Spyware alert... I nie tylko

ones · 20 Listopad 2007 23:56

Witam!

Co chwile wyskakuje mi alert abym uruchomił odpowiednią stronę i ściągnoł program… W paneli bocznym także wyskakuje krzyżyk z Alertem…

Także tapeta czasem zmienia się…

Wiadomo o co chodzi?

Log z hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 00:51:13, on 2007-11-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\Program Files\VDOTool\TBPanel.exe

H:\Program Files\Multimedia Card Reader\shwicon2k.exe

H:\WINDOWS\system32\RUNDLL32.EXE

H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

H:\PROGRA~1\NEOSTR~1\CnxMon.exe

H:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

H:\Program Files\Eset\nod32kui.exe

H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

H:\Program Files\Bonjour\mDNSResponder.exe

H:\Program Files\Eset\nod32krn.exe

H:\WINDOWS\System32\nvsvc32.exe

I:\Alcohol 120\StarWind\StarWindService.exe

H:\WINDOWS\System32\svchost.exe

H:\Program Files\PC Connectivity Solution\ServiceLayer.exe

H:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

H:\Program Files\Gadu-Gadu\gg.exe

I:\Winamp\winamp.exe

H:\Program Files\Mozilla Firefox\firefox.exe

H:\Documents and Settings\ones\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - H:\WINDOWS\bndsrfst.dll (file missing)

O2 - BHO: MSVPS System - {31E3F653-ED88-4355-B83E-FB263CD355E3} - H:\WINDOWS\popnetnpr.dll

O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - H:\Program Files\GetRight\xx2gr.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - H:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - H:\Program Files\Save Flash\SaveFlash.dll

O3 - Toolbar: The jokwmp - {9E004C23-5424-4C79-BAFE-C2B3460ECB56} - H:\WINDOWS\jokwmp.dll

O4 - HKLM\..\Run: [Gainward] H:\Program Files\VDOTool\TBPanel.exe /A

O4 - HKLM\..\Run: [Sunkist2k] H:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [WooCnxMon] H:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] H:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] H:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [nod32kui] "H:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\adobe reader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "H:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "H:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "H:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [AdobeUpdater] H:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - Startup: hamachi.lnk = H:\Program Files\Hamachi\hamachi.exe

O4 - Startup: UniSpiker-2.6.lnk = ?

O4 - Global Startup: GetRight - Tray Icon.lnk = H:\Program Files\GetRight\getright.exe

O8 - Extra context menu item: Download with GetRight - H:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Open with GetRight Browser - H:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: h:\program files\bonjour\mdnsnsp.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{928D5777-F110-4468-B6E6-EEA7395621C3}: NameServer = 192.168.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - H:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: msvb - {909FC493-8A51-47ED-9F6C-036773A76A06} - H:\WINDOWS\msvb.dll (file missing)

O21 - SSODL: sysdx - {484736F2-86B3-48A5-B405-A32CC723BAFA} - H:\WINDOWS\sysdx.dll (file missing)

O21 - SSODL: sapnet - {4C1073CF-4F56-4E84-A4BA-8DE17D46D2E2} - H:\WINDOWS\sapnet.dll

O21 - SSODL: rmvgor - {69B07BFC-461B-463C-AF17-78A7588027C8} - H:\WINDOWS\rmvgor.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - H:\Documents and Settings\ones\Pulpit\D2GS-111b(21)\D2GSSVC.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - H:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - J:\MOHA GRA\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Alcohol 120\StarWind\StarWindService.exe

Co jeszcze dodać? Chciałbym się go pozbyć;/

Złączono Posta : 21.11.2007 (Sro) 8:25

Oto log z DSS:

