Dodaj do ulubionych

Problem!!!

IP: *.ssnet.pl 14.05.05, 11:21
Mam taki problem: przeglądałem sobie stronki a mi nagle wyskoczyło kilka pop-
upów z czego większośc o tym, że mam jakiegoś spyware. Strona startowa mi się
zmieniła na jakąś taką z wyszukiwaniami, a w nagłowku pisze że about;blank.
oto mój skan z hijack:

Logfile of HijackThis v1.99.1
Scan saved at 11:18:12, on 2005-05-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\temp\salm.exe
C:\DOCUME~1\Dawid\USTAWI~1\Temp\SAHAGE~1.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Dawid\Dane aplikacji\ssct.exe
C:\WINDOWS\System32\w?nlogon.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\Dawid\USTAWI~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\Dawid\USTAWI~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {5C737EDC-CE6D-4E77-A111-8BE52E2BFAAC} -
C:\WINDOWS\System32\fbfk.dll
O2 - BHO: (no name) - {5E511A32-8E8F-8075-A5C1-836DD330B7BA} -
C:\WINDOWS\System32\hmk.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {E1A974C3-A57D-C38A-FC55-9174EC59F406} - C:\DOCUME~1
\Dawid\DANEAP~1\DRAWMI~1\Support upload.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2
\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Dawid\USTAWI~1\Temp\SAHAGE~1.EXE run
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Grid Byte Slow Eggs] C:\Documents and Settings\All
Users\Dane aplikacji\KIND FAST GRID BYTE\drive one.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Dawid\USTAWI~1
\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Urce] C:\Documents and Settings\Dawid\Dane
aplikacji\ssct.exe
O4 - HKCU\..\Run: [Zxzldv] C:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\Run: [ProxyMpeg] C:\DOCUME~1\Dawid\DANEAP~1\BATNAM~1
\4infoaxis.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program
Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
its:mhtml:file://c:\nosuxxx.mht!
www.kazaalite.pl/stats/xaw.chm::/bridge-c18.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - ms-its:mhtml:file://c:\nosuxxx.mht!
kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-
960C44D3E99D}: NameServer = 194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-
960C44D3E99D}: NameServer = 194.204.159.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-
960C44D3E99D}: NameServer = 194.204.159.1
O18 - Filter: text/html - {32319B6F-E556-4DE8-8ADC-129881CFF829} -
C:\WINDOWS\System32\fbfk.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. -
C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: Trace network connections (ACCRA) - Unknown owner -
C:\WINDOWS\System32\mocih.exe (file missing)
O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
C:\WINDOWS\System32\dev32.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program
Files\MKS\Bin\mks_scan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
Inc. - C:\Program Files\Sygate\SPF\smc.exe

Proszę, ratujcie mnie.
Obserwuj wątek
    • Gość: Kolobos Re: Problem!!! IP: *.warszawa.sdi.tpnet.pl 14.05.05, 12:12
      Ciagle to samo...

