Your privacy is in danger


(system) #1

witam, kolega ma maly problem, na pulpicie widnieje mu tapeta "Your privacy is in danger..." i nie wie jak to usunac.

wklejam log z combofix:

ComboFix 08-03-18.1 - Adrian 2008-03-19 12:55:33.1 - NTFSx86

(Baldys15) #2

daj loga z hijackthisa


(system) #3
Logfile of Trend Micro HijackThis v2.0.2 

Scan saved at 14:06:47, on 2008-03-19 

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 

Boot mode: Normal 


Running processes: 

C:\WINDOWS\System32\smss.exe 

C:\WINDOWS\system32\winlogon.exe 

C:\WINDOWS\system32\services.exe 

C:\WINDOWS\system32\lsass.exe 

C:\WINDOWS\system32\Ati2evxx.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\System32\svchost.exe 

C:\WINDOWS\system32\spoolsv.exe 

C:\WINDOWS\system32\Ati2evxx.exe 

C:\WINDOWS\Explorer.EXE 

C:\WINDOWS\SOUNDMAN.EXE 

C:\WINDOWS\ALCWZRD.EXE 

C:\Program Files\QuickTime\qttask.exe 

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe 

C:\Program Files\ESET\ESET Smart Security\egui.exe 

C:\WINDOWS\system32\ctfmon.exe 

C:\Program Files\DAEMON Tools Lite\daemon.exe 

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe 

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe 

C:\Program Files\ESET\ESET Smart Security\ekrn.exe 

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 

C:\WINDOWS\system32\wuauclt.exe 

C:\Program Files\totalcmd\TOTALCMD.EXE 

C:\Program Files\Avant Browser\avant.exe 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza 

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll 

O2 - BHO: GNX Rolex - {0DBE46B8-0F18-40F9-9ADB-F9D474D09460} - C:\WINDOWS\drnpfdxoqm.dll 

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll 

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 

O3 - Toolbar: etlrlws - {9AE95C59-B63B-4F78-91FA-9788897A7B54} - C:\WINDOWS\etlrlws.dll 

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe 

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe 

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe 

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE 

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 

O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe 

O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime 

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice 

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') 

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') 

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE 

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm 

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm 

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm 

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) 

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab 

O21 - SSODL: altvxvm - {6FBD6818-52AF-4A4E-80E9-8664C553ACE8} - C:\WINDOWS\altvxvm.dll 

O21 - SSODL: bokpkov - {D22F9D6E-B801-4C8C-9246-82BFD8970570} - C:\WINDOWS\bokpkov.dll (file missing) 

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe 

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe 

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe 

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe 

O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing) 

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 

O24 - Desktop Component 0: (no name) - http://my.jucaushii.ro/wallpapers/content/wallpapers/game_1964/wp_23864_2.jpg 

O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm 


-- 

End of file - 6617 bytes

(Baldys15) #4

sfixuj:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2

O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

zrób scana tym:

http://dobreprogramy.pl/index.php?dz=2& … Build+2522


(system) #5

nie pomoglo, macie jakies inne pomysly??


(bodek32) #6

Zastosuj Smitfraudfix opcja nr 2

po zabiegach dajesz nowy log z hijacka log z combofix i raport ze smitfraudfix


(system) #7

zrobilem tak jak pisaliscie, dalej to samo, wklajam raporty:

ComboFix 08-03-18.1 - Adrian 2008-03-20 16:24:11.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.717 [GMT 0:00]

Running from: C:\Documents and Settings\Adrian\Ustawienia lokalne\Temporary Internet Files\Content.IE5\5CVTLI33\ComboFix[1].exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

.

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))

.

2008-03-20 16:20 . 2008-03-20 16:20 2,576 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-20 16:19 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-03-20 16:19 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-03-20 16:19 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-03-20 16:19 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-03-20 16:19 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-03-20 16:19 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-03-20 16:19 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-03-19 23:00 . 2008-03-19 23:00

2008-03-19 19:30 . 2008-03-19 19:32

2008-03-19 19:30 . 2008-03-19 19:30

2008-03-19 19:30 . 2008-03-19 19:30

2008-03-19 19:30 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-03-19 19:30 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-03-19 19:30 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-03-19 19:30 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-03-19 19:30 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-03-19 14:04 . 2008-03-19 14:04

2008-03-18 20:09 . 2008-03-18 20:27

2008-03-18 19:29 . 2008-03-18 19:29

2008-03-18 19:28 . 2008-03-18 19:28

2008-03-18 19:28 . 2008-03-18 19:28

2008-03-17 01:14 . 2008-03-17 01:14

2008-03-17 01:08 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-03-17 00:57 . 2008-03-17 00:57