Deckard’s System Scanner v20071014.68 Run by ones on 2007-11-21 08:23:01 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created a Deckard’s System Scanner Restore Point. – Last 2 Restore Point(s) – 2: 2007-11-21 07:23:03 UTC - RP124 - Deckard’s System Scanner Restore Point 1: 2007-11-21 07:21:51 UTC - RP123 - Punkt kontrolny systemu Backed up registry hives. Performed disk cleanup. – HijackThis (run as ones.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 08:23:35, on 2007-11-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\Program Files\Bonjour\mDNSResponder.exe H:\Program Files\Eset\nod32krn.exe H:\WINDOWS\System32\nvsvc32.exe J:\MOHA GRA\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe I:\Alcohol 120\StarWind\StarWindService.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\Explorer.EXE H:\Program Files\VDOTool\TBPanel.exe H:\Program Files\Multimedia Card Reader\shwicon2k.exe H:\WINDOWS\system32\RUNDLL32.EXE H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe H:\PROGRA~1\NEOSTR~1\CnxMon.exe H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe H:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe H:\Program Files\Eset\nod32kui.exe H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe H:\WINDOWS\RTHDCPL.EXE H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe H:\Program Files\PC Connectivity Solution\ServiceLayer.exe H:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe H:\Documents and Settings\ones\Pulpit\dss.exe H:\DOCUME~1\ones\Pulpit\HIJACK~1\ones.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: MSVPS System - {31E3F653-ED88-4355-B83E-FB263CD355E3} - H:\WINDOWS\popnetnpr.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - H:\Program Files\GetRight\xx2gr.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - H:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - H:\Program Files\Save Flash\SaveFlash.dll O3 - Toolbar: The jokwmp - {9E004C23-5424-4C79-BAFE-C2B3460ECB56} - H:\WINDOWS\jokwmp.dll O4 - HKLM…\Run: [Gainward] H:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM…\Run: [sunkist2k] H:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [sSBkgdUpdate] “H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot O4 - HKLM…\Run: [OpwareSE4] “H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe” O4 - HKLM…\Run: [WooCnxMon] H:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] H:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] H:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [nod32kui] “H:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [sunJavaUpdateSched] “H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “I:\adobe reader\Reader\Reader_sl.exe” O4 - HKLM…\Run: [GrooveMonitor] “H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [scanSoft OmniPage SE 4.0-reminder] “H:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe” -r “H:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini” O4 - HKLM…\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU…\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “H:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [DAEMON Tools] “H:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [DAEMON Tools Pro Agent] “H:\Program Files\DAEMON Tools Pro\DTProAgent.exe” O4 - HKCU…\Run: [AdobeUpdater] H:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - Startup: hamachi.lnk = H:\Program Files\Hamachi\hamachi.exe O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: GetRight - Tray Icon.lnk = H:\Program Files\GetRight\getright.exe O8 - Extra context menu item: