Ikonka zniknęła.Alt.ok.
Dziękuję.
Oto logi po wykonanych zaleceniach.
Logfile of HijackThis v1.99.1
Scan saved at 15:18:39, on 2007-05-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\windows\System32\smss.exe
D:\windows\system32\winlogon.exe
D:\windows\system32\services.exe
D:\windows\system32\lsass.exe
D:\windows\system32\svchost.exe
D:\windows\System32\svchost.exe
D:\windows\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\windows\system32\ctfmon.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\windows\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\windows\System32\svchost.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\MOZILL~1\firefox.exe
D:\Documents and Settings\admin\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\AcrobatReader 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - D:\Program Files\DIALux 3.1\DLXShellExtension.dll
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [loaddll] loaddll.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "D:\Program Files\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: Skrót do ashDisp.lnk = D:\Program Files\Alwil Software\Avast4\ashDisp.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://82.160.71.201/AL/WinWebPush.cab
O18 - Protocol: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - D:\Program Files\DIALux 3.1\DLXToolBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - D:\Program Files\Nero\InCD\InCDsrv.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "D:\windows\system32\ctfmon.exe" [MS]
"RealPlayer" = ""D:\Program Files\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot" ["RealNetworks, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"TkBellExe" = ""D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"loaddll" = "loaddll.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "D:\Program Files\AcrobatReader 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DIALux 3.1 ULDBrowserHelper Class"
\InProcServer32\(Default) = "D:\Program Files\DIALux 3.1\DLXShellExtension.dll" ["DIAL GmbH, Germany"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "D:\PROGRA~1\ALCOCH~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "D:\Program Files\Nero\InCD\incdshx.dll" [file not found]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "D:\Program Files\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "D:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{7EFFF3DD-71B3-11D4-A25E-005056DCFB89}" = "DIALux 2.0 ULDShellHandler Class"
-> {HKLM...CLSID} = "DIALux 2.0 ULDShellHandler Class"
\InProcServer32\(Default) = "D:\Program Files\DIALux 3.1\DLXShellExtension.dll" ["DIAL GmbH, Germany"]
"{7889C2D5-D128-43e2-A8D8-A7590A12C8B3}" = "DIALux 2.0 DLXShellHandler Class"
-> {HKLM...CLSID} = "DIALux 2.0 DLXShellHandler Class"
\InProcServer32\(Default) = "D:\Program Files\DIALux 3.1\DLXShellExtension.dll" ["DIAL GmbH, Germany"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<> "{716002db-288c-4bf0-80cd-a467e78d8b55}" = "depreciable"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\windows\system32\dxovx.dll" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<> "AppInit_DLLs" = "sockspy.dll" [null data]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
DIALux20\(Default) = "{7EFFF3DD-71B3-11D4-A25E-005056DCFB89}"
-> {HKLM...CLSID} = "DIALux 2.0 ULDShellHandler Class"
\InProcServer32\(Default) = "D:\Program Files\DIALux 3.1\DLXShellExtension.dll" ["DIAL GmbH, Germany"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "D:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\windows\System32\logon.scr" [MS]
Startup items in "admin" & "All Users" startup folders:
-------------------------------------------------------
D:\Documents and Settings\admin\Menu Start\Programy\Autostart
"Skrót do ashDisp" -> shortcut to: "D:\Program Files\Alwil Software\Avast4\ashDisp.exe" ["ALWIL Software"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_05"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "D:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
BitDefender Communicator, XCOMM, ""D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
BitDefender Scan Server, bdss, ""D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Keyboard Driver Filters:
------------------------
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <> "msikbd2k" ["Netropa Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 223 seconds, including 18 seconds for message boxes)
SmitFraudFix v2.181
Scan done at 14:57:45,02, 2007-05-13
Run from D:\Documents and Settings\admin\Pulpit\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"
[HKEY_CLASSES_ROOT\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
@="D:\windows\system32\dxovx.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
@="D:\windows\system32\dxovx.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
D:\windows\system32\dxovx.dll -> Hoax.Win32.Renos.gen.m
D:\windows\system32\dxovx.dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
D:\Program Files\Video AX Object\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Karta SURECOM EP-320X-R 100/10/M PCI Adapter - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 85.31.224.10
DNS Server Search Order: 85.31.224.11
DNS Server Search Order: 217.17.34.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2FE0D35D-A7DC-497F-A781-4F6863D851F5}: DhcpNameServer=85.255.114.43,85.255.112.165
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A3E13903-48CD-459F-8E69-EEDE4DC1C02F}: DhcpNameServer=85.31.224.10 85.31.224.11 217.17.34.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2FE0D35D-A7DC-497F-A781-4F6863D851F5}: DhcpNameServer=85.255.114.43,85.255.112.165
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A3E13903-48CD-459F-8E69-EEDE4DC1C02F}: DhcpNameServer=85.31.224.10 85.31.224.11 217.17.34.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2FE0D35D-A7DC-497F-A781-4F6863D851F5}: DhcpNameServer=85.255.114.43,85.255.112.165
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A3E13903-48CD-459F-8E69-EEDE4DC1C02F}: DhcpNameServer=87.204.188.2 217.17.34.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.31.224.10 85.31.224.11 217.17.34.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.31.224.10 85.31.224.11 217.17.34.10
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=87.204.188.2 217.17.34.10
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
[/code]
[code] Fixwareout Last edited 4/5/2007 Post this report in the forums please … »»»»»Prerun check HKLM\SOFTWARE~\Winlogon\ “System”=“kdtdn.exe” »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “system”="" … … »»»»» Misc files. … »»»»» Checking for older varients. … Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL’S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other D:\WINDOWS\Temp\kdtdn.ren 63365 2004-08-04 »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TkBellExe”="“D:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" “loaddll”=“loaddll.exe” [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“D:\windows\system32\ctfmon.exe” “RealPlayer”="“D:\Program Files\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot" … Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
Proszę o ocenę czy wszystko w porządku.