2008-03-16 19:08 . 2008-03-16 19:08

2008-03-16 18:36 . 2008-03-16 18:36

2008-03-15 20:56 . 2008-03-15 20:56

2008-03-15 16:40 . 2008-03-19 00:15

2008-03-15 16:40 . 2008-03-15 16:40

2008-03-15 16:03 . 2008-03-15 13:47 262,144 --a------ C:\WINDOWS\drnpfdxoqm.dll

2008-03-15 16:03 . 2008-03-15 13:47 208,896 --a------ C:\WINDOWS\altvxvm.dll

2008-03-15 16:03 . 2008-03-15 13:47 172,032 --a------ C:\WINDOWS\etlrlws.dll

2008-03-15 16:03 . 2008-03-15 13:47 98,304 --a------ C:\WINDOWS\fmsxwqs.exe

2008-03-15 11:02 . 2008-03-15 11:02

2008-03-15 10:56 . 2008-03-15 10:56

2008-03-15 10:52 . 2008-03-15 10:52 22 --a------ C:\WINDOWS\system32\ati64hl2.stb

2008-03-15 10:46 . 2006-02-22 01:05 148,498 --a------ C:\WINDOWS\system32\atmplkxx.hlp

2008-03-15 10:46 . 2006-02-22 01:05 44,430 --a------ C:\WINDOWS\system32\attplkxx.hlp

2008-03-15 10:46 . 2006-02-22 01:05 26,138 --a------ C:\WINDOWS\system32\atfplkxx.hlp

2008-03-15 10:43 . 2005-02-22 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-03-15 10:42 . 2008-03-15 10:42

2008-03-15 10:42 . 2008-03-15 10:42

2008-03-15 10:33 . 2008-03-15 10:34 10 --a------ C:\WINDOWS\WININIT.INI

2008-03-15 10:30 . 2004-08-04 00:44 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax

2008-03-15 10:26 . 2008-03-15 10:26 22 --a------ C:\WINDOWS\system32\ati64hlp.stb

2008-03-15 10:23 . 2005-02-01 21:42 165,888 --a------ C:\WINDOWS\system32\drivers\atinevxx.sys

2008-03-15 10:23 . 2004-10-13 15:04 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc20.cod

2008-03-15 10:23 . 2005-02-01 21:36 33,280 --a–c— C:\WINDOWS\system32\dllcache\ativtmxx.dll

2008-03-15 10:23 . 2005-02-01 21:36 33,280 --a------ C:\WINDOWS\system32\ativtmxx.dll

2008-03-15 10:23 . 2005-02-01 21:36 23,552 --a–c— C:\WINDOWS\system32\dllcache\ativmvxx.ax

2008-03-15 10:23 . 2005-02-01 21:36 23,552 --a------ C:\WINDOWS\system32\ativmvxx.ax

2008-03-15 10:23 . 2005-02-01 21:41 15,360 --a------ C:\WINDOWS\system32\drivers\atinmdxx.sys

2008-03-15 10:23 . 2005-02-01 21:41 15,360 --a–c— C:\WINDOWS\system32\dllcache\atinmdxx.sys

2008-03-15 10:21 . 2008-03-15 10:59

2008-03-15 10:19 . 2008-03-15 10:19 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-03-14 23:20 . 2008-03-14 23:20 6,144 --ahs---- C:\WINDOWS\Thumbs.db

2008-03-14 22:05 . 2008-03-20 16:19 1,209 --a------ C:\WINDOWS\wincmd.ini

2008-03-14 18:18 . 2008-03-14 18:18

2008-03-14 18:17 . 2008-03-14 18:17

2008-03-14 18:17 . 2008-03-14 18:17

2008-03-14 17:35 . 2008-03-14 17:35 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-03-14 17:34 . 2008-03-14 17:36

2008-03-14 17:31 . 2008-03-14 17:33

2008-03-14 17:30 . 2008-03-14 17:30

2008-03-14 17:30 . 2008-03-14 17:30

2008-03-14 17:30 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll

2008-03-14 17:30 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll

2008-03-14 17:30 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll

2008-03-14 17:30 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll

2008-03-14 17:30 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll

2008-03-14 17:30 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll

2008-03-14 17:29 . 2008-03-14 17:29

2008-03-14 17:28 . 2008-03-14 17:28

2008-03-14 17:28 . 2008-03-14 17:29

2008-03-14 17:28 . 2008-03-14 17:31

2008-03-14 15:21 . 2008-03-14 15:21

2008-03-14 15:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-14 15:00 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-14 15:00 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-13 23:24 . 2008-03-13 23:24

2008-03-13 23:04 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-03-13 21:41 . 2008-03-13 12:15 211 --ahs---- C:\BOOT.BKK

2008-03-13 21:06 . 2008-03-13 21:06

2008-03-13 20:42 . 2008-03-13 20:43

2008-03-13 20:42 . 2008-03-13 20:42

2008-03-13 20:41 . 2008-03-13 20:41

2008-03-13 18:56 . 2008-03-13 18:56

2008-03-13 18:50 . 2008-03-13 18:50

2008-03-13 18:08 . 2008-03-13 20:41

2008-03-13 17:21 . 2008-03-13 17:21

2008-03-13 17:21 . 2008-03-13 17:21

2008-03-13 16:22 . 2008-03-13 16:22

2008-03-13 15:29 . 2008-03-13 15:29

2008-03-13 15:28 . 2008-03-13 15:28

2008-03-13 15:28 . 2008-03-13 15:30

2008-03-13 13:57 . 2008-03-13 13:57

2008-03-13 13:50 . 2008-03-13 13:50

2008-03-13 13:39 . 2008-03-13 13:39

2008-03-13 13:29 . 2008-03-16 15:52

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 12:43 --------- d-----w C:\Program Files\Avant Browser