Download with GetRight - H:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Open with GetRight Browser - H:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: h:\program files\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip…{928D5777-F110-4468-B6E6-EEA7395621C3}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - H:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: sapnet - {4C1073CF-4F56-4E84-A4BA-8DE17D46D2E2} - H:\WINDOWS\sapnet.dll O21 - SSODL: rmvgor - {69B07BFC-461B-463C-AF17-78A7588027C8} - H:\WINDOWS\rmvgor.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - H:\Documents and Settings\ones\Pulpit\D2GS-111b(21)\D2GSSVC.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - H:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - J:\MOHA GRA\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Alcohol 120\StarWind\StarWindService.exe – File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 lirsgt - h:\windows\system32\drivers\lirsgt.sys R3 SunkFilt (Alcor Micro Corp Reader) - h:\windows\system32\drivers\sunkfilt.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - “h:\program files\bonjour\mdnsresponder.exe” R3 ServiceLayer - “h:\program files\pc connectivity solution\servicelayer.exe” S2 D2GS (Diablo II Close Game Server) - h:\documents and settings\ones\pulpit\d2gs-111b(21)\d2gssvc.exe (file missing) S3 FLEXnet Licensing Service - “h:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe” – Device Manager: Disabled ---------------------------------------------------- No disabled devices found. – Files created between 2007-10-21 and 2007-11-21 ----------------------------- 2007-11-21 00:36:15 0 d-------- H:\WINDOWS\privacy_danger 2007-11-20 19:31:21 0 d-------- H:\Program Files\American Conquest 2007-11-20 19:13:48 335872 --a------ H:\WINDOWS\sapnet.dll 2007-11-20 19:13:48 290816 --a------ H:\WINDOWS\rmvgor.dll 2007-11-20 19:13:48 290816 --a------ H:\WINDOWS\popnetnpr.dll 2007-11-20 19:13:48 151552 --a------ H:\WINDOWS\nethop.exe 2007-11-20 19:13:48 192512 --a------ H:\WINDOWS\jokwmp.dll 2007-11-20 19:03:38 0 d-------- H:\Program Files\American Conquest - Odwet 2007-11-20 00:00:25 0 d-------- H:\Program Files\Common Files\PCSuite 2007-11-20 00:00:24 0 d-------- H:\Program Files\Common Files\Nokia 2007-11-20 00:00:17 0 d-------- H:\Program Files\DIFX 2007-11-20 00:00:11 0 d-------- H:\Program Files\PC Connectivity Solution 2007-11-20 00:00:01 0 d-------- H:\Program Files\Nokia 2007-11-19 22:43:30 0 d-------- H:\Program Files\directx 2007-11-19 16:35:28 287504 --a------ H:\WINDOWS\system32\MSXBSE.dll 2007-11-19 16:35:28 252176 --a------ H:\WINDOWS\system32\MSRD2X35.dll 2007-11-19 16:35:28 327680 --a------ H:\WINDOWS\system32\DartZip.dll 2007-11-19 16:35:28 221184 --a------ H:\WINDOWS\system32\DartSock.dll 2007-11-19 16:35:28 196608 --a------ H:\WINDOWS\system32\DartSecureFtp.dll 2007-11-19 16:35:28 196608 --a------ H:\WINDOWS\system32\DartSecure2.dll 2007-11-19 16:35:28 196608 --a------ H:\WINDOWS\system32\DartFtp.dll 2007-11-19 16:35:28 155648 --a------ H:\WINDOWS\system32\DartCertificate.dll 2007-11-19 16:35:28 0 d-------- H:\Program Files\SOFTplus 2007-11-19 16:35:27 368912 --a------ H:\WINDOWS\system32\vbar332.dll 2007-11-19 16:35:27 24848 --a------ H:\WINDOWS\system32\MSJTER35.DLL 2007-11-19 16:35:27 123664 --a------ H:\WINDOWS\system32\MSJINT35.DLL 2007-11-19 16:35:27 1046288 --a------ H:\WINDOWS\system32\msjet35.dll 2007-11-10 13:05:34 0 d-------- H:\demo 2007-11-05 21:07:22 0 d-------- H:\Program Files\Common Files\Macromedia Shared 2007-11-05 