zmasowany atak x.x

**Posty:** 16 · przez **_Darex_** 03 Maj 2008, 14:13

Cóż, zaczęło się tak, że Avast Home Edition ( mój anty vcirus) 'krzyczał', że w plikach systemowych w folderze system32 jest pełno wirusów, tam było parę plików :]. później jakiś komunikat, że ehm jakiś oczyszczacz komputera czy coś o_O może mi pomóc oczyścić komputer ze zbędnych plików

. Pomyslałem, że może to być komunikat wirusa, więc zamknąłem i pełno stron porno mi wylazło .__. Muli mi teraz kompa, anty virus ciągle krzyczy, że pełno tych wirusów w plikach systemowych, po prostu proszę o pomoc by to załatwić :]. Nie chcę znów formata mieć

. Na wszelki wypadek tam tu już loga z Hijackthis :].

Log:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:11:59, on 2008-04-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Icecast2 Win32\icecastService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\PSIService.exe D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe D:\FRAPS\FRAPS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\kRk Software\GG Tools\GGT.exe C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe D:\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\ICeQ\Chat.exe D:\Winamp\winamp.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe D:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL F2 - REG:system.ini: Shell=explorer.exe C:/windows/services.exe O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\program files\steganos internet anonym 2006\sia2006iep.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "D:\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [BearFlix] "D:\BearFlix\BearFlix.exe" /pause O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AnyDVD] D:\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [GoD] "D:\GoD\GoD.exe" /tray O4 - HKCU\..\Run: [VS Online] C:\VSOnline.exe /tray O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [GG Tools] "D:\kRk Software\GG Tools\GGT.exe" /tray O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rozmowa.lnk = D:\System syntezy mowy\rozmowy.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYSE O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C05AA5D-E5F8-46B2-B6C9-D075058806A2}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Abel - Unknown owner - D:\Cain\Abel.exe (file missing) O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 12978 bytes

Proszę o pomoc w rozwiązniu, mojego problemu :].

**Posty:** 241 · przez **Paxo202** 03 Maj 2008, 14:17

http://forum.programosy.pl/dla-userow-wstawiajacych-logi-na-forum-vt93842.html

Weź log w tagi [code].

**Posty:** 18165 · przez **wojtas** 03 Maj 2008, 14:46

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 16 · przez **_Darex_** 03 Maj 2008, 21:05

Zrobiłem to co kazałeś :]. Logi:

Combofixa:

Kod: Zaznacz wszystko: pushd "C:\327882R2FWJFW\" ============================================= ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Gwidon\Dane aplikacji cfldr=327882R2FWJFW CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=KOMP ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Gwidon kmd=CF14231.exe LOGONSERVER=\\KOMP NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\Borland\CBUILD~1\Bin;C:\PROGRA~1\Borland\CBUILD~1\Projects\Bpl;C:\Program Files\Borland\Delphi7\Bin;C:\Program Files\Borland\Delphi7\Projects\Bpl\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;D:\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;D:\QuickTime\QTSystem\ PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4f02 ProgramFiles=C:\Program Files PROMPT=$ QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SESSIONNAME=Console sfxname=C:\Documents and Settings\Gwidon\Pulpit\ComboFix.exe system=C:\WINDOWS\system32 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Gwidon\USTAWI~1\Temp TMP=C:\DOCUME~1\Gwidon\USTAWI~1\Temp USERDOMAIN=KOMP USERNAME=Gwidon USERPROFILE=C:\Documents and Settings\Gwidon windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI ============================================= if not defined sfxname goto END Nircmd win close ititle "ComboFix" If [] == [] Set "SfxCmd=" if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort if exist "C:\DOCUME~1\Gwidon\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\Gwidon\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log" SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 (C) Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF14231.exe" Liczba skopiowanych plik˘w: 1. if not exist "C:\WINDOWS\system32\CF14231.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF14231.exe" For /F "tokens=*" %g in ("C:\Documents and Settings\Gwidon\Pulpit\ComboFix.exe") do @( set "FileName=%~ng" set "FilePath=%~dpg" ) Set FileName 2>nul | GREP -Gisqx "FileName=[-[:alnum:]@.]*" || ( nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" "" goto END ) DIR /AD/B C:\* | FindStr.exe -IVX ComboFix 1>dirname00 FindStr.exe -LIXC:"ComboFix" dirname00 1>nul && call :NameChk If exist dirname0? del /Q dirname0? If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && ( rd /s/q "\ComboFix" If exist "\ComboFix" ( PV -kf findstr.exe *.cfexe rd /s/q "\ComboFix" ) If exist "\ComboFix" ( handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00 for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h del /q temp00 rd /s/q "\ComboFix" ) ) If exist "\ComboFix" rd /s/q "\ComboFix" If exist "\ComboFix" goto :eof VER | Findstr.exe -ic:"[Version 6.0" && (Call :Vista ) || CD .. Set "comspec=C:\WINDOWS\system32\CF14231.exe" ( echo.md "\ComboFix" echo.Move /y "\327882R2FWJFW\*" "\ComboFix" echo.RD /S/Q "\327882R2FWJFW" echo.Start "." /d"C:\ComboFix" "C:\WINDOWS\system32\CF14231.exe" /k c.bat echo.pv -kf cmd.exe ) 1>Start_.cmd NirCmd exec hide "C:\WINDOWS\system32\CF14231.exe" /f:off /d /c call Start_.cmd NirCmd execmd del "\327882R2FWJFW\prep.cmd" EXIT

Log z Hijacka:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:03:51, on 2008-04-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Icecast2 Win32\icecastService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\PSIService.exe D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe D:\FRAPS\FRAPS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\kRk Software\GG Tools\GGT.exe C:\Program Files\Skype\Phone\Skype.exe D:\Gadu-Gadu\gg.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Winamp\winamp.exe D:\ICeQ\Chat.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0EC9498A-7B8E-4F40-A993-8E90530D9BA9} - C:\WINDOWS\system32\ssttu.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\program files\steganos internet anonym 2006\sia2006iep.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "D:\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [BearFlix] "D:\BearFlix\BearFlix.exe" /pause O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AnyDVD] D:\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [GoD] "D:\GoD\GoD.exe" /tray O4 - HKCU\..\Run: [VS Online] C:\VSOnline.exe /tray O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [GG Tools] "D:\kRk Software\GG Tools\GGT.exe" /tray O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rozmowa.lnk = D:\System syntezy mowy\rozmowy.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYSE O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C05AA5D-E5F8-46B2-B6C9-D075058806A2}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Abel - Unknown owner - D:\Cain\Abel.exe (file missing) O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 14661 bytes

