Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

girolamo

Rejestracja: 09 paź 2008
OFFLINE Ostatnio: 10 10 2008 14:40

Moja zawartość

Moje posty

W temacie: [Problem] Natrętny wirus!

09 10 2008 - 23:24

zrobiłem to co mówiłaś

scan SmitFraudFix

SmitFraudFix v2.357

Scan done at 23:22:26,75, 2008-10-09
Run from H:\Documents and Settings\Michaˆ\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
e:\Alcohol 120\StarWind\StarWindServiceAE.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Multimedia Card Reader\shwicon2k.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Winamp\winampa.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\WINDOWS\vsnpstd3.exe
F:\office\Office12\GrooveMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\bvdmss.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\Michał\Pulpit\SmitfraudFix\Policies.exe
H:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» H:\


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32

H:\WINDOWS\system32\1.ico FOUND !
H:\WINDOWS\system32\2.ico FOUND !
H:\WINDOWS\system32\MicroAV.cpl FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\Michaˆ


»»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\Michaˆ\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» H:\DOCUME~1\MICHA~1\Ulubione


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» H:\Program Files 

H:\Program Files\MicroAV\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieľĄca strona gˆ˘wna"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="H:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 85.14.85.14
DNS Server Search Order: 85.14.85.2
DNS Server Search Order: 82.160.198.5

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FFAB1664-7191-4B43-B750-458729F33CA5}: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FFAB1664-7191-4B43-B750-458729F33CA5}: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FFAB1664-7191-4B43-B750-458729F33CA5}: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FFAB1664-7191-4B43-B750-458729F33CA5}: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

HJ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:23, on 2008-10-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
e:\Alcohol 120\StarWind\StarWindServiceAE.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Multimedia Card Reader\shwicon2k.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Winamp\winampa.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\WINDOWS\vsnpstd3.exe
F:\office\Office12\GrooveMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\bvdmss.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\explorer.exe
E:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.reganam.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\office\Office12\GRA8E1~1.DLL
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - e:\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - H:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [Sunkist2k] H:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] H:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\office\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\office\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\office\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - E:\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - E:\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Network Data Management System Service (bvdmss) - Unknown owner - C:\WINDOWS\system32\bvdmss.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (idrivert) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5959 bytes

girolamo

Statystyki

O mnie

Moje posty

W temacie: [Problem] Natrętny wirus!

girolamo

Statystyki

O mnie

Moje posty

W temacie: [Problem] Natrętny wirus!

Zaloguj się