21:07:21 0 d-------- H:\Program Files\Common Files\Macromedia 2007-11-05 21:07:13 0 d-------- H:\Program Files\Macromedia 2007-11-02 20:05:26 0 d-------- H:\Program Files\WinUHA 2007-10-30 17:23:52 0 d-------- H:\Program Files\RealLoader 2007-10-30 17:23:19 903130 --a------ H:\WINDOWS\IVO Glossary Uninstaller.exe 2007-10-30 17:22:28 0 d-------- H:\WINDOWS\speech 2007-10-30 17:22:20 0 d-------- H:\Program Files\ivo 2007-10-27 09:16:47 0 d-------- H:\WINDOWS\system32\Futuremark 2007-10-27 08:55:49 0 d-------- H:\Documents and Settings\All Users\Application Data 2007-10-27 08:55:49 0 d-------- H:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2007-10-27 08:55:03 0 d-------- H:\Program Files\DAEMON Tools Pro 2007-10-27 08:43:23 0 d-------- H:\Program Files\DAEMON Tools 2007-10-26 22:20:34 0 d-------- H:\WINDOWS\UMediaPlayerActiveXPlugin5 2007-10-26 17:24:53 0 d-------- H:\Program Files\StationPlaylist 2007-10-24 19:59:49 0 d-------- H:\WINDOWS\system32\Color 2007-10-21 20:49:42 0 d-------- H:\WINDOWS\system32\LogFiles 2007-10-21 20:34:46 0 d------c- H:\WINDOWS\system32\DRVSTORE 2007-10-21 20:34:36 0 d-------- H:\WINDOWS\system32\AGEIA 2007-10-21 20:34:35 0 d-------- H:\Program Files\AGEIA Technologies 2007-10-21 20:34:24 0 d-------- H:\Program Files\Common Files\Wise Installation Wizard 2007-10-21 19:50:09 0 d-------- H:\userpatch v1.1s 2007-10-21 14:35:51 0 d-------- H:\Program Files\MGrenda – Find3M Report --------------------------------------------------------------- 2007-11-21 08:18:25 0 d-------- H:\Program Files\GetRight 2007-11-21 08:18:16 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\Hamachi 2007-11-20 19:15:01 0 d–h----- H:\Program Files\InstallShield Installation Information 2007-11-20 19:15:01 0 d-------- H:\Program Files\Common Files 2007-11-20 18:29:49 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\Skype 2007-11-20 00:00:38 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\Nokia 2007-11-20 00:00:15 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\PC Suite 2007-11-17 15:12:07 0 d-------- H:\Program Files\MoorHunt 2007-11-13 17:05:20 0 d-------- H:\Program Files\Neostrada TP 2007-11-07 18:53:02 0 d-------- H:\Program Files\Gadu-Gadu 2007-11-05 21:07:48 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\Macromedia 2007-11-02 21:55:07 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\Adobe 2007-10-29 21:27:57 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\teamspeak2 2007-10-29 15:15:08 3086 --a------ H:\WINDOWS\mozver.dat 2007-10-28 09:24:25 448348 --a------ H:\WINDOWS\system32\perfh015.dat 2007-10-28 09:24:25 74450 --a------ H:\WINDOWS\system32\perfc015.dat 2007-10-27 08:57:56 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\DAEMON Tools Pro 2007-10-26 22:20:36 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\Unreal Streaming 2007-10-18 09:05:46 0 d-------- H:\Program Files\bobyte 2007-10-12 11:50:04 0 d-------- H:\Program Files\Softick 2007-10-11 20:13:55 0 d-------- H:\Program Files\HyCam2 2007-10-06 09:47:02 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\GetRightToGo 2007-10-02 18:46:17 0 d-------- H:\Program Files\Common Files\NSV 2007-09-26 16:23:13 0 d-------- H:\Program Files\Common Files\Blizzard Entertainment 2007-09-24 23:17:26 0 d-------- H:\Documents and Settings\ones\Dane aplikacji\ArcSoft 2007-08-25 14:02:22 237568 --a------ H:\WINDOWS\system32\OggDS.dll 2007-08-25 14:02:02 921600 --a------ H:\WINDOWS\system32\vorbisenc.dll 2007-08-25 14:00:44 1415680 --a------ H:\WINDOWS\system32\WMV9VCM.dll 2007-08-25 