      Najpierw to:
      www.trojaner-info.de/files/SpSeHjfix112.exe
      W hijackthis kasujesz to:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\DOCUME~1\Dawid\USTAWI~1\Temp\se.dll/spage.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\DOCUME~1\Dawid\USTAWI~1\Temp\se.dll/spage.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O2 - BHO: (no name) - {5C737EDC-CE6D-4E77-A111-8BE52E2BFAAC} -
      C:\WINDOWS\System32\fbfk.dll
      O2 - BHO: (no name) - {5E511A32-8E8F-8075-A5C1-836DD330B7BA} -
      C:\WINDOWS\System32\hmk.dll
      O2 - BHO: (no name) - {E1A974C3-A57D-C38A-FC55-9174EC59F406} - C:\DOCUME~1
      \Dawid\DANEAP~1\DRAWMI~1\Support upload.exe
      O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
      O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Dawid\USTAWI~1\Temp\SAHAGE~1.EXE run
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
      O4 - HKLM\..\Run: [Grid Byte Slow Eggs] C:\Documents and Settings\All
      Users\Dane aplikacji\KIND FAST GRID BYTE\drive one.exe
      O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Dawid\USTAWI~1
      \Temp\se.dll,DllInstall
      O4 - HKCU\..\Run: [Urce] C:\Documents and Settings\Dawid\Dane
      aplikacji\ssct.exe
      O4 - HKCU\..\Run: [Zxzldv] C:\WINDOWS\System32\w?nlogon.exe
      O4 - HKCU\..\Run: [ProxyMpeg] C:\DOCUME~1\Dawid\DANEAP~1\BATNAM~1
      \4infoaxis.exe
      O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
      its:mhtml:file://c:\nosuxxx.mht!
      www.kazaalite.pl/stats/xaw.chm::/bridge-c18.cab
      O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
      Control) - ms-its:mhtml:file://c:\nosuxxx.mht!
      kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab
      O18 - Filter: text/html - {32319B6F-E556-4DE8-8ADC-129881CFF829} -
      C:\WINDOWS\System32\fbfk.dll
      O23 - Service: Trace network connections (ACCRA) - Unknown owner -
      C:\WINDOWS\System32\mocih.exe (file missing)
      O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
      C:\WINDOWS\System32\dev32.exe (file missing)

      I Fix Checked, nastepnie sciagasz:
      www.downloads.subratam.org/KillBox.zip
      Rozpakuj, zaznacz Delete file on reboot wklej sciezke do pliku (sam/a nie
      szukaj tylko wklejaj gotowa) i naciskaj czerwony przycisk ale na pytanie o
      reset odpowiadaj nie i tak zrob z tymi plikami:

      C:\WINDOWS\System32\fbfk.dll
      C:\WINDOWS\System32\hmk.dll
      C:\DOCUME~1\Dawid\DANEAP~1\BATNAM~1\4infoaxis.exe
      C:\DOCUME~1\Dawid\USTAWI~1\Temp\se.dll
      C:\Documents and Settings\Dawid\Dane aplikacji\ssct.exe
      c:\temp\salm.exe
      C:\Documents and Settings\All Users\Dane aplikacji\KIND FAST GRID BYTE\drive
      one.exe
      C:\DOCUME~1\Dawid\USTAWI~1\Temp\SAHAGE~1.EXE
      C:\Program Files\Media Access\MediaAccK.exe

      Po wszystkim reset i wklej nowy log z hijackthis.

      • Gość: Daw Re: Problem!!! IP: *.ssnet.pl 14.05.05, 12:31
        Logfile of HijackThis v1.99.1
        Scan saved at 12:30:50, on 2005-05-14
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\LXSUPMON.EXE
        C:\Program Files\MKS\Bin\mks_menu.exe
        C:\Program Files\MKS\Bin\ABregmon.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\MKS\Bin\NetMonSV.exe
        C:\Program Files\MKS\Bin\mksmonsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe

        O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1
        \FlashGet\jccatch.dll
        O2 - BHO: (no name) - {C03CB9F3-E8EF-4799-A651-A1A109D16762} -
        C:\WINDOWS\System32\fbfk.dll (file missing)
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
        C:\PROGRA~1\FlashGet\fgiebar.dll
        O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2
        \printray.exe
        O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
        \NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
        Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
        O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
        O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O8 - Extra context menu item: Download All by FlashGet - C:\Program
        Files\FlashGet\jc_all.htm
        O8 - Extra context menu item: Download using FlashGet - C:\Program
        Files\FlashGet\jc_link.htm
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
        C:\PROGRA~1\FlashGet\flashget.exe
        O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
        0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
        O17 - HKLM\System\CCS\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-960C44D3E99D}:
        NameServer = 194.204.159.1
        O17 - HKLM\System\CS1\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-960C44D3E99D}:
        NameServer = 194.204.159.1
        O17 - HKLM\System\CS2\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-960C44D3E99D}:
        NameServer = 194.204.159.1
        O18 - Filter: text/html - {B59084C8-CC10-4E90-99FF-91EE62F35F98} -
        C:\WINDOWS\System32\fbfk.dll
        O18 - Filter: text/plain - {B59084C8-CC10-4E90-99FF-91EE62F35F98} -
        C:\WINDOWS\System32\fbfk.dll
        O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program
        Files\MKS\Bin\NetMonSV.exe
        O23 - Service: Trace network connections (ACCRA) - Unknown owner -
        C:\WINDOWS\System32\mocih.exe (file missing)
        O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
        C:\WINDOWS\System32\dev32.exe (file missing)
        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
        C:\WINDOWS\system32\LEXBCES.EXE
        O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
        Files\MKS\bin\MkSUpdateInt.exe
        O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
        Files\MKS\Bin\mksmonsv.exe
        O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
        Inc. - C:\Program Files\Sygate\SPF\smc.exe