I teraz zawartośc tego pliku report.txt w folderze SDFix:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.179 [/b] Run by Administrator on 2008-04-04 at 12:27 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\system32\WINKVE32.dll - Deleted Removing Temp Files [b]ADS Check [/b]: C:\WINDOWS\system32 :{DA6227CB-326B-4B4D-9A81-04B61F1538DD} 12 Total size: 12 bytes. system32: deleted 12 bytes in 1 streams. Checking for remaining Streams C:\WINDOWS\system32 No streams found. [b]Final Check [/b]: catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-04 12:38:21 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="D:\Alcohol Soft\Alcohol 52\" "h0"=dword:00000001 "ujdew"=hex:a0,4d,72,f8,a6,05,78,4c,6d,ad,7d,81,7f,70,ea,4f,dc,d5,c5,85,b9,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:90,28,e5,60,38,36,6c,0d,74,68,f5,ca,57,b6,a2,31,c6,81,34,45,91,.. "p0"="D:\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,51,76,de,78,de,f8,f1,27,71,62,93,ba,cf,16,39,e1,f7,.. "khjeh"=hex:eb,a5,8c,5d,11,83,2f,73,0c,12,b3,39,45,15,6c,06,15,ca,79,e5,14,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:27,dc,9b,ea,c6,b1,6a,97,39,4d,39,c5,1c,c0,72,74,b0,07,a2,b3,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:27,dc,9b,ea,c6,b1,6a,97,39,4d,39,c5,1c,c0,72,74,b0,07,a2,b3,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:27,dc,9b,ea,c6,b1,6a,97,39,4d,39,c5,1c,c0,72,74,b0,07,a2,b3,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:27,dc,9b,ea,c6,b1,6a,97,39,4d,39,c5,1c,c0,72,74,b0,07,a2,b3,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="D:\Alcohol Soft\Alcohol 52\" "h0"=dword:00000001 "ujdew"=hex:a0,4d,72,f8,a6,05,78,4c,6d,ad,7d,81,7f,70,ea,4f,dc,d5,c5,85,b9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:90,28,e5,60,38,36,6c,0d,74,68,f5,ca,57,b6,a2,31,c6,81,34,45,91,.. "p0"="D:\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,51,76,de,78,de,f8,f1,27,71,62,93,ba,cf,16,39,e1,f7,.. "khjeh"=hex:eb,a5,8c,5d,11,83,2f,73,0c,12,b3,39,45,15,6c,06,15,ca,79,e5,14,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:27,dc,9b,ea,c6,b1,6a,97,39,4d,39,c5,1c,c0,72,74,b0,07,a2,b3,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:27,dc,9b,ea,c6,b1,6a,97,39,4d,39,c5,1c,c0,72,74,b0,07,a2,b3,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:27,dc,9b,ea,c6,b1,6a,97,39,4d,39,c5,1c,c0,72,74,b0,07,a2,b3,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:27,dc,9b,ea,c6,b1,6a,97,39,4d,39,c5,1c,c0,72,74,b0,07,a2,b3,1c,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Gadu-Gadu\\gg.exe"="D:\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny" "D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule" "D:\\quake3.exe"="D:\\quake3.exe:*:Enabled:quake3" "D:\\Quake III Arena\\quake3.exe"="D:\\Quake III Arena\\quake3.exe:*:Enabled:quake3" "C:\\Documents and Settings\\Gwidon\\Pulpit\\emule.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\emule.exe:*:Enabled:eMule" "D:\\SHOUTcast\\sc_serv.exe"="D:\\SHOUTcast\\sc_serv.exe:*:Enabled:sc_serv" "D:\\mIRC\\mirc.exe"="D:\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Documents and Settings\\Gwidon\\Pulpit\\samp-server\\samp-server.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\samp-server\\samp-server.exe:*:Enabled:samp-server" "D:\\Rockstar Games\\GTA San Andreas\\samp-server.exe"="D:\\Rockstar Games\\GTA San Andreas\\samp-server.exe:*:Enabled:samp-server" "C:\\Documents and Settings\\Gwidon\\Pulpit\\samp01b-server\\samp-server.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\samp01b-server\\samp-server.exe:*:Enabled:samp-server" "C:\\Documents and Settings\\Gwidon\\Pulpit\\samp-server-0.2.1-win32\\samp-server.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\samp-server-0.2.1-win32\\samp-server.exe:*:Enabled:samp-server" "D:\\BearShare\\BearShare.exe"="D:\\BearShare\\BearShare.exe:*:Enabled:BearShare" "D:\\BearFlix\\bearflix.exe"="D:\\BearFlix\\bearflix.exe:*:Enabled:BearFlix" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikacj©" "C:\\Documents and Settings\\Gwidon\\Pulpit\\samp01b-r2-win32\\samp01b-r2-win32\\samp-server.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\samp01b-r2-win32\\samp01b-r2-win32\\samp-server.exe:*:Enabled:samp-server" "D:\\Aspyr\\Tony Hawks Pro Skater 4\\Game\\Skate4.exe"="D:\\Aspyr\\Tony Hawks Pro Skater 4\\Game\\Skate4.exe:*:Enabled:Skate4" "D:\\BitTorrent\\btdownloadgui.exe"="D:\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui" "D:\\DC++\\DCPlusPlus.exe"="D:\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "D:\\Counter-Strike 1.6\\hl.exe"="D:\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqw.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) Demo" "C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe:*:Enabled:etqwded.exe" "C:\\Documents and Settings\\Gwidon\\Pulpit\\qbcsalph\\QuakeBot.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\qbcsalph\\QuakeBot.exe:*:Enabled:QuakeBot" "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb" "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray" "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "D:\\Cain\\Cain.exe"="D:\\Cain\\Cain.exe:*:Enabled:Cain - Password Recovery Utility" "C:\\WINDOWS\\system32\\winhttp.exe"="C:\\WINDOWS\\system32\\winhttp.exe:*:Enabled:winhttp" "D:\\Snikers\\Snikers.exe"="D:\\Snikers\\Snikers.exe:*:Enabled:Snikers" "C:\\Program Files\\WinPcap\\rpcapd.exe"="C:\\Program Files\\WinPcap\\rpcapd.exe:*:Enabled:rpcapd" "C:\\Documents and Settings\\Gwidon\\Pulpit\\programy hakerskie itd\\Cain\\Cain.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\programy hakerskie itd\\Cain\\Cain.exe:*:Enabled:Cain - Password Recovery Utility" "C:\\Documents and Settings\\Gwidon\\Pulpit\\samp022server.win32\\samp-server.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\samp022server.win32\\samp-server.exe:*:Enabled:samp-server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\\totalcmd\\TOTALCMD.EXE"="D:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander" "C:\\Documents and Settings\\Gwidon\\Pulpit\\samp_serwer_0.2.2_gf\\samp-server.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\samp_serwer_0.2.2_gf\\samp-server.exe:*:Enabled:samp-server" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "D:\\Soulseek\\slsk.exe"="D:\\Soulseek\\slsk.exe:*:Enabled:SoulSeek" "C:\\Documents and Settings\\Gwidon\\Pulpit\\MAIL_PASSWORD_RECOVERY1.1.0\\MAIL_PASSWORD_RECOVERY1.1.0\\mpr.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\MAIL_PASSWORD_RECOVERY1.1.0\\MAIL_PASSWORD_RECOVERY1.1.0\\mpr.exe:*:Enabled:Mail Password Recovery" "C:\\Documents and Settings\\Gwidon\\Pulpit\\NT12\\NT12\\Server\\bezpieczny server.exe"="C:\\Documents and Settings\\Gwidon\\Pulpit\\NT12\\NT12\\Server\\bezpieczny server.exe:*:Enabled:bezpieczny server" "C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Icecast2 Win32\\Icecast2.exe"="C:\\Program Files\\Icecast2 Win32\\Icecast2.exe:*:Enabled:Icecast2win" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Onet.pl - Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: File Backups: - C:\SDFix\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Tue 21 Aug 2007 24 ..SH. --- "C:\WINDOWS\S42D635A2.tmp" Sat 12 Apr 2008 88 ..SHR --- "C:\WINDOWS\system32\8F51133FB5.sys" Mon 5 Nov 2007 0 A.SH. --- "C:\WINDOWS\system32\httpget.sys" Mon 5 Nov 2007 2,560 A.SH. --- "C:\WINDOWS\system32\httpkhk.dll" Mon 5 Nov 2007 15,845 A.SH. --- "C:\WINDOWS\system32\httpklg.sys" Sat 12 Apr 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Sat 17 Feb 2007 1,185,792 ...H. --- "C:\WINDOWS\system32\mmsystem.exe" Sat 3 Feb 2007 2,045 ...H. --- "C:\WINDOWS\system32\whlb32g.dll" Tue 28 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll" Wed 27 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BITF.tmp" Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT12.tmp" Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BITE.tmp" Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5a563fa477cf8fafb8fe0c62db7d73a1\BIT13.tmp" Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d8b27483d3f365d76169cb326b6d1c4\BIT11.tmp" Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\67670e278a441f6a122d6a8b2e902cc7\BITD.tmp" Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\69d36bfb88bb6252fc5b48610fdd4093\BIT14.tmp" Sat 22 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8213811a47d2bd2f8f612f637816d982\BIT10.tmp" Tue 28 Aug 2007 4,348 ...H. --- "C:\Documents and Settings\Gwidon\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak" Sat 13 Oct 2007 20 A..H. --- "C:\Documents and Settings\Gwidon\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak" Sat 13 Oct 2007 9,656 A.SH. --- "C:\Documents and Settings\Gwidon\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak" [b]Finished![/b]