13:59:24 245760 --a------ H:\WINDOWS\system32\mplvpx.dll 2007-08-25 13:59:09 9216 --a------ H:\WINDOWS\system32\cpuinf32.dll 2007-08-25 13:58:52 755200 --a------ H:\WINDOWS\system32\ir50_32.dll 2007-08-25 13:55:29 765952 --a------ H:\WINDOWS\system32\xvidcore.dll – Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{31E3F653-ED88-4355-B83E-FB263CD355E3}] 2007-11-20 15:33 290816 --a------ H:\WINDOWS\popnetnpr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gainward”=“H:\Program Files\VDOTool\TBPanel.exe” [2007-06-26 13:58] “Sunkist2k”=“H:\Program Files\Multimedia Card Reader\shwicon2k.exe” [2004-12-10 10:49] “NvCplDaemon”=“H:\WINDOWS\System32\NvCpl.dll” [2007-05-10 23:03] “nwiz”=“nwiz.exe” [2007-05-10 23:03 H:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“H:\WINDOWS\System32\NvMcTray.dll” [2007-05-10 23:03] “SkyTel”=“SkyTel.EXE” [2006-05-16 11:04 H:\WINDOWS\SkyTel.exe] “SSBkgdUpdate”=“H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-09-28 12:16] “OpwareSE4”=“H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe” [2006-10-11 11:45] “WooCnxMon”=“H:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07] “SpeedTouch USB Diagnostics”=“H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 10:38] “WOOWATCH”=“H:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07] “WOOTASKBARICON”=“H:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07] “nod32kui”=“H:\Program Files\Eset\nod32kui.exe” [2007-08-09 23:35] “SunJavaUpdateSched”=“H:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 03:00] “RTHDCPL”=“RTHDCPL.EXE” [2006-11-14 10:21 H:\WINDOWS\RTHDCPL.exe] “Adobe Reader Speed Launcher”=“I:\adobe reader\Reader\Reader_sl.exe” [2007-05-11 02:06] “GrooveMonitor”=“H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 23:47] “ScanSoft OmniPage SE 4.0-reminder”=“H:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe” [2006-09-26 14:38] “PCSuiteTrayApplication”=“H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 13:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“H:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “Gadu-Gadu”=“H:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “swg”=“H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-08-16 09:50] “DAEMON Tools”=“H:\Program Files\DAEMON Tools\daemon.exe” [2007-08-16 12:24] “DAEMON Tools Pro Agent”=“H:\Program Files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 14:08] “AdobeUpdater”=“H:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe” [2007-02-28 22:06] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Nokia.PCSync”=H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog H:\Documents and Settings\ones\Menu Start\Programy\Autostart\ hamachi.lnk - H:\Program Files\Hamachi\hamachi.exe [2007-08-24 23:10:07] UniSpiker-2.6.lnk - H:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2005-07-20 10:23:45] H:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ GetRight - Tray Icon.lnk - H:\Program Files\GetRight\getright.exe [2007-10-06 09:46:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] “vpnxgv”=H:\DOCUME~1\ones\USTAWI~1\Temp\vpnxgv.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “sapnet”= {4C1073CF-4F56-4E84-A4BA-8DE17D46D2E2} - H:\WINDOWS\sapnet.dll [2007-11-20 15:33 335872] “rmvgor”= {69B07BFC-461B-463C-AF17-78A7588027C8} - H:\WINDOWS\rmvgor.dll [2007-11-20 15:33 290816] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @=“Service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @=“Volume shadow copy” – End of Deckard’s System Scanner: finished at 2007-11-21 08:24:16 ------------

