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : a@please[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:a@ad2.pl.mediainter.net/please/
Expires : 2006-12-03 20:32:16
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : a@servedby.netshelter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:a@servedby.netshelter.net/
Expires : 2006-01-12 01:20:38
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : a@adserver.o2[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:a@adserver.o2.pl/
Expires : 2008-09-02 03:37:52
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 53

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ktos@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\ktos@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ktos@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\ktos@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ktos@ehg-ati.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\ktos@ehg-ati.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ktos@please[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\ktos@please[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ktos@please[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\ktos@please[2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58

Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58

Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 58

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : CRACKS.AM - Page A.url
TAC Rating : 3
Category : Misc
Comment : Problematic URL discovered: http://www.cracks.am/cracks/a.html
Object : D:\Documents and Settings\A\Ulubione\

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

istbar Object Recognized!
Type : RegData
Data : Never
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

istbar Object Recognized!
Type : RegData
Data : Never
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey

**Posty:** 8694 · przez **Red** 05 Sty 2006, 11:51

juz bardziej zamotac nie mogles???Daj jeszcze log na 10 innych forach to wyjdzie wielkie cudo

a log z http://www.silentrunners.org/

jest urwany

**Posty:** 9 · przez **kubiniak** 05 Sty 2006, 11:59

Sory dałem tylko na dwóch (moim zdaniem róznych) forach, nie chciałem nic mieszać tylko uzyskać pomoc.

Wczoraj na "konkurencyjnym" forum kolega mi pomógł ale chyba do końca nie jest dobrze bo Panda Active Scan znalazła 61 Spyware i 2 Suspicious Files

Jak zechcesz mi jeszcze pomóc to wrzuce pełnego już loga.

Przepraszam jeszcze raz jeśli namieszałem.

**Posty:** 8694 · przez **Red** 05 Sty 2006, 12:12

wrzuc dwa pelne logi ,pamietaj o tagach

**Posty:** 9 · przez **kubiniak** 05 Sty 2006, 12:22

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 10:20:27, on 2006-01-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\System32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\ArcaVir\Bin\ABmenu.exe D:\Program Files\ArcaVir\Bin\ABregmon.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Tlen.pl\tlen.exe D:\Program Files\Gadu-Gadu\gg.exe D:\PROGRA~1\INCRED~1\bin\IMApp.exe D:\Program Files\ArcaVir\Bin\NetMonSv.exe D:\Program Files\ArcaVir\Bin\avmonsv.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\ArcaVir\Bin\arcascan.exe D:\PROGRA~1\INCRED~1\bin\IncMail.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\System32\WScript.exe D:\Documents and Settings\A\Pulpit\pobrane z DAP\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.ols.vectranet.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ABmenu] D:\Program Files\ArcaVir\Bin\ABmenu.exe O4 - HKLM\..\Run: [ABREGMON] D:\Program Files\ArcaVir\Bin\ABregmon.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [IncrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - D:\Program Files\Autodesk\Inventor Professional 9\bin\HSPCLPRO10.dll O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - D:\Program Files\ArcaVir\Bin\NetMonSv.exe O23 - Service: ArcaVir Monitor (ArcaMonSvc) - ArcaBit - D:\Program Files\ArcaVir\Bin\avmonsv.exe O23 - Service: ArcaScan - ArcaBit - D:\Program Files\ArcaVir\Bin\arcascan.exe O23 - Service: arcaserv - ArcaBit Sp. z o. o. - D:\Program Files\ArcaVir\bin\arcaserv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "Komunikator" = "D:\Program Files\Tlen.pl\tlen.exe" [null data] "Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"] "IncrediMail" = "D:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "ABmenu" = "D:\Program Files\ArcaVir\Bin\ABmenu.exe" ["ArcaBit"] "ABREGMON" = "D:\Program Files\ArcaVir\Bin\ABregmon.exe" ["ArcaBit"] "KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++} "Flag" = 2 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [file not found] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"] "{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego" -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"] "{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"] "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 DragDrop Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Property Sheet Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data] IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ArcaVir\(Default) = "{39D48A26-EB1E-494c-973B-DDF4B2BEFE3F}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\ArcaVir\Bin\ArcaShl.dll" [null data] FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}" -> {CLSID}\InProcServer32\(Default) = "d:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll" ["ABBYY (BIT Software)"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\Documents and Settings\A\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS] Enabled Scheduled Tasks: ------------------------ "FRU Task #Hewlett-Packard#hp psc 1200 series#1134904292" -> launches: "D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1134904292"" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21569614-B795-46B1-85F4-E737A8DC09AD}\ = "Shell Search Band" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {669695BC-A811-4A9D-8CDF-BA8C795F261C}\ "ButtonText" = "Run DAP" "Exec" = "D:\PROGRA~1\DAP\DAP.EXE" ["Speedbit Ltd."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\ "ButtonText" = "eBay - Homepage" "CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}" -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\shdocvw.dll" [MS] "Exec" = "D:\Program Files\IrfanView\Ebay\Ebay.htm" [null data] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ArcaBit NetMonitor, ABNetMon, "D:\Program Files\ArcaVir\Bin\NetMonSv.exe" ["ArcaBit sp. z o.o."] ArcaScan, ArcaScan, "D:\Program Files\ArcaVir\Bin\arcascan.exe" ["ArcaBit"] ArcaVir Monitor, ArcaMonSvc, "D:\Program Files\ArcaVir\Bin\avmonsv.exe" ["ArcaBit"] Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] MSSQL$INVENTORCONTENT, MSSQL$INVENTORCONTENT, "D:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt07\Driver = "hpzsnt07.dll" ["HP"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 101 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 30 seconds. ---------- (total run time: 184 seconds)