**Posty:** 18165 · przez **wojtas** 04 Maj 2008, 01:06

zastosuj:

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

i wykonaj jeszcze raz loga z combofixa (ten Ci sie zle wygenerował ) oraz hijacka... jesli ostatecznie combofix nie pokaze dobrego loga to daj wtedy z dss'a

**Posty:** 16 · przez **_Darex_** 04 Maj 2008, 07:47

Logi:

Z hijacka:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:38:51, on 2008-04-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Icecast2 Win32\icecastService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\PSIService.exe D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe D:\FRAPS\FRAPS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\kRk Software\GG Tools\GGT.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Gadu-Gadu\gg.exe D:\Winamp\winamp.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe D:\ICeQ\Chat.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {945B02E2-E118-41A2-9B03-009537E9C164} - C:\WINDOWS\system32\ssttu.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\program files\steganos internet anonym 2006\sia2006iep.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "D:\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [BearFlix] "D:\BearFlix\BearFlix.exe" /pause O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AnyDVD] D:\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [GoD] "D:\GoD\GoD.exe" /tray O4 - HKCU\..\Run: [VS Online] C:\VSOnline.exe /tray O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [GG Tools] "D:\kRk Software\GG Tools\GGT.exe" /tray O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rozmowa.lnk = D:\System syntezy mowy\rozmowy.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYSE O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C05AA5D-E5F8-46B2-B6C9-D075058806A2}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Abel - Unknown owner - D:\Cain\Abel.exe (file missing) O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 14165 bytes

Combofixa:

Kod: Zaznacz wszystko: pushd "C:\327882R2FWJFW\" ============================================= ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Gwidon\Dane aplikacji cfldr=327882R2FWJFW CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=KOMP ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Gwidon kmd=CF14231.exe LOGONSERVER=\\KOMP NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\Borland\CBUILD~1\Bin;C:\PROGRA~1\Borland\CBUILD~1\Projects\Bpl;C:\Program Files\Borland\Delphi7\Bin;C:\Program Files\Borland\Delphi7\Projects\Bpl\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;D:\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;D:\QuickTime\QTSystem\ PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4f02 ProgramFiles=C:\Program Files PROMPT=$ QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SESSIONNAME=Console sfxname=C:\Documents and Settings\Gwidon\Pulpit\ComboFix.exe system=C:\WINDOWS\system32 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Gwidon\USTAWI~1\Temp TMP=C:\DOCUME~1\Gwidon\USTAWI~1\Temp USERDOMAIN=KOMP USERNAME=Gwidon USERPROFILE=C:\Documents and Settings\Gwidon windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI ============================================= if not defined sfxname goto END Nircmd win close ititle "ComboFix" If [] == [] Set "SfxCmd=" if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort if exist "C:\DOCUME~1\Gwidon\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\Gwidon\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log" SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 (C) Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF14231.exe" Liczba skopiowanych plik˘w: 1. if not exist "C:\WINDOWS\system32\CF14231.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF14231.exe" For /F "tokens=*" %g in ("C:\Documents and Settings\Gwidon\Pulpit\ComboFix.exe") do @( set "FileName=%~ng" set "FilePath=%~dpg" ) Set FileName 2>nul | GREP -Gisqx "FileName=[-[:alnum:]@.]*" || ( nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" "" goto END ) DIR /AD/B C:\* | FindStr.exe -IVX ComboFix 1>dirname00 FindStr.exe -LIXC:"ComboFix" dirname00 1>nul && call :NameChk If exist dirname0? del /Q dirname0? If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && ( rd /s/q "\ComboFix" If exist "\ComboFix" ( PV -kf findstr.exe *.cfexe rd /s/q "\ComboFix" ) If exist "\ComboFix" ( handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00 for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h del /q temp00 rd /s/q "\ComboFix" ) ) If exist "\ComboFix" rd /s/q "\ComboFix" If exist "\ComboFix" goto :eof VER | Findstr.exe -ic:"[Version 6.0" && (Call :Vista ) || CD .. Set "comspec=C:\WINDOWS\system32\CF14231.exe" ( echo.md "\ComboFix" echo.Move /y "\327882R2FWJFW\*" "\ComboFix" echo.RD /S/Q "\327882R2FWJFW" echo.Start "." /d"C:\ComboFix" "C:\WINDOWS\system32\CF14231.exe" /k c.bat echo.pv -kf cmd.exe ) 1>Start_.cmd NirCmd exec hide "C:\WINDOWS\system32\CF14231.exe" /f:off /d /c call Start_.cmd NirCmd execmd del "\327882R2FWJFW\prep.cmd" EXIT

A tu raport z smitfraudfix:

Kod: Zaznacz wszystko: SmitFraudFix v2.319 Scan done at 23:43:19,23, 2008-04-04 Run from C:\Documents and Settings\Gwidon\Pulpit\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NVIDIA nForce Networking Controller - Sterownik miniport Harmonogramu pakietów DNS Server Search Order: 213.92.190.130 DNS Server Search Order: 213.92.190.135 DNS Server Search Order: 77.242.226.226 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3C05AA5D-E5F8-46B2-B6C9-D075058806A2}: NameServer=194.204.159.1,194.204.152.34 HKLM\SYSTEM\CCS\Services\Tcpip\..\{4EF8D94C-DD21-46A2-82FC-84EE88D89FD4}: DhcpNameServer=213.92.190.130 213.92.190.135 77.242.226.226 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3C05AA5D-E5F8-46B2-B6C9-D075058806A2}: NameServer=194.204.159.1,194.204.152.34 HKLM\SYSTEM\CS1\Services\Tcpip\..\{4EF8D94C-DD21-46A2-82FC-84EE88D89FD4}: DhcpNameServer=213.92.190.130 213.92.190.135 77.242.226.226 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3C05AA5D-E5F8-46B2-B6C9-D075058806A2}: NameServer=194.204.159.1,194.204.152.34 HKLM\SYSTEM\CS2\Services\Tcpip\..\{4EF8D94C-DD21-46A2-82FC-84EE88D89FD4}: DhcpNameServer=88.199.79.3 88.199.79.6 77.242.226.226 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.92.190.130 213.92.190.135 77.242.226.226 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.92.190.130 213.92.190.135 77.242.226.226 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=88.199.79.3 88.199.79.6 77.242.226.226 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

I jak? ^^

**Posty:** 18165 · przez **wojtas** 04 Maj 2008, 12:12

skasuj tego combofixa co masz na dysku... sciagnij jeszcze raz combofixai
zapisz na pulpit

R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {945B02E2-E118-41A2-9B03-009537E9C164} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BearFlix] "D:\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe"
O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"

skasuj te wpisy ^^

wklej do notatnika

File::
C:\WINDOWS\system32\ssttu.dll
C:\Windows\System32\drivers\setup\manager.exe

Folder::
C:\Program Files\MyGlobalSearch
C:\Program Files\DAEMON Tools SearchBar
D:\BearFlix
C:\Program Files\MyWebSearch
C:\Program Files\Multi_Media

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 16 · przez **_Darex_** 04 Maj 2008, 12:51

Log z Combofixa:

