witam, kolega ma maly problem, na pulpicie widnieje mu tapeta “Your privacy is in danger…” i nie wie jak to usunac.
wklejam log z combofix:
ComboFix 08-03-18.1 - Adrian 2008-03-19 12:55:33.1 - NTFSx86
witam, kolega ma maly problem, na pulpicie widnieje mu tapeta “Your privacy is in danger…” i nie wie jak to usunac.
wklejam log z combofix:
ComboFix 08-03-18.1 - Adrian 2008-03-19 12:55:33.1 - NTFSx86
daj loga z hijackthisa
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:47, on 2008-03-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: GNX Rolex - {0DBE46B8-0F18-40F9-9ADB-F9D474D09460} - C:\WINDOWS\drnpfdxoqm.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: etlrlws - {9AE95C59-B63B-4F78-91FA-9788897A7B54} - C:\WINDOWS\etlrlws.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O21 - SSODL: altvxvm - {6FBD6818-52AF-4A4E-80E9-8664C553ACE8} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: bokpkov - {D22F9D6E-B801-4C8C-9246-82BFD8970570} - C:\WINDOWS\bokpkov.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://my.jucaushii.ro/wallpapers/content/wallpapers/game_1964/wp_23864_2.jpg
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 6617 bytes
sfixuj:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
zrób scana tym:
nie pomoglo, macie jakies inne pomysly??
Zastosuj Smitfraudfix opcja nr 2
po zabiegach dajesz nowy log z hijacka log z combofix i raport ze smitfraudfix
zrobilem tak jak pisaliscie, dalej to samo, wklajam raporty:
ComboFix 08-03-18.1 - Adrian 2008-03-20 16:24:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.717 [GMT 0:00]
Running from: C:\Documents and Settings\Adrian\Ustawienia lokalne\Temporary Internet Files\Content.IE5\5CVTLI33\ComboFix[1].exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.
2008-03-20 16:20 . 2008-03-20 16:20 2,576 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-20 16:19 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-20 16:19 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-20 16:19 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-20 16:19 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-20 16:19 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-20 16:19 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-20 16:19 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-19 23:00 . 2008-03-19 23:00
2008-03-19 19:30 . 2008-03-19 19:32
2008-03-19 19:30 . 2008-03-19 19:30
2008-03-19 19:30 . 2008-03-19 19:30
2008-03-19 19:30 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-03-19 19:30 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-03-19 19:30 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-03-19 19:30 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-03-19 19:30 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-03-19 14:04 . 2008-03-19 14:04
2008-03-18 20:09 . 2008-03-18 20:27
2008-03-18 19:29 . 2008-03-18 19:29
2008-03-18 19:28 . 2008-03-18 19:28
2008-03-18 19:28 . 2008-03-18 19:28
2008-03-17 01:14 . 2008-03-17 01:14
2008-03-17 01:08 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-17 00:57 . 2008-03-17 00:57
2008-03-16 19:08 . 2008-03-16 19:08
2008-03-16 18:36 . 2008-03-16 18:36
2008-03-15 20:56 . 2008-03-15 20:56
2008-03-15 16:40 . 2008-03-19 00:15
2008-03-15 16:40 . 2008-03-15 16:40
2008-03-15 16:03 . 2008-03-15 13:47 262,144 --a------ C:\WINDOWS\drnpfdxoqm.dll
2008-03-15 16:03 . 2008-03-15 13:47 208,896 --a------ C:\WINDOWS\altvxvm.dll
2008-03-15 16:03 . 2008-03-15 13:47 172,032 --a------ C:\WINDOWS\etlrlws.dll
2008-03-15 16:03 . 2008-03-15 13:47 98,304 --a------ C:\WINDOWS\fmsxwqs.exe
2008-03-15 11:02 . 2008-03-15 11:02
2008-03-15 10:56 . 2008-03-15 10:56
2008-03-15 10:52 . 2008-03-15 10:52 22 --a------ C:\WINDOWS\system32\ati64hl2.stb
2008-03-15 10:46 . 2006-02-22 01:05 148,498 --a------ C:\WINDOWS\system32\atmplkxx.hlp
2008-03-15 10:46 . 2006-02-22 01:05 44,430 --a------ C:\WINDOWS\system32\attplkxx.hlp
2008-03-15 10:46 . 2006-02-22 01:05 26,138 --a------ C:\WINDOWS\system32\atfplkxx.hlp
2008-03-15 10:43 . 2005-02-22 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-03-15 10:42 . 2008-03-15 10:42
2008-03-15 10:42 . 2008-03-15 10:42