LostWorld · 21 Listopad 2007 16:23

Na początek automat , nic nie ściągaj.

Pobierz narzędzie SDFix

*Klikamy 2 krotknie na ikonę SDFix.exe ,program wypakuje się domyślnie do lokalizacji C:\ SDFix

*Wchodzimy do trybu awaryjnego z obsługą sieci:

>>>>>> Jak wejść do trybu awaryjnego z obsługą sieci?

*F8 podczas bootowania systemu.

*Używamy narzędzia BootSafe.exe zaznaczamy opcje Safe Mode- Networking i klikamy reboot

*Gdy już jesteśmy w trybie awaryjnym,wchodzimy do folderu SDFix i uruchamiamy narzędzie klikająć

2-krotnie na plik RunThis.bat lewym przyciskiem myszy.

*Wciskamy Y co uruchomi proces usuwania

*Kiedy proces usuwania się zakończy wciskamy dowolny klawisz>>nastąpi restart.

*Po restarcie SDFix dokończy proces usuwania,kiedy w oknie narzędzia SDFix pojawi się napis Finished

klikamy dowolny klawisz,narzędzie zakończy swoją pracę,na pulpicie załadują się ikony.

*Wchodzimy do folderu SDFix i kopiujemy zawartość pliku tekstowego Report.txt i wklejamy go na forum

Pobierz : SmitFraudFix

Tryb numer 2 i wklejasz raport **(C:\SmitfraudFix.txt).**Oczywiście w trybie awaryjnym.

ones · 21 Listopad 2007 20:32

Raport SDFix…

Teraz jeszcze zajmę się SmitFraudFix

SDFix: Version 1.115


Run by Administrator on 2007-11-21 at 21:24


Microsoft Windows XP [Wersja 5.1.2600]


Running From: H:\SDFix


Safe Mode:

Checking Services: 



Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Default HomePage Value

Restoring Default Desktop Components Value


Rebooting...



Normal Mode:

Checking Files: 


Trojan Files Found:


H:\WINDOWS\privacy_danger\index.htm - Deleted

H:\WINDOWS\privacy_danger\images\capt.gif - Deleted

H:\WINDOWS\privacy_danger\images\danger.jpg - Deleted

H:\WINDOWS\privacy_danger\images\down.gif - Deleted

H:\WINDOWS\privacy_danger\images\spacer.gif - Deleted

H:\WINDOWS\dat.txt - Deleted

H:\WINDOWS\jokwmp.dll - Deleted

H:\WINDOWS\nethop.exe - Deleted

H:\WINDOWS\rmvgor.dll - Deleted

H:\WINDOWS\rs.txt - Deleted

H:\WINDOWS\sapnet.dll - Deleted

H:\WINDOWS\POPNET~1.DLL - Deleted




Folder H:\WINDOWS\privacy_danger - Removed


Removing Temp Files...


ADS Check:


H:\WINDOWS

No streams found. 


H:\WINDOWS\system32

No streams found. 


H:\WINDOWS\system32\svchost.exe

No streams found.


H:\WINDOWS\system32\ntoskrnl.exe

No streams found.




                                 Final Check:


catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-21 21:28:01

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden services & system hive ...


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:e442b469

"s2"=dword:c4de46d6

"h0"=dword:00000002


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="I:\Alcohol 120\"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="H:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000001

"hdf12"=hex:c4,96,c7,de,a6,14,6d,b4,17,da,2d,f9,ba,c8,f1,50,92,cb,59,a3,b1,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

"a0"=hex:20,01,00,00,2f,6b,d7,56,ae,93,19,52,43,f7,96,3f,d1,77,f9,4f,b1,..

"hdf12"=hex:9d,46,0e,ec,ec,fd,e6,ee,ec,b5,cf,70,e4,be,9d,82,f6,65,e5,78,66,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

"hdf12"=hex:5a,be,27,1c,2a,34,bd,99,68,76,27,c4,5b,f3,ba,94,71,99,60,a1,92,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]

"hdf12"=hex:f9,f0,c4,57,f4,82,2f,5f,df,56,ff,96,df,6a,76,7d,97,a7,0a,39,0f,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]

"hdf12"=hex:d7,39,a9,8e,95,a8,91,5d,0b,49,06,79,8e,43,91,91,8f,c2,86,f8,06,..

"a0"=hex:20,01,00,00,ce,02,1a,56,a7,aa,a7,df,ba,54,66,db,6f,23,ce,9f,23,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]

"hdf12"=hex:5a,be,27,1c,2a,34,bd,99,68,76,27,c4,5b,f3,ba,94,71,99,60,a1,92,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]

"hdf12"=hex:83,28,1d,29,d4,4b,5b,9c,69,c0,6a,e2,5f,a8,17,f5,f2,7d,e4,cf,2a,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:df,43,0d,69,da,26,aa,71,c0,c9,ec,02,44,0c,09,62,f3,c6,df,fd,de,..

"p0"="H:\Program Files\DAEMON Tools\"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:bc,0d,1c,e3,e8,38,fe,52,b9,b1,1b,5b,f5,33,85,4b,16,f5,d9,59,d1,..