Kod: Zaznacz wszystko: pushd "C:\327882R2FWJFW\" ============================================= ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Gwidon\Dane aplikacji cfldr=327882R2FWJFW CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=KOMP ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Gwidon kmd=CF5367.exe LOGONSERVER=\\KOMP NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\Borland\CBUILD~1\Bin;C:\PROGRA~1\Borland\CBUILD~1\Projects\Bpl;C:\Program Files\Borland\Delphi7\Bin;C:\Program Files\Borland\Delphi7\Projects\Bpl\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;D:\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;D:\QuickTime\QTSystem\ PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4f02 ProgramFiles=C:\Program Files PROMPT=$ QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SESSIONNAME=Console sfxname=C:\Documents and Settings\Gwidon\Pulpit\ComboFix.exe system=C:\WINDOWS\system32 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Gwidon\USTAWI~1\Temp TMP=C:\DOCUME~1\Gwidon\USTAWI~1\Temp USERDOMAIN=KOMP USERNAME=Gwidon USERPROFILE=C:\Documents and Settings\Gwidon windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI ============================================= if not defined sfxname goto END Nircmd win close ititle "ComboFix" If ["C:\Documents and Settings\Gwidon\Pulpit\CFScript.txt"] == [] Set "SfxCmd=" if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort if exist "C:\DOCUME~1\Gwidon\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\Gwidon\USTAWI~1\Temp\327882R2FWJFW327882R2FWJFW.log" SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 (C) Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF5367.exe" Liczba skopiowanych plik˘w: 1. if not exist "C:\WINDOWS\system32\CF5367.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF5367.exe" For /F "tokens=*" %g in ("C:\Documents and Settings\Gwidon\Pulpit\ComboFix.exe") do @( set "FileName=%~ng" set "FilePath=%~dpg" ) Set FileName 2>nul | GREP -Gisqx "FileName=[-[:alnum:]@.]*" || ( nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" "" goto END ) DIR /AD/B C:\* | FindStr.exe -IVX ComboFix 1>dirname00 FindStr.exe -LIXC:"ComboFix" dirname00 1>nul && call :NameChk If exist dirname0? del /Q dirname0? If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && ( rd /s/q "\ComboFix" If exist "\ComboFix" ( PV -kf findstr.exe *.cfexe rd /s/q "\ComboFix" ) If exist "\ComboFix" ( handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00 for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h del /q temp00 rd /s/q "\ComboFix" ) ) If exist "\ComboFix" rd /s/q "\ComboFix" If exist "\ComboFix" goto :eof VER | Findstr.exe -ic:"[Version 6.0" && (Call :Vista ) || CD .. Set "comspec=C:\WINDOWS\system32\CF5367.exe" ( echo.md "\ComboFix" echo.Move /y "\327882R2FWJFW\*" "\ComboFix" echo.RD /S/Q "\327882R2FWJFW" echo.Start "." /d"C:\ComboFix" "C:\WINDOWS\system32\CF5367.exe" /k c.bat echo.pv -kf cmd.exe ) 1>Start_.cmd NirCmd exec hide "C:\WINDOWS\system32\CF5367.exe" /f:off /d /c call Start_.cmd NirCmd execmd del "\327882R2FWJFW\prep.cmd" EXIT

**Posty:** 8001 · przez **Okocza** 04 Maj 2008, 12:54

skasuj tego combofixa co masz na dysku... sciagnij jeszcze raz combofixa

bo ciezko jest sprawdzac loga..

**Posty:** 16 · przez **_Darex_** 07 Maj 2008, 17:41

To jak pomożecie? ;/ Bo znów jakieś trojany wykryło w system32.

**Posty:** 18165 · przez **wojtas** 07 Maj 2008, 18:20

daj loga z dss'a

**Posty:** 16 · przez **_Darex_** 08 Maj 2008, 20:08

Log z dss'a:

Kod: Zaznacz wszystko: Deckard's System Scanner v20071014.68 Run by Gwidon on 2008-04-09 13:08:29 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red]Percentage of Memory in Use: 77% (more than 75%).[/color] -- HijackThis (run as Gwidon.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:08:39, on 2008-04-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Icecast2 Win32\icecastService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\PSIService.exe D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe D:\FRAPS\FRAPS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\kRk Software\GG Tools\GGT.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Gadu-Gadu\gg.exe D:\Winamp\winamp.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Documents and Settings\Gwidon\Pulpit\dss.exe D:\HIJACK~1\Gwidon.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {9DED1B21-EBD1-4E5C-A06E-C61228764E79} - C:\WINDOWS\system32\ssttu.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\program files\steganos internet anonym 2006\sia2006iep.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "D:\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [BearFlix] "D:\BearFlix\BearFlix.exe" /pause O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BMcb145d57] Rundll32.exe "C:\WINDOWS\system32\jghyngmo.dll",s O4 - HKLM\..\Run: [c8276ecb] rundll32.exe "C:\WINDOWS\system32\viinfcgh.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AnyDVD] D:\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [GoD] "D:\GoD\GoD.exe" /tray O4 - HKCU\..\Run: [VS Online] C:\VSOnline.exe /tray O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [GG Tools] "D:\kRk Software\GG Tools\GGT.exe" /tray O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rozmowa.lnk = D:\System syntezy mowy\rozmowy.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYSE O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C05AA5D-E5F8-46B2-B6C9-D075058806A2}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Abel - Unknown owner - D:\Cain\Abel.exe (file missing) O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 14279 bytes -- Files created between 2008-03-09 and 2008-04-09 ----------------------------- 2008-04-13 02:26:16 0 d-------- C:\Program Files\Bonjour 2008-04-13 02:20:08 0 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-04-12 07:16:04 0 d-------- C:\Program Files\Secure Surfing Engine 2008-04-12 07:16:00 0 d-------- C:\Program Files\Steganos Internet Anonym 2006 2008-04-10 08:00:10 0 d-------- C:\Program Files\MSECache 2008-04-08 10:38:58 70656 -r-hs---- C:\WINDOWS\system32\amvo0.dll 2008-04-08 10:38:58 105075 -r-hs---- C:\WINDOWS\system32\amvo.exe 2008-04-08 10:19:01 96832 --a------ C:\WINDOWS\system32\viinfcgh.dll 2008-04-05 11:31:53 95296 --a------ C:\WINDOWS\system32\ybpvyhlm.dll 2008-04-05 09:15:38 0 d-------- C:\Program Files\Goolag Scanner 2008-04-04 23:42:18 3580 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-04 23:41:53 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-04 23:41:53 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-04-04 23:41:53 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-04-04 23:41:53 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-04-04 23:41:53 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-04-04 23:41:53 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-04 23:41:53 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-04 23:41:53 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-04 13:24:44 0 d-------- C:\WINDOWS\ERUNT 2008-04-03 12:35:59 0 d-------- C:\Program Files\Common Files\Screaming Bee 2008-04-03 00:51:10 187925 --ahs---- C:\WINDOWS\system32\uttss.ini2 2008-04-03 00:51:04 281600 --a------ C:\WINDOWS\system32\ssttu.dll 2008-04-02 13:07:21 0 d-------- C:\Program Files\Common Files\xing shared 2008-04-02 13:07:06 0 d-------- C:\Program Files\Real 2008-04-02 01:41:32 0 d-------- C:\Documents and Settings\Gwidon\Application Data 2008-04-02 01:41:32 0 d-------- C:\Documents and Settings\Gwidon\Application Data\Syntrillium 2008-04-01 15:35:16 0 d-------- C:\Program Files\Common Files\Reallusion 2008-03-26 10:55:54 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK> 2008-03-26 10:55:54 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire> 2008-03-25 00:46:26 0 d-------- C:\WINDOWS\_$MB6Setup_ 2008-03-23 06:59:09 0 d-------- C:\Program Files\Common Files\Borland Shared 2008-03-22 03:10:43 29696 --a------ C:\WINDOWS\system32\pthread.dll 2008-03-22 03:10:43 78085 --a------ C:\WINDOWS\system32\pattern.dat 2008-03-22 03:10:43 307200 --a------ C:\WINDOWS\system32\fxstudio.dll 2008-03-22 03:10:43 57344 --a------ C:\WINDOWS\system32\eJ_Capture.dll <Not Verified; eJay AG; PrjCapture> 2008-03-22 03:10:43 147519 --a------ C:\WINDOWS\system32\ej_360VideoFX.dll <Not Verified; eJay AG; PrjVideoFX> 2008-03-22 03:10:43 106496 --a------ C:\WINDOWS\system32\DartWeb.dll <Not Verified; Dart Communications; PowerTCP© Tools> 2008-03-22 03:10:43 159744 --a------ C:\WINDOWS\system32\DartSock.dll <Not Verified; Dart Communications; PowerTCP© Tools> 2008-03-22 03:10:38 280576 --a------ C:\WINDOWS\system32\pxd_kom.dll 2008-03-22 03:10:38 45056 --a------ C:\WINDOWS\system32\fader.dll 2008-03-22 03:10:37 75976 --a------ C:\WINDOWS\system32\BASSDEC.dll 2008-03-21 03:17:13 0 d-------- C:\Program Files\Common Files\Corel 2008-03-21 03:14:36 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-21 03:14:36 88 -r-hs---- C:\WINDOWS\system32\8F51133FB5.sys 2008-03-20 05:35:28 0 d-------- C:\Program Files\Jasc Software Inc 2008-03-20 00:03:53 45 ---h----- C:\WINDOWS\dsez9936.dat 2008-03-15 11:25:21 30720 --a------ C:\WINDOWS\whois.exe 2008-03-15 11:25:21 248939 --a------ C:\WINDOWS\trace.bat 2008-03-15 11:25:21 184832 --a------ C:\WINDOWS\nslookup.exe 2008-03-15 11:25:21 59392 --a------ C:\WINDOWS\nc.exe 2008-03-15 11:25:21 1439 --a------ C:\WINDOWS\getdns.bat 2008-03-15 11:25:21 81668 --a------ C:\WINDOWS\BFR.EXE 2008-03-14 14:31:38 304182 --a------ C:\StiImg.dat 2008-03-14 14:02:44 0 d-------- C:\Program Files\Skype 2008-03-14 14:02:44 0 d-------- C:\Program Files\Common Files\Skype 2008-03-14 06:51:06 0 d-------- C:\Program Files\Common Files\Macromedia Shared 2008-03-14 06:50:08 0 d-------- C:\Program Files\Common Files\Macromedia -- Find3M Report --------------------------------------------------------------- 2008-04-13 09:51:23 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Adobe 2008-04-13 02:27:13 0 d-------- C:\Program Files\QuickTime 2008-04-13 02:26:58 0 d-------- C:\Program Files\Opera 2008-04-13 02:26:14 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-13 00:00:18 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Corel 2008-04-12 07:28:06 0 d-------- C:\Program Files\Java 2008-04-12 05:55:40 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Hide IP NG 2008-04-09 12:51:57 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Skype 2008-04-09 10:46:10 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\skypePM 2008-04-06 08:35:14 475568 --a------ C:\WINDOWS\system32\perfh015.dat 2008-04-06 08:35:14 85368 --a------ C:\WINDOWS\system32\perfc015.dat 2008-04-04 10:31:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-03 12:38:23 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Screaming Bee 2008-04-03 12:35:59 0 d-------- C:\Program Files\Common Files 2008-04-02 13:34:35 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Real 2008-04-02 13:07:18 0 d-------- C:\Program Files\Common Files\Real 2008-04-02 12:44:53 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Canon 2008-04-02 04:28:10 0 d-------- C:\Program Files\Winamp Remote 2008-04-01 15:42:31 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Reallusion 2008-04-01 15:35:15 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-01 15:34:46 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\InstallShield 2008-03-26 10:56:07 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Propellerhead Software 2008-03-21 07:43:21 0 d-------- C:\Program Files\Microsoft Works 2008-03-18 10:55:21 0 d-------- C:\Program Files\Google 2008-03-14 06:54:45 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Macromedia 2008-02-27 09:28:54 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Apple Computer 2008-02-24 11:47:22 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\3DFA 2008-02-11 12:54:40 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Winamp 2008-02-11 10:17:21 0 d-------- C:\Program Files\Icecast2 Win32 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 14:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DED1B21-EBD1-4E5C-A06E-C61228764E79}] 2008-04-03 00:51 281600 --a------ C:\WINDOWS\system32\ssttu.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 14:06 1135968] [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 09:44 C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [2005-05-03 10:43 C:\WINDOWS\Alcmtr.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 03:20] "nwiz"="nwiz.exe" [2005-06-15 03:20 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 03:20] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 03:00] "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 01:29] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 12:37] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-13 19:43] "CloneCDTray"="D:\SlySoft\CloneCD\CloneCDTray.exe" [] "BearFlix"="D:\BearFlix\BearFlix.exe" [] "WhenUSearch"="C:\Program Files\DAEMON Tools SearchBar\Search.exe" [] "WhenUSearchWHSE"="C:\Program Files\DAEMON Tools SearchBar\whse.exe" [] "WinampAgent"="D:\Winamp\winampa.exe" [2007-10-09 23:28] "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-10-19 13:16] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-18 10:55] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-02 13:07] "BMcb145d57"="C:\WINDOWS\system32\jghyngmo.dll" [] "c8276ecb"="C:\WINDOWS\system32\viinfcgh.dll" [2008-04-08 10:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 13:25] "Fraps"="D:\FRAPS\FRAPS.EXE" [2003-05-18 11:32] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:44] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 11:20] "AnyDVD"="D:\SlySoft\AnyDVD\AnyDVD.exe" [] "GoD"="D:\GoD\GoD.exe" [] "VS Online"="C:\VSOnline.exe" [] "DAEMON Tools"="D:\DAEMON Tools\daemon.exe" [] "AlcoholAutomount"="D:\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 04:22] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-22 18:47] "GG Tools"="D:\kRk Software\GG Tools\GGT.exe" [2007-09-17 08:25] "manager"="C:\Windows\System32\drivers\setup\manager.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 10:26] "SIA2006"="C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" [2005-11-09 11:35] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2007-04-04 07:41] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SIA2006"="C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot C:\Documents and Settings\Gwidon\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 12:16:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttu [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{248534be-04b7-11dd-91e2-0016e652415c}] AutoRun\command- F:\h0s2.bat explore\Command- F:\h0s2.bat open\Command- F:\h0s2.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e95414f-f2b2-11dc-9138-0016e652415c}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe Open(&0)\command- F:\Recycled\ctfmon.exe -- End of Deckard's System Scanner: finished at 2008-04-09 13:09:02 ------------

**Posty:** 8001 · przez **Okocza** 08 Maj 2008, 20:17

wstaw go w tagi..

**Posty:** 16 · przez **_Darex_** 10 Maj 2008, 17:48

Już jest, zmieniłem...

**Posty:** 8001 · przez **Okocza** 10 Maj 2008, 17:55

to fixujesz w hijacku

_Darex_ napisał(a):O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {9DED1B21-EBD1-4E5C-A06E-C61228764E79} - C:\WINDOWS\system32\ssttu.dll
O4 - HKLM\..\Run: [BMcb145d57] Rundll32.exe "C:\WINDOWS\system32\jghyngmo.dll",s
O4 - HKLM\..\Run: [c8276ecb] rundll32.exe "C:\WINDOWS\system32\viinfcgh.dll",b
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O23 - Service: Abel - Unknown owner - D:\Cain\Abel.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

to usuwasz ręcznie z dysku

_Darex_ napisał(a):C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\viinfcgh.dll
C:\WINDOWS\system32\ybpvyhlm.dll

otwórz notatnik i wklej w nim:

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e95414f-f2b2-11dc-9138-0016e652415c}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{248534be-04b7-11dd-91e2-0016e652415c}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

potem nowy log z DSS;a

**Posty:** 16 · przez **_Darex_** 11 Maj 2008, 09:58

Tylko ehm, jak coś to nie mogłem tych wpisów znaleźc w hijacku żeby fixować je:

Kod: Zaznacz wszystko: O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: (no name) - {9DED1B21-EBD1-4E5C-A06E-C61228764E79} - C:\WINDOWS\system32\ssttu.dll O4 - HKLM\..\Run: [c8276ecb] rundll32.exe "C:\WINDOWS\system32\viinfcgh.dll",b

Resztę usunąłem :]. A tu log z DSS'a:

Kod: Zaznacz wszystko: Deckard's System Scanner v20071014.68 Run by Gwidon on 2008-04-12 02:57:58 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red]System Drive C: has 2.72 GiB (less than 15%) free.[/color] -- HijackThis (run as Gwidon.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:58:04, on 2008-04-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Icecast2 Win32\icecastService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\PSIService.exe D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe D:\FRAPS\FRAPS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wscntfy.exe D:\kRk Software\GG Tools\GGT.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Gadu-Gadu\gg.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Winamp\winamp.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Documents and Settings\Gwidon\Pulpit\dss.exe D:\HIJACK~1\Gwidon.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O2 - BHO: (no name) - {C6DB8EF8-073E-42BA-8D09-86BA81CBA9DE} - C:\WINDOWS\system32\ssttu.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\program files\steganos internet anonym 2006\sia2006iep.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "D:\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [BearFlix] "D:\BearFlix\BearFlix.exe" /pause O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [c8276ecb] rundll32.exe "C:\WINDOWS\system32\ftkfvgew.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AnyDVD] D:\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [GoD] "D:\GoD\GoD.exe" /tray O4 - HKCU\..\Run: [VS Online] C:\VSOnline.exe /tray O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [GG Tools] "D:\kRk Software\GG Tools\GGT.exe" /tray O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rozmowa.lnk = D:\System syntezy mowy\rozmowy.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYSE O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C05AA5D-E5F8-46B2-B6C9-D075058806A2}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 13914 bytes -- Files created between 2008-03-12 and 2008-04-12 ----------------------------- 2008-04-13 02:26:16 0 d-------- C:\Program Files\Bonjour 2008-04-13 02:20:08 0 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-04-12 07:16:04 0 d-------- C:\Program Files\Secure Surfing Engine 2008-04-12 07:16:00 0 d-------- C:\Program Files\Steganos Internet Anonym 2006 2008-04-11 10:20:02 91712 --a------ C:\WINDOWS\system32\ftkfvgew.dll 2008-04-11 10:17:49 2112 --a------ C:\WINDOWS\system32\jcdrdmim.exe 2008-04-11 10:17:43 100416 --a------ C:\WINDOWS\system32\syeecvlh.dll 2008-04-10 10:57:41 0 d-------- C:\Program Files\uTorrent 2008-04-10 08:00:10 0 d-------- C:\Program Files\MSECache 2008-04-05 09:15:38 0 d-------- C:\Program Files\Goolag Scanner 2008-04-04 23:42:18 3580 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-04 23:41:53 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-04 23:41:53 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-04-04 23:41:53 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-04-04 23:41:53 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-04-04 23:41:53 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-04-04 23:41:53 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-04 23:41:53 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-04 23:41:53 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-04 13:24:44 0 d-------- C:\WINDOWS\ERUNT 2008-04-03 12:35:59 0 d-------- C:\Program Files\Common Files\Screaming Bee 2008-04-03 00:51:10 239126 --ahs---- C:\WINDOWS\system32\uttss.ini2 2008-04-03 00:51:04 281600 --a------ C:\WINDOWS\system32\ssttu.dll 2008-04-02 13:07:21 0 d-------- C:\Program Files\Common Files\xing shared 2008-04-02 13:07:06 0 d-------- C:\Program Files\Real 2008-04-02 01:41:32 0 d-------- C:\Documents and Settings\Gwidon\Application Data 2008-04-02 01:41:32 0 d-------- C:\Documents and Settings\Gwidon\Application Data\Syntrillium 2008-04-01 15:35:16 0 d-------- C:\Program Files\Common Files\Reallusion 2008-03-26 10:55:54 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK> 2008-03-26 10:55:54 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire> 2008-03-25 00:46:26 0 d-------- C:\WINDOWS\_$MB6Setup_ 2008-03-23 06:59:09 0 d-------- C:\Program Files\Common Files\Borland Shared 2008-03-22 03:10:43 29696 --a------ C:\WINDOWS\system32\pthread.dll 2008-03-22 03:10:43 78085 --a------ C:\WINDOWS\system32\pattern.dat 2008-03-22 03:10:43 307200 --a------ C:\WINDOWS\system32\fxstudio.dll 2008-03-22 03:10:43 57344 --a------ C:\WINDOWS\system32\eJ_Capture.dll <Not Verified; eJay AG; PrjCapture> 2008-03-22 03:10:43 147519 --a------ C:\WINDOWS\system32\ej_360VideoFX.dll <Not Verified; eJay AG; PrjVideoFX> 2008-03-22 03:10:43 106496 --a------ C:\WINDOWS\system32\DartWeb.dll <Not Verified; Dart Communications; PowerTCP© Tools> 2008-03-22 03:10:43 159744 --a------ C:\WINDOWS\system32\DartSock.dll <Not Verified; Dart Communications; PowerTCP© Tools> 2008-03-22 03:10:38 280576 --a------ C:\WINDOWS\system32\pxd_kom.dll 2008-03-22 03:10:38 45056 --a------ C:\WINDOWS\system32\fader.dll 2008-03-22 03:10:37 75976 --a------ C:\WINDOWS\system32\BASSDEC.dll 2008-03-21 03:17:13 0 d-------- C:\Program Files\Common Files\Corel 2008-03-21 03:14:36 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-21 03:14:36 88 -r-hs---- C:\WINDOWS\system32\8F51133FB5.sys 2008-03-20 05:35:28 0 d-------- C:\Program Files\Jasc Software Inc 2008-03-20 00:03:53 45 ---h----- C:\WINDOWS\dsez9936.dat 2008-03-15 11:25:21 30720 --a------ C:\WINDOWS\whois.exe 2008-03-15 11:25:21 248939 --a------ C:\WINDOWS\trace.bat 2008-03-15 11:25:21 184832 --a------ C:\WINDOWS\nslookup.exe 2008-03-15 11:25:21 59392 --a------ C:\WINDOWS\nc.exe 2008-03-15 11:25:21 1439 --a------ C:\WINDOWS\getdns.bat 2008-03-15 11:25:21 81668 --a------ C:\WINDOWS\BFR.EXE 2008-03-14 14:31:38 304182 --a------ C:\StiImg.dat 2008-03-14 14:02:44 0 d-------- C:\Program Files\Skype 2008-03-14 14:02:44 0 d-------- C:\Program Files\Common Files\Skype 2008-03-14 06:51:06 0 d-------- C:\Program Files\Common Files\Macromedia Shared 2008-03-14 06:50:08 0 d-------- C:\Program Files\Common Files\Macromedia -- Find3M Report --------------------------------------------------------------- 2008-04-13 09:51:23 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Adobe 2008-04-13 02:27:13 0 d-------- C:\Program Files\QuickTime 2008-04-13 02:26:14 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-13 00:00:18 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Corel 2008-04-12 07:28:06 0 d-------- C:\Program Files\Java 2008-04-12 05:55:40 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Hide IP NG 2008-04-12 02:53:58 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Skype 2008-04-12 01:06:49 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\skypePM 2008-04-11 00:14:19 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-10 16:06:32 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\uTorrent 2008-04-10 07:20:11 0 d-------- C:\Program Files\Opera 2008-04-06 08:35:14 475568 --a------ C:\WINDOWS\system32\perfh015.dat 2008-04-06 08:35:14 85368 --a------ C:\WINDOWS\system32\perfc015.dat 2008-04-04 10:31:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-03 12:38:23 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Screaming Bee 2008-04-03 12:35:59 0 d-------- C:\Program Files\Common Files 2008-04-02 13:34:35 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Real 2008-04-02 13:07:18 0 d-------- C:\Program Files\Common Files\Real 2008-04-02 12:44:53 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Canon 2008-04-02 04:28:10 0 d-------- C:\Program Files\Winamp Remote 2008-04-01 15:42:31 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Reallusion 2008-04-01 15:34:46 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\InstallShield 2008-03-26 10:56:07 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Propellerhead Software 2008-03-21 07:43:21 0 d-------- C:\Program Files\Microsoft Works 2008-03-18 10:55:21 0 d-------- C:\Program Files\Google 2008-03-14 06:54:45 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Macromedia 2008-02-27 09:28:54 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Apple Computer 2008-02-24 11:47:22 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\3DFA -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 14:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6DB8EF8-073E-42BA-8D09-86BA81CBA9DE}] 2008-04-03 00:51 281600 --a------ C:\WINDOWS\system32\ssttu.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 14:06 1135968] [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 09:44 C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [2005-05-03 10:43 C:\WINDOWS\Alcmtr.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 03:20] "nwiz"="nwiz.exe" [2005-06-15 03:20 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 03:20] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 03:00] "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 01:29] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 12:37] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-13 19:43] "CloneCDTray"="D:\SlySoft\CloneCD\CloneCDTray.exe" [] "BearFlix"="D:\BearFlix\BearFlix.exe" [] "WhenUSearch"="C:\Program Files\DAEMON Tools SearchBar\Search.exe" [] "WhenUSearchWHSE"="C:\Program Files\DAEMON Tools SearchBar\whse.exe" [] "WinampAgent"="D:\Winamp\winampa.exe" [2007-10-09 23:28] "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-10-19 13:16] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-18 10:55] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-02 13:07] "c8276ecb"="C:\WINDOWS\system32\ftkfvgew.dll" [2008-04-11 10:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 13:25] "Fraps"="D:\FRAPS\FRAPS.EXE" [2003-05-18 11:32] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:44] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 11:20] "AnyDVD"="D:\SlySoft\AnyDVD\AnyDVD.exe" [] "GoD"="D:\GoD\GoD.exe" [] "VS Online"="C:\VSOnline.exe" [] "DAEMON Tools"="D:\DAEMON Tools\daemon.exe" [] "AlcoholAutomount"="D:\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 04:22] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-22 18:47] "GG Tools"="D:\kRk Software\GG Tools\GGT.exe" [2007-09-17 08:25] "manager"="C:\Windows\System32\drivers\setup\manager.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 10:26] "SIA2006"="C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" [2005-11-09 11:35] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2007-04-04 07:41] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SIA2006"="C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot C:\Documents and Settings\Gwidon\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 12:16:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttu [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ef994f-0ad5-11dc-a713-806d6172696f}] AutoRun\command- E:\setup.exe -- End of Deckard's System Scanner: finished at 2008-04-12 02:58:28 ------------