2008-03-15 10:33 . 2008-03-15 10:34 10 --a------ C:\WINDOWS\WININIT.INI
2008-03-15 10:30 . 2004-08-04 00:44 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-15 10:26 . 2008-03-15 10:26 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-03-15 10:23 . 2005-02-01 21:42 165,888 --a------ C:\WINDOWS\system32\drivers\atinevxx.sys
2008-03-15 10:23 . 2004-10-13 15:04 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc20.cod
2008-03-15 10:23 . 2005-02-01 21:36 33,280 --a–c— C:\WINDOWS\system32\dllcache\ativtmxx.dll
2008-03-15 10:23 . 2005-02-01 21:36 33,280 --a------ C:\WINDOWS\system32\ativtmxx.dll
2008-03-15 10:23 . 2005-02-01 21:36 23,552 --a–c— C:\WINDOWS\system32\dllcache\ativmvxx.ax
2008-03-15 10:23 . 2005-02-01 21:36 23,552 --a------ C:\WINDOWS\system32\ativmvxx.ax
2008-03-15 10:23 . 2005-02-01 21:41 15,360 --a------ C:\WINDOWS\system32\drivers\atinmdxx.sys
2008-03-15 10:23 . 2005-02-01 21:41 15,360 --a–c— C:\WINDOWS\system32\dllcache\atinmdxx.sys
2008-03-15 10:21 . 2008-03-15 10:59
2008-03-15 10:19 . 2008-03-15 10:19 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-14 23:20 . 2008-03-14 23:20 6,144 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-14 22:05 . 2008-03-20 16:19 1,209 --a------ C:\WINDOWS\wincmd.ini
2008-03-14 18:18 . 2008-03-14 18:18
2008-03-14 18:17 . 2008-03-14 18:17
2008-03-14 18:17 . 2008-03-14 18:17
2008-03-14 17:35 . 2008-03-14 17:35 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-03-14 17:34 . 2008-03-14 17:36
2008-03-14 17:31 . 2008-03-14 17:33
2008-03-14 17:30 . 2008-03-14 17:30
2008-03-14 17:30 . 2008-03-14 17:30
2008-03-14 17:30 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-14 17:30 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-14 17:30 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-14 17:30 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-14 17:30 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-14 17:30 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-14 17:29 . 2008-03-14 17:29
2008-03-14 17:28 . 2008-03-14 17:28
2008-03-14 17:28 . 2008-03-14 17:29
2008-03-14 17:28 . 2008-03-14 17:31
2008-03-14 15:21 . 2008-03-14 15:21
2008-03-14 15:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-14 15:00 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-14 15:00 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-13 23:24 . 2008-03-13 23:24
2008-03-13 23:04 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-13 21:41 . 2008-03-13 12:15 211 --ahs---- C:\BOOT.BKK
2008-03-13 21:06 . 2008-03-13 21:06
2008-03-13 20:42 . 2008-03-13 20:43
2008-03-13 20:42 . 2008-03-13 20:42
2008-03-13 20:41 . 2008-03-13 20:41
2008-03-13 18:56 . 2008-03-13 18:56
2008-03-13 18:50 . 2008-03-13 18:50
2008-03-13 18:08 . 2008-03-13 20:41
2008-03-13 17:21 . 2008-03-13 17:21
2008-03-13 17:21 . 2008-03-13 17:21
2008-03-13 16:22 . 2008-03-13 16:22
2008-03-13 15:29 . 2008-03-13 15:29
2008-03-13 15:28 . 2008-03-13 15:28
2008-03-13 15:28 . 2008-03-13 15:30
2008-03-13 13:57 . 2008-03-13 13:57
2008-03-13 13:50 . 2008-03-13 13:50
2008-03-13 13:39 . 2008-03-13 13:39
2008-03-13 13:29 . 2008-03-16 15:52
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 12:43 --------- d-----w C:\Program Files\Avant Browser
2008-03-20 01:36 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-03-15 10:42 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-03-14 22:05 --------- d-----w C:\Program Files\totalcmd
2008-03-14 17:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-14 15:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-13 23:25 --------- d-----w C:\Program Files\Real Alternative
2008-03-13 15:58 --------- d-----w C:\Documents and Settings\Adrian\Dane aplikacji\Avant Browser
2008-03-13 12:58 --------- d-----w C:\Program Files\7-Zip
2008-03-13 12:54 --------- d-----w C:\Program Files\VideoLAN
2008-03-13 12:54 --------- d-----w C:\Program Files\QuickTime
2008-03-13 12:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-13 12:53 --------- d-----w C:\Program Files\ffdshow
2008-03-13 12:53 --------- d-----w C:\Program Files\Apple Software Update
2008-03-13 12:52 --------- d-----w C:\Program Files\MarBit