**Posty:** 8694 · przez **Red** 05 Sty 2006, 12:36

no i widze ze w miedzyczasie pousuwałes troszke smieci ,bo oba logi są czyste ......

**Posty:** 9 · przez **kubiniak** 05 Sty 2006, 12:41

Tak usunąłem wszystko z AdAware ale Panda dalej widzi Spyware.
A może byś przekazał umiejętność rozpoznawania logów wtedy ja bym wam tyłka nie zawracał a może nawet czasami komuś pomógł.

**Posty:** 8694 · przez **Red** 05 Sty 2006, 12:45

prosze wkleic screna z tego co pokazuje panda ...koniecznie .Zoobaczymy co w trawie piszczy

wklejenie screna :

na klawiaturze masz przycisk PrintScrn - naciskasz go (tworzy się obraz tego co na monitorze) i wklejasz go do programu graficznego,dokladnie wklej go do painta ,jak otworzycz okno painta to wcisnij ctrl v - zapisujesz na pulpicie >plik zapisz jako........

wchodzisz na stronke http://www.imageshack.us/
naciskasz przegladaj i znajdz to co zapisałas na pulpicie w paincie i wciskasz host it.Wyskocza ci adresy.Wybierz np ten drugi ,podswietl go >>kopiuj i tu w temacie wklej

**Posty:** 9 · przez **kubiniak** 05 Sty 2006, 12:48

Ok tylko poczekam aż panda skończy skanować

**Posty:** 8694 · przez **Red** 05 Sty 2006, 12:49

poczekam

**Posty:** 9 · przez **kubiniak** 05 Sty 2006, 14:17

http://img211.imageshack.us/my.php?image=ad9yn.png

http://img211.imageshack.us/my.php?image=add4hb.png

to są screeny z AdAware bo komp mi się zrestartował sam nie wiedzieć czemu i Panda jeszcze skanuje

[ Dodano: Dzisiaj o 13:32 ]
Panda wygenerowała raport więc nie będę wklejał screenów