"a0"=hex:20,01,00,00,4c,76,da,56,fd,bc,33,29,6c,1e,bb,b9,50,9b,f1,9c,42,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:d5,c1,84,09,24,5b,58,33,79,af,3c,d0,08,6f,8d,03,3f,99,ec,dd,b4,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:a7,11,4b,92,d7,ff,33,2d,1e,23,a8,01,ff,33,62,85,5c,7a,f8,b0,ec,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:f2,36,4e,34,87,d8,0c,80,e7,75,14,45,10,e9,1e,be,20,dd,d2,5a,f4,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:2d,fb,9a,8a,78,ff,4a,94,bb,48,89,91,a0,61,85,55,ed,10,85,17,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="I:\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="H:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:9e,70,a1,a0,aa,c4,4f,73,de,50,43,8d,ea,ea,6f,2e,d5,21,05,90,5b,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,67,27,a2,c5,7c,96,75,a2,7b,d0,0b,d3,b9,43,d6,39,79,..

"khjeh"=hex:ec,26,3f,b4,1c,e4,05,b1,b1,b1,10,3a,b1,d6,6c,0d,96,0f,09,43,85,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:bd,b7,fc,6f,51,2d,17,e7,8f,b3,1e,b3,85,d0,6d,62,ac,33,3e,11,55,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:80,a8,55,51,02,82,b5,da,d8,c6,2f,89,45,f6,79,0b,d7,40,d6,cd,15,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="I:\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="H:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000001

"hdf12"=hex:c4,96,c7,de,a6,14,6d,b4,17,da,2d,f9,ba,c8,f1,50,92,cb,59,a3,b1,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

"a0"=hex:20,01,00,00,2f,6b,d7,56,ae,93,19,52,43,f7,96,3f,d1,77,f9,4f,b1,..

"hdf12"=hex:9d,46,0e,ec,ec,fd,e6,ee,ec,b5,cf,70,e4,be,9d,82,f6,65,e5,78,66,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

"hdf12"=hex:5a,be,27,1c,2a,34,bd,99,68,76,27,c4,5b,f3,ba,94,71,99,60,a1,92,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]

"hdf12"=hex:f9,f0,c4,57,f4,82,2f,5f,df,56,ff,96,df,6a,76,7d,97,a7,0a,39,0f,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]

"hdf12"=hex:d7,39,a9,8e,95,a8,91,5d,0b,49,06,79,8e,43,91,91,8f,c2,86,f8,06,..

"a0"=hex:20,01,00,00,ce,02,1a,56,a7,aa,a7,df,ba,54,66,db,6f,23,ce,9f,23,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]

"hdf12"=hex:5a,be,27,1c,2a,34,bd,99,68,76,27,c4,5b,f3,ba,94,71,99,60,a1,92,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]

"hdf12"=hex:83,28,1d,29,d4,4b,5b,9c,69,c0,6a,e2,5f,a8,17,f5,f2,7d,e4,cf,2a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:df,43,0d,69,da,26,aa,71,c0,c9,ec,02,44,0c,09,62,f3,c6,df,fd,de,..

"p0"="H:\Program Files\DAEMON Tools\"


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:bc,0d,1c,e3,e8,38,fe,52,b9,b1,1b,5b,f5,33,85,4b,16,f5,d9,59,d1,..

"a0"=hex:20,01,00,00,4c,76,da,56,fd,bc,33,29,6c,1e,bb,b9,50,9b,f1,9c,42,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:d5,c1,84,09,24,5b,58,33,79,af,3c,d0,08,6f,8d,03,3f,99,ec,dd,b4,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:a7,11,4b,92,d7,ff,33,2d,1e,23,a8,01,ff,33,62,85,5c,7a,f8,b0,ec,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:f2,36,4e,34,87,d8,0c,80,e7,75,14,45,10,e9,1e,be,20,dd,d2,5a,f4,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:2d,fb,9a,8a,78,ff,4a,94,bb,48,89,91,a0,61,85,55,ed,10,85,17,66,..


scanning hidden registry entries ...