2008-03-20 01:36 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-03-15 10:42 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe

2008-03-14 22:05 --------- d-----w C:\Program Files\totalcmd

2008-03-14 17:29 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-14 15:21 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-13 23:25 --------- d-----w C:\Program Files\Real Alternative

2008-03-13 15:58 --------- d-----w C:\Documents and Settings\Adrian\Dane aplikacji\Avant Browser

2008-03-13 12:58 --------- d-----w C:\Program Files\7-Zip

2008-03-13 12:54 --------- d-----w C:\Program Files\VideoLAN

2008-03-13 12:54 --------- d-----w C:\Program Files\QuickTime

2008-03-13 12:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer

2008-03-13 12:53 --------- d-----w C:\Program Files\ffdshow

2008-03-13 12:53 --------- d-----w C:\Program Files\Apple Software Update

2008-03-13 12:52 --------- d-----w C:\Program Files\MarBit

2008-03-13 12:51 --------- d-----w C:\Program Files\IrfanView

2008-03-13 12:51 --------- d-----w C:\Program Files\English Translator 3

2008-03-13 12:46 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-03-13 12:43 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE

2008-03-13 12:40 --------- d-----w C:\Program Files\Realtek

2008-03-13 12:38 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-03-13 12:37 --------- d-----w C:\Program Files\Intel

2008-03-13 12:21 --------- d-----w C:\Program Files\microsoft frontpage

2008-03-13 12:19 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0DBE46B8-0F18-40F9-9ADB-F9D474D09460}]

2008-03-15 13:47 262144 --a------ C:\WINDOWS\drnpfdxoqm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{9AE95C59-B63B-4F78-91FA-9788897A7B54}”= “C:\WINDOWS\etlrlws.dll” [2008-03-15 13:47 172032]

[HKEY_CLASSES_ROOT\clsid{9ae95c59-b63b-4f78-91fa-9788897a7b54}]

[HKEY_CLASSES_ROOT\etlrlws.1]

[HKEY_CLASSES_ROOT\TypeLib{A1161883-8265-4D20-95CD-481063C416FB}]

[HKEY_CLASSES_ROOT\etlrlws]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 22:44 15360]

“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-02-13 23:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2007-01-13 09:47 131072]

“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2007-01-13 09:47 163840]

“Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2007-01-13 09:46 135168]

“SoundMan”=“SOUNDMAN.EXE” [2004-01-01 04:34 86016 C:\WINDOWS\SoundMan.exe]

“AlcWzrd”=“ALCWZRD.EXE” [2004-01-01 04:34 2808832 C:\WINDOWS\alcwzrd.exe]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-01 15:57 282624]

“UVS11 Preload”=“C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe” [2007-09-12 12:17 340136]

“AtiPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-02-22 21:05 339968]

“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-02-22 22:21 32768]

“egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe” [2008-02-20 11:06 1443072]

“TrojanScanner”=“C:\Program Files\Trojan Remover\Trjscan.exe” [2008-02-29 18:31 866384]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 22:44 15360]

“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-02-22 22:21 32768]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-22 22:21:26 32768]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

“altvxvm”= {6FBD6818-52AF-4A4E-80E9-8664C553ACE8} - C:\WINDOWS\altvxvm.dll [2008-03-15 13:47 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“UIHost”=“LogonUI.EXE”

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

“FirewallOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=

“C:\Program Files\Windows Live\Messenger\livecall.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“15284:TCP”= 15284:TCP:BitComet 15284 TCP

“15284:UDP”= 15284:UDP:BitComet 15284 UDP

.

Contents of the ‘Scheduled Tasks’ folder

“2008-03-18 15:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-20 16:25:32

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-20 16:25:49

ComboFix-quarantined-files.txt 2008-03-20 16:25:47

.

2008-03-17 14:29:38 — E O F —

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:27:01, on 2008-03-20

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\totalcmd\TOTALCMD.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Avant Browser\avant.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: GNX Rolex - {0DBE46B8-0F18-40F9-9ADB-F9D474D09460} - C:\WINDOWS\drnpfdxoqm.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: etlrlws - {9AE95C59-B63B-4F78-91FA-9788897A7B54} - C:\WINDOWS\etlrlws.dll

O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

O4 - HKLM…\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime

O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice

O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Download all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O21 - SSODL: altvxvm - {6FBD6818-52AF-4A4E-80E9-8664C553ACE8} - C:\WINDOWS\altvxvm.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

End of file - 6169 bytes

SmitFraudFix v2.305

Scan done at 16:27:24,71, 2008-03-20

Run from D:\Downloads\SmitfraudFix

OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\totalcmd\TOTALCMD.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Avant Browser\avant.exe

C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Adrian

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Adrian\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Adrian\Ulubione

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

“Source”=“About:Home”

“SubscribedURL”=“About:Home”

“FriendlyName”=“Moja bieżąca strona główna”

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!


(system) #8

pomoze ktos??