Kod: Zaznacz wszystko: Incident Status Location Adware:adware/spytrooper Not disinfected Windows Registry Spyware:Cookie/Adserver Not disinfected D:\Documents and Settings\A\Cookies\a@adserver.o2[1].txt Spyware:Cookie/Falkag Not disinfected D:\Documents and Settings\A\Cookies\a@as-eu.falkag[1].txt Spyware:Cookie/Tradedoubler Not disinfected D:\Documents and Settings\A\Cookies\a@tradedoubler[1].txt Spyware:Cookie/Adserver Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.adserver.o2.pl/] Spyware:Cookie/Tradedoubler Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Com.com Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.ads.clickad.com.pl/] Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.server.iad.liveperson.net/] Spyware:Cookie/Statcounter Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.statcounter.com/] Spyware:Cookie/WUpd Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.revenue.net/] Spyware:Cookie/SpyLog Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.spylog.com/] Spyware:Cookie/Tribalfusion Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.statse.webtrendslive.com/S144351] Spyware:Cookie/Searchportal Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.searchportal.information.com/] Spyware:Cookie/GoClick Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.c.goclick.com/] Spyware:Cookie/FastClick Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Belnk Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.belnk.com/] Spyware:Cookie/2o7.net Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.2o7.net/] Spyware:Cookie/bravenetA Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.bravenet.com/] Spyware:Cookie/Belnk Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.dist.belnk.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.server.iad.liveperson.net/hc/37010162] Spyware:Cookie/Falkag Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.as1.falkag.de/] Spyware:Cookie/Falkag Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/Casalemedia Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Hitbox Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Advertising Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.advertising.com/] Spyware:Cookie/Hbmediapro Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.adopt.hbmediapro.com/] Spyware:Cookie/Falkag Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/Microsofte Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/Falkag Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/Enhance Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.c.enhance.com/] Spyware:Cookie/Falkag Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/YieldManager Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.ad.yieldmanager.com/] Spyware:Cookie/Mediaplex Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Cd Freaks Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.cdfreaks.com/] Spyware:Cookie/GoClick Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[.c.goclick.com/] Spyware:Cookie/Adserver Not disinfected D:\Documents and Settings\A\Cookies\a@adserver.o2[1].txt Spyware:Cookie/Falkag Not disinfected D:\Documents and Settings\A\Cookies\a@as-eu.falkag[1].txt Spyware:Cookie/Tradedoubler Not disinfected D:\Documents and Settings\A\Cookies\a@tradedoubler[1].txt Spyware:Cookie/Adserver Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[] Spyware:Cookie/WebtrendsLive Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[S144351] Spyware:Cookie/Searchportal Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[] Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[37010162] Spyware:Cookie/Falkag Not disinfected D:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\8iee5zu1.default\cookies.txt[] Possible Virus. Not disinfected D:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\MQTrans.ax Possible Virus. Not disinfected D:\Program Files\Autodesk\Inventor Professional 9\Stress Analysis\AISOL\CommonFiles\MeshMetricGraphU.dll Possible Virus. Not disinfected D:\RECYCLER\S-1-5-21-583907252-926492609-725345543-1003\Dd27\MeshMetricGraphU_dll.vir Possible Virus. Not disinfected D:\RECYCLER\S-1-5-21-583907252-926492609-725345543-1003\Dd27\MQTrans_ax.vir Dialer:Dialer.DCG Not disinfected E:\eMule\Arcavir 2005 + keygen.rar[selfextract.exe]

**Posty:** 8694 · przez **Red** 05 Sty 2006, 14:32

nie ma smieci

**Posty:** 9 · przez **kubiniak** 05 Sty 2006, 14:36

A patrzyłeś na raport z Pandy bo nie wiem czy w jednym czasie nie napisaliśmy.

Ale ok skoro tak twierdzisz tak zapewne jest.

Wielkie dzięki.

Gdzie mam wcisnąć pochwałę dla Ciebie.

**Posty:** 8694 · przez **Red** 05 Sty 2006, 14:47

A patrzyłeś na raport z Pandy

tak i mozesz go olac>>>nieszkodliwe wpisy

**Posty:** 9 · przez **kubiniak** 05 Sty 2006, 14:51

Ok jeszcze raz wielkie dzięki.

Pozdrawiam Andrzej

prośba o sprawdzenie loga

Prośba o sprawdzenie loga

log

log

log

log

log

log

log

log

Kto jest na forum