2008-03-13 12:51 --------- d-----w C:\Program Files\IrfanView
2008-03-13 12:51 --------- d-----w C:\Program Files\English Translator 3
2008-03-13 12:46 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-13 12:43 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-03-13 12:40 --------- d-----w C:\Program Files\Realtek
2008-03-13 12:38 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-13 12:37 --------- d-----w C:\Program Files\Intel
2008-03-13 12:21 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-13 12:19 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0DBE46B8-0F18-40F9-9ADB-F9D474D09460}]
2008-03-15 13:47 262144 --a------ C:\WINDOWS\drnpfdxoqm.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{9AE95C59-B63B-4F78-91FA-9788897A7B54}”= “C:\WINDOWS\etlrlws.dll” [2008-03-15 13:47 172032]
[HKEY_CLASSES_ROOT\clsid{9ae95c59-b63b-4f78-91fa-9788897a7b54}]
[HKEY_CLASSES_ROOT\etlrlws.1]
[HKEY_CLASSES_ROOT\TypeLib{A1161883-8265-4D20-95CD-481063C416FB}]
[HKEY_CLASSES_ROOT\etlrlws]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 22:44 15360]
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-02-13 23:09 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2007-01-13 09:47 131072]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2007-01-13 09:47 163840]
“Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2007-01-13 09:46 135168]
“SoundMan”=“SOUNDMAN.EXE” [2004-01-01 04:34 86016 C:\WINDOWS\SoundMan.exe]
“AlcWzrd”=“ALCWZRD.EXE” [2004-01-01 04:34 2808832 C:\WINDOWS\alcwzrd.exe]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-01 15:57 282624]
“UVS11 Preload”=“C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe” [2007-09-12 12:17 340136]
“AtiPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-02-22 21:05 339968]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-02-22 22:21 32768]
“egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe” [2008-02-20 11:06 1443072]
“TrojanScanner”=“C:\Program Files\Trojan Remover\Trjscan.exe” [2008-02-29 18:31 866384]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 22:44 15360]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-02-22 22:21 32768]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-22 22:21:26 32768]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“altvxvm”= {6FBD6818-52AF-4A4E-80E9-8664C553ACE8} - C:\WINDOWS\altvxvm.dll [2008-03-15 13:47 208896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“UIHost”=“LogonUI.EXE”
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“C:\Program Files\Windows Live\Messenger\livecall.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“15284:TCP”= 15284:TCP:BitComet 15284 TCP
“15284:UDP”= 15284:UDP:BitComet 15284 UDP
.
Contents of the ‘Scheduled Tasks’ folder
“2008-03-18 15:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 16:25:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-20 16:25:49
ComboFix-quarantined-files.txt 2008-03-20 16:25:47
.
2008-03-17 14:29:38 — E O F —
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:01, on 2008-03-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: GNX Rolex - {0DBE46B8-0F18-40F9-9ADB-F9D474D09460} - C:\WINDOWS\drnpfdxoqm.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: etlrlws - {9AE95C59-B63B-4F78-91FA-9788897A7B54} - C:\WINDOWS\etlrlws.dll
O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM…\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime
O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice
O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O21 - SSODL: altvxvm - {6FBD6818-52AF-4A4E-80E9-8664C553ACE8} - C:\WINDOWS\altvxvm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file - 6169 bytes
SmitFraudFix v2.305
Scan done at 16:27:24,71, 2008-03-20
Run from D:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Adrian
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Adrian\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Adrian\Ulubione
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
“Source”=“About:Home”
“SubscribedURL”=“About:Home”
“FriendlyName”=“Moja bieżąca strona główna”
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
pomoze ktos??