**Posty:** 18165 · przez **wojtas** 11 Maj 2008, 10:07

zastosuj:

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

oraz te skanery po kilka razy

VundoFix

VirtumundoBeGone

FixVundo

i wróc z nowym logiem z dss

**Posty:** 8001 · przez **Okocza** 11 Maj 2008, 10:48

_Darex_ napisał(a):Resztę usunąłem :]

okocza napisał(a):O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {9DED1B21-EBD1-4E5C-A06E-C61228764E79} - C:\WINDOWS\system32\ssttu.dll
O4 - HKLM\..\Run: [BMcb145d57] Rundll32.exe "C:\WINDOWS\system32\jghyngmo.dll",s
O4 - HKLM\..\Run: [c8276ecb] rundll32.exe "C:\WINDOWS\system32\viinfcgh.dll",b
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O23 - Service: Abel - Unknown owner - D:\Cain\Abel.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

część z tych wpisów cały czas siedzi w komputerze. zrobisz to kasując je w awaryjnym z wyłączonym przywracaniem, jeśli nie to w zwykłym z wyłączonym przywracaniem.

**Posty:** 16 · przez **_Darex_** 12 Maj 2008, 07:28

Okej, zrobiłem to co mi obaj kazaliście, log z dss'a:

Kod: Zaznacz wszystko: Deckard's System Scanner v20071014.68 Run by Gwidon on 2008-04-13 00:27:03 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red]Percentage of Memory in Use: 83% (more than 75%).[/color] [color=red]System Drive C: has 4.49 GiB (less than 15%) free.[/color] -- HijackThis (run as Gwidon.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:27:13, on 2008-04-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Icecast2 Win32\icecastService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\PSIService.exe D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe D:\FRAPS\FRAPS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\kRk Software\GG Tools\GGT.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\Documents and Settings\Gwidon\Pulpit\FixVundo.exe C:\Documents and Settings\Gwidon\Pulpit\dss.exe D:\HIJACK~1\Gwidon.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0731706B-A118-40E1-917B-ECBD23242FA9} - C:\WINDOWS\system32\ssttu.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\program files\steganos internet anonym 2006\sia2006iep.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "D:\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [BearFlix] "D:\BearFlix\BearFlix.exe" /pause O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BMcb145d57] Rundll32.exe "C:\WINDOWS\system32\cibucdfc.dll",s O4 - HKLM\..\Run: [c8276ecb] rundll32.exe "C:\WINDOWS\system32\rjyynsha.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AnyDVD] D:\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [GoD] "D:\GoD\GoD.exe" /tray O4 - HKCU\..\Run: [VS Online] C:\VSOnline.exe /tray O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [GG Tools] "D:\kRk Software\GG Tools\GGT.exe" /tray O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rozmowa.lnk = D:\System syntezy mowy\rozmowy.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYSE O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C05AA5D-E5F8-46B2-B6C9-D075058806A2}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - D:\QuickTime\QTSystem\Web Vulnerability Scanner 4\WVSScheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 13997 bytes -- Files created between 2008-03-13 and 2008-04-13 ----------------------------- 2008-04-13 02:26:16 0 d-------- C:\Program Files\Bonjour 2008-04-13 02:20:08 0 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-04-13 00:16:31 0 d-------- C:\VundoFix Backups 2008-04-12 12:04:09 91712 --a------ C:\WINDOWS\system32\rjyynsha.dll 2008-04-12 12:01:09 2112 --a------ C:\WINDOWS\system32\hubksnhd.exe 2008-04-12 11:58:56 98368 --a------ C:\WINDOWS\system32\cibucdfc.dll 2008-04-12 07:16:04 0 d-------- C:\Program Files\Secure Surfing Engine 2008-04-12 07:16:00 0 d-------- C:\Program Files\Steganos Internet Anonym 2006 2008-04-11 10:17:49 2112 --a------ C:\WINDOWS\system32\jcdrdmim.exe 2008-04-11 10:17:43 100416 --a------ C:\WINDOWS\system32\syeecvlh.dll 2008-04-10 10:57:41 0 d-------- C:\Program Files\uTorrent 2008-04-10 08:00:10 0 d-------- C:\Program Files\MSECache 2008-04-05 09:15:38 0 d-------- C:\Program Files\Goolag Scanner 2008-04-04 23:42:18 3860 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-04 23:41:53 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-04 23:41:53 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-04-04 23:41:53 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-04-04 23:41:53 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-04-04 23:41:53 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-04-04 23:41:53 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-04 23:41:53 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-04 23:41:53 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-04-04 13:24:44 0 d-------- C:\WINDOWS\ERUNT 2008-04-03 12:35:59 0 d-------- C:\Program Files\Common Files\Screaming Bee 2008-04-03 00:51:10 189783 --ahs---- C:\WINDOWS\system32\uttss.ini2 2008-04-03 00:51:04 281600 --a------ C:\WINDOWS\system32\ssttu.dll 2008-04-02 13:07:21 0 d-------- C:\Program Files\Common Files\xing shared 2008-04-02 13:07:06 0 d-------- C:\Program Files\Real 2008-04-02 01:41:32 0 d-------- C:\Documents and Settings\Gwidon\Application Data 2008-04-02 01:41:32 0 d-------- C:\Documents and Settings\Gwidon\Application Data\Syntrillium 2008-04-01 15:35:16 0 d-------- C:\Program Files\Common Files\Reallusion 2008-03-26 10:55:54 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK> 2008-03-26 10:55:54 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire> 2008-03-25 00:46:26 0 d-------- C:\WINDOWS\_$MB6Setup_ 2008-03-23 06:59:09 0 d-------- C:\Program Files\Common Files\Borland Shared 2008-03-22 03:10:43 29696 --a------ C:\WINDOWS\system32\pthread.dll 2008-03-22 03:10:43 78085 --a------ C:\WINDOWS\system32\pattern.dat 2008-03-22 03:10:43 307200 --a------ C:\WINDOWS\system32\fxstudio.dll 2008-03-22 03:10:43 57344 --a------ C:\WINDOWS\system32\eJ_Capture.dll <Not Verified; eJay AG; PrjCapture> 2008-03-22 03:10:43 147519 --a------ C:\WINDOWS\system32\ej_360VideoFX.dll <Not Verified; eJay AG; PrjVideoFX> 2008-03-22 03:10:43 106496 --a------ C:\WINDOWS\system32\DartWeb.dll <Not Verified; Dart Communications; PowerTCP© Tools> 2008-03-22 03:10:43 159744 --a------ C:\WINDOWS\system32\DartSock.dll <Not Verified; Dart Communications; PowerTCP© Tools> 2008-03-22 03:10:38 280576 --a------ C:\WINDOWS\system32\pxd_kom.dll 2008-03-22 03:10:38 45056 --a------ C:\WINDOWS\system32\fader.dll 2008-03-22 03:10:37 75976 --a------ C:\WINDOWS\system32\BASSDEC.dll 2008-03-21 03:17:13 0 d-------- C:\Program Files\Common Files\Corel 2008-03-21 03:14:36 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-21 03:14:36 88 -r-hs---- C:\WINDOWS\system32\8F51133FB5.sys 2008-03-20 05:35:28 0 d-------- C:\Program Files\Jasc Software Inc 2008-03-20 00:03:53 45 ---h----- C:\WINDOWS\dsez9936.dat 2008-03-15 11:25:21 30720 --a------ C:\WINDOWS\whois.exe 2008-03-15 11:25:21 248939 --a------ C:\WINDOWS\trace.bat 2008-03-15 11:25:21 184832 --a------ C:\WINDOWS\nslookup.exe 2008-03-15 11:25:21 59392 --a------ C:\WINDOWS\nc.exe 2008-03-15 11:25:21 1439 --a------ C:\WINDOWS\getdns.bat 2008-03-15 11:25:21 81668 --a------ C:\WINDOWS\BFR.EXE 2008-03-14 14:31:38 304182 --a------ C:\StiImg.dat 2008-03-14 14:02:44 0 d-------- C:\Program Files\Skype 2008-03-14 14:02:44 0 d-------- C:\Program Files\Common Files\Skype 2008-03-14 06:51:06 0 d-------- C:\Program Files\Common Files\Macromedia Shared 2008-03-14 06:50:08 0 d-------- C:\Program Files\Common Files\Macromedia -- Find3M Report --------------------------------------------------------------- 2008-04-13 09:51:23 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Adobe 2008-04-13 02:27:13 0 d-------- C:\Program Files\QuickTime 2008-04-13 02:26:14 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-13 00:14:48 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\skypePM 2008-04-13 00:14:42 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Skype 2008-04-13 00:00:18 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Corel 2008-04-12 07:28:06 0 d-------- C:\Program Files\Java 2008-04-12 05:55:40 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Hide IP NG 2008-04-11 00:14:19 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-10 16:06:32 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\uTorrent 2008-04-10 07:20:11 0 d-------- C:\Program Files\Opera 2008-04-06 08:35:14 475568 --a------ C:\WINDOWS\system32\perfh015.dat 2008-04-06 08:35:14 85368 --a------ C:\WINDOWS\system32\perfc015.dat 2008-04-04 10:31:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-03 12:38:23 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Screaming Bee 2008-04-03 12:35:59 0 d-------- C:\Program Files\Common Files 2008-04-02 13:34:35 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Real 2008-04-02 13:07:18 0 d-------- C:\Program Files\Common Files\Real 2008-04-02 12:44:53 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Canon 2008-04-02 04:28:10 0 d-------- C:\Program Files\Winamp Remote 2008-04-01 15:42:31 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Reallusion 2008-04-01 15:34:46 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\InstallShield 2008-03-26 10:56:07 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Propellerhead Software 2008-03-21 07:43:21 0 d-------- C:\Program Files\Microsoft Works 2008-03-18 10:55:21 0 d-------- C:\Program Files\Google 2008-03-14 06:54:45 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Macromedia 2008-02-27 09:28:54 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\Apple Computer 2008-02-24 11:47:22 0 d-------- C:\Documents and Settings\Gwidon\Dane aplikacji\3DFA -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0731706B-A118-40E1-917B-ECBD23242FA9}] 2008-04-03 00:51 281600 --a------ C:\WINDOWS\system32\ssttu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 14:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 14:06 1135968] [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 09:44 C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [2005-05-03 10:43 C:\WINDOWS\Alcmtr.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 03:20] "nwiz"="nwiz.exe" [2005-06-15 03:20 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 03:20] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 03:00] "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 01:29] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 12:37] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-13 19:43] "CloneCDTray"="D:\SlySoft\CloneCD\CloneCDTray.exe" [] "BearFlix"="D:\BearFlix\BearFlix.exe" [] "WhenUSearch"="C:\Program Files\DAEMON Tools SearchBar\Search.exe" [] "WhenUSearchWHSE"="C:\Program Files\DAEMON Tools SearchBar\whse.exe" [] "WinampAgent"="D:\Winamp\winampa.exe" [2007-10-09 23:28] "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-10-19 13:16] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-18 10:55] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-02 13:07] "BMcb145d57"="C:\WINDOWS\system32\cibucdfc.dll" [2008-04-12 11:58] "c8276ecb"="C:\WINDOWS\system32\rjyynsha.dll" [2008-04-12 12:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 13:25] "Fraps"="D:\FRAPS\FRAPS.EXE" [2003-05-18 11:32] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:44] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 11:20] "AnyDVD"="D:\SlySoft\AnyDVD\AnyDVD.exe" [] "GoD"="D:\GoD\GoD.exe" [] "VS Online"="C:\VSOnline.exe" [] "DAEMON Tools"="D:\DAEMON Tools\daemon.exe" [] "AlcoholAutomount"="D:\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-07-02 04:22] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-22 18:47] "GG Tools"="D:\kRk Software\GG Tools\GGT.exe" [2007-09-17 08:25] "manager"="C:\Windows\System32\drivers\setup\manager.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 10:26] "SIA2006"="C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" [2005-11-09 11:35] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2007-04-04 07:41] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SIA2006"="C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot C:\Documents and Settings\Gwidon\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 12:16:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttu -- End of Deckard's System Scanner: finished at 2008-04-13 00:27:59 ------------

**Posty:** 18165 · przez **wojtas** 12 Maj 2008, 07:38

Kod: Zaznacz wszystko: R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: (no name) - {0731706B-A118-40E1-917B-ECBD23242FA9} - C:\WINDOWS\system32\ssttu.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [BearFlix] "D:\BearFlix\BearFlix.exe" /pause O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" O4 - HKLM\..\Run: [BMcb145d57] Rundll32.exe "C:\WINDOWS\system32\cibucdfc.dll",s O4 - HKLM\..\Run: [c8276ecb] rundll32.exe "C:\WINDOWS\system32\rjyynsha.dll",b

Uruchamiasz HijackThis => klikasz Do a system scan only => pokaże się lista wpisów => stawiasz ptaszek przy wpisach, które wymieniłem => klikasz Fix checked i potwierdzasz usunięcie.

Ściągnij OTMoveIt W okienko po lewej Paste List of Files/Folders to be Moved wklej

C:\VundoFix Backups
C:\WINDOWS\system32\rjyynsha.dll
C:\WINDOWS\system32\hubksnhd.exe
C:\WINDOWS\system32\cibucdfc.dll
C:\WINDOWS\system32\jcdrdmim.exe
C:\WINDOWS\system32\syeecvlh.dll
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\dsez9936.dat
C:\WINDOWS\whois.exe
C:\WINDOWS\trace.bat
C:\WINDOWS\nslookup.exe
C:\WINDOWS\nc.exe
C:\WINDOWS\getdns.bat
C:\WINDOWS\BFR.EXE
C:\StiImg.dat

Następnie naciskamy - MoveIt!. Pliki zostały przeniesione. Wynik operacji zobaczymy w prawym oknie Results.
Po całej operacji należy zresetować komputer

potem wracasz z nowym logiem z dss'a

zmasowany atak x.x

zmasowany atak x.x

Więc....

Kto jest na forum