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..


scanning hidden files ...


scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0



Remaining Services:

------------------




Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"H:\\Program Files\\Gadu-Gadu\\gg.exe"="H:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"

"H:\\Program Files\\Bonjour\\mDNSResponder.exe"="H:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"J:\\cs\\hl.exe"="J:\\cs\\hl.exe:*:Enabled:Half-Life Launcher"

"H:\\Program Files\\Hamachi\\hamachi.exe"="H:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"

"I:\\eMule\\emule.exe"="I:\\eMule\\emule.exe:*:Enabled:eMule"

"H:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="H:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"H:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="H:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"H:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="H:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"G:\\SetupWizard.exe"="G:\\SetupWizard.exe:*:Enabled:SetupWizard"

"J:\\MOHA GRA\\UnrealEngine3\\Binaries\\MOHA.exe"="J:\\MOHA GRA\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"

"H:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"="H:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

"H:\\Program Files\\FileZilla\\FileZilla.exe"="H:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"

"H:\\Program Files\\Skype\\Phone\\Skype.exe"="H:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"G:\\SetupWizard.exe"="G:\\SetupWizard.exe:*:Enabled:SetupWizard"


Remaining Files:

---------------


File Backups: - H:\SDFix\backups\backups.zip


Files with Hidden Attributes:


Mon 19 Nov 2007 13,256 A..H. --- H:\PULPIT\MAPHACK\AUTOMAP0.TMP

Mon 19 Nov 2007 440 A..H. --- H:\PULPIT\MAPHACK\AUTOMAP1.TMP

Tue 17 Oct 2006 304,736 A..H. --- H:\PROGRA~1\CANON\MPNAVI~1.0\MAINT.EXE

Tue 17 Oct 2006 61,440 A..H. --- H:\PROGRA~1\CANON\MPNAVI~1.0\UINSTRSC.DLL

Wed 21 Nov 2007 328,869 A..H. --- H:\DOCUME~1\ONES\USTAWI~1\TEMP\BIT1155.TMP

Wed 21 Nov 2007 328,869 A..H. --- H:\DOCUME~1\ONES\USTAWI~1\TEMP\BIT2E30.TMP

Sat 13 Oct 2007 328,869 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BIT10F3.TMP

Sat 13 Oct 2007 328,869 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BIT1101.TMP

Wed 21 Nov 2007 328,869 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BIT1155.TMP

Wed 8 Aug 2007 85,946 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BIT1213.TMP

Sat 13 Oct 2007 328,869 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BIT1217.TMP

Wed 8 Aug 2007 85,946 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BIT1A16.TMP

Wed 8 Aug 2007 85,946 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BIT1A17.TMP

Wed 8 Aug 2007 85,946 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BIT1A23.TMP

Tue 20 Nov 2007 335,858 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BIT2E30.TMP

Wed 8 Aug 2007 85,946 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BIT3.TMP

Wed 8 Aug 2007 85,946 A..H. --- H:\DECKARD\SYSTEM~1\BACKUP\DOCUME~1\ONES\USTAWI~1\TEMP\BITF.TMP


Finished!

Złączono Posta _: 21.11.2007 (Sro) 21:40_Log z SmitFraudFix: Wirus usunięty?

SmitFraudFix v2.253


Scan done at 21:36:17,23, 2007-11-21

Run from H:\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Killing process



»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix


S!Ri's WS2Fix: LSP not Found.



»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix


GenericRenosFix by S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files



»»»»»»»»»»»»»»»»»»»»»»»» DNS


Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Sterownik miniport Harmonogramu pakietów

DNS Server Search Order: 192.168.1.1


HKLM\SYSTEM\CCS\Services\Tcpip\..\{928D5777-F110-4468-B6E6-EEA7395621C3}: NameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{928D5777-F110-4468-B6E6-EEA7395621C3}: NameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{928D5777-F110-4468-B6E6-EEA7395621C3}: NameServer=192.168.1.1



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Registry Cleaning done. 


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» End


[/code]

Gutek · 21 Listopad 2007 22:39

Daj log z ComboFix