"Your computer may be victim of a DNS Hijack: 85.255.x

Proszę o sparwdzenie loga ze SmitFraudFix. Podczas skanowania pojawiło sie okno alertu z informacją:

"Your computer may be victim of a DNS Hijack: 85.255.x.x

NVIDIA nForce Networking Controller - Sterownik miniport Harmonogramu pakietów

Do you want to set your network to dynamic -DHCP-Server? (yes/no)"

Co to jest? I czy kolejnym razem mam zaznaczać “yes” czy “no” (dotąd zaznaczałem “no”, z uwagi na powiązanie tego czegoś z NVIDIA nForce)

Poniżej log ze SmitFraudFix:

SmitFraudFix v2.166


Scan done at 15:34:22,40, 2007-04-10

Run from C:\Documents and Settings\scythe\Pulpit\Nowy folder\SmitfraudFix

OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT

The filesystem type is FAT32

Fix run in normal mode


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Killing process



»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost 


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix


GenericRenosFix by S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files



»»»»»»»»»»»»»»»»»»»»»»»» DNS


Description: Motorola SURFboard SB5100 USB Cable Modem - Sterownik miniport Harmonogramu pakietów

DNS Server Search Order: 194.149.240.13


Your computer may be victim of a DNS Hijack: 85.255.x.x detected !


Description: NVIDIA nForce Networking Controller - Sterownik miniport Harmonogramu pakietów

DNS Server Search Order: 85.255.115.50

DNS Server Search Order: 85.255.112.172


HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B3E1729-F8AB-4CD3-9BA8-99DBF964B3BD}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CCS\Services\Tcpip\..\{65E94285-656B-4748-9F05-E50415BBC518}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CCS\Services\Tcpip\..\{85F196E8-92FD-4C59-89BA-CD6A665306E4}: DhcpNameServer=194.149.240.13

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CC721BF6-08B5-4CEB-9498-1236183AC472}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B3E1729-F8AB-4CD3-9BA8-99DBF964B3BD}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS1\Services\Tcpip\..\{65E94285-656B-4748-9F05-E50415BBC518}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS1\Services\Tcpip\..\{85F196E8-92FD-4C59-89BA-CD6A665306E4}: DhcpNameServer=194.149.240.13

HKLM\SYSTEM\CS1\Services\Tcpip\..\{CC721BF6-08B5-4CEB-9498-1236183AC472}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B3E1729-F8AB-4CD3-9BA8-99DBF964B3BD}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS3\Services\Tcpip\..\{65E94285-656B-4748-9F05-E50415BBC518}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS3\Services\Tcpip\..\{85F196E8-92FD-4C59-89BA-CD6A665306E4}: DhcpNameServer=194.149.240.13

HKLM\SYSTEM\CS3\Services\Tcpip\..\{CC721BF6-08B5-4CEB-9498-1236183AC472}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.149.240.13

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.149.240.13

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.149.240.13



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"system"=""



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Registry Cleaning done. 


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» End[/code]

Użyj narzędzia FixWareOut.

Użyj ponownie SmitFraudFix ale tym razem z opcji 2 w trybie awaryjnym.

Po wykonaniu pokaż log z HijackThis, SilentRunners oraz zawartość pliku c:\rapport.txt

HiJackThis:

Logfile of HijackThis v1.99.1

Scan saved at 16:24:51, on 2007-04-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program files\Gadu-Gadu\gg.exe

C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe

C:\Documents and Settings\scythe\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: SysInfoMyWork.lnk = C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O15 - Trusted Zone: http://arcaonline.arcabit.com

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153158758250

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://E:\RA\CdViewer.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

SR:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""D:\Program files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{FFFFFEF0-5B30-21D4-945D-000000000000}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\STARDO~1\SDIEInt.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ICEOWS"

  -> {HKLM...CLSID} = "Folder Iceows"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"

  -> {HKLM...CLSID} = "ZLAVShExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"

  -> {HKLM...CLSID} = "Folder Iceows"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"

  -> {HKLM...CLSID} = "ZLAVShExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ICEOWS\(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"

  -> {HKLM...CLSID} = "Folder Iceows"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\IceGUI.dll" ["Raphaël MOUNIER"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"

  -> {HKLM...CLSID} = "ZLAVShExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\scythe\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "scythe" & "All Users" startup folders:

----------------------------------------------------------


C:\Documents and Settings\scythe\Menu Start\Programy\Autostart

"SysInfoMyWork" -> shortcut to: "C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe" ["Vetch Utilities"]


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZONELABS\vsmon.exe -service" ["Zone Labs, LLC"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 43 seconds.

---------- (total run time: 90 seconds)

No i na koniec raport:

SmitFraudFix v2.166


Scan done at 16:16:37,01, 2007-04-10

Run from C:\Documents and Settings\scythe\Pulpit\Nowy folder\SmitfraudFix

OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT

The filesystem type is FAT32

Fix run in safe mode


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Killing process



»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost 


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix


GenericRenosFix by S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files



»»»»»»»»»»»»»»»»»»»»»»»» DNS


HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B3E1729-F8AB-4CD3-9BA8-99DBF964B3BD}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CCS\Services\Tcpip\..\{65E94285-656B-4748-9F05-E50415BBC518}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CCS\Services\Tcpip\..\{85F196E8-92FD-4C59-89BA-CD6A665306E4}: DhcpNameServer=194.149.240.13

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CC721BF6-08B5-4CEB-9498-1236183AC472}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B3E1729-F8AB-4CD3-9BA8-99DBF964B3BD}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS1\Services\Tcpip\..\{65E94285-656B-4748-9F05-E50415BBC518}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS1\Services\Tcpip\..\{85F196E8-92FD-4C59-89BA-CD6A665306E4}: DhcpNameServer=194.149.240.13

HKLM\SYSTEM\CS1\Services\Tcpip\..\{CC721BF6-08B5-4CEB-9498-1236183AC472}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B3E1729-F8AB-4CD3-9BA8-99DBF964B3BD}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS3\Services\Tcpip\..\{65E94285-656B-4748-9F05-E50415BBC518}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CS3\Services\Tcpip\..\{85F196E8-92FD-4C59-89BA-CD6A665306E4}: DhcpNameServer=194.149.240.13

HKLM\SYSTEM\CS3\Services\Tcpip\..\{CC721BF6-08B5-4CEB-9498-1236183AC472}: DhcpNameServer=85.255.115.50,85.255.112.172

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.149.240.13

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.149.240.13

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.149.240.13



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"system"=""



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Registry Cleaning done. 


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» End[/code]

Już jest Ok :slight_smile:

Dzięki adam9870! :slight_smile:

Pozdrawiam