        • Gość: Kolobos Re: Problem!!! IP: *.warszawa.sdi.tpnet.pl 14.05.05, 12:58
          Chyba nie za dokladnie czytales to co napisalem w poprzednim poscie dalej jest
          to czego mialo nie byc i co miales usunac:

          To w hijackthis:

          O2 - BHO: (no name) - {C03CB9F3-E8EF-4799-A651-A1A109D16762} -
          C:\WINDOWS\System32\fbfk.dll (file missing)
          O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
          O18 - Filter: text/html - {B59084C8-CC10-4E90-99FF-91EE62F35F98} -
          C:\WINDOWS\System32\fbfk.dll
          O18 - Filter: text/plain - {B59084C8-CC10-4E90-99FF-91EE62F35F98} -
          C:\WINDOWS\System32\fbfk.dll
          O23 - Service: Trace network connections (ACCRA) - Unknown owner -
          C:\WINDOWS\System32\mocih.exe (file missing)
          O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
          C:\WINDOWS\System32\dev32.exe (file missing)

          To killbox'em:
          C:\Program Files\Media Access\MediaAccK.exe

          Po resecie kasujesz katalog:
          C:\Program Files\Media Access\

          Nastepnie Start->Uruchom->services.msc
          Odszukaj:
          ACCRA Trace network connections
          FreeBSD Provides three management service

          Wejdz we wlasciwosci obu i wybierz tryb uruchomienia na Wylaczony i zatrzymaj
          nastepnie w hijackthis w Misc Tools-> Delete NT Service i wpisz:
          ACCRA
          a nastepnie:
          FreeBSD

          I wklej nowy log, ale jak bedzie to sakim to nie wklejaj ;-)
          • Gość: Daw Re: Problem!!! IP: *.ssnet.pl 14.05.05, 13:08
            Logfile of HijackThis v1.99.1
            Scan saved at 13:07:22, on 2005-05-14
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\LEXBCES.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\LEXPPS.EXE
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\System32\LXSUPMON.EXE
            C:\Program Files\MKS\Bin\mks_menu.exe
            C:\Program Files\MKS\Bin\ABregmon.exe
            C:\WINDOWS\System32\ctfmon.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\MKS\Bin\NetMonSV.exe
            C:\Program Files\MKS\Bin\mksmonsv.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe

            O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1
            \FlashGet\jccatch.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
            C:\PROGRA~1\FlashGet\fgiebar.dll
            O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2
            \printray.exe
            O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
            \NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
            \NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
            Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
            O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
            O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
            O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office10\OSA.EXE
            O8 - Extra context menu item: Download All by FlashGet - C:\Program
            Files\FlashGet\jc_all.htm
            O8 - Extra context menu item: Download using FlashGet - C:\Program
            Files\FlashGet\jc_link.htm
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
            C:\PROGRA~1\FlashGet\flashget.exe
            O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
            0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
            O17 - HKLM\System\CCS\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-960C44D3E99D}:
            NameServer = 194.204.159.1
            O17 - HKLM\System\CS1\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-960C44D3E99D}:
            NameServer = 194.204.159.1
            O17 - HKLM\System\CS2\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-960C44D3E99D}:
            NameServer = 194.204.159.1
            O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program
            Files\MKS\Bin\NetMonSV.exe
            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
            C:\WINDOWS\system32\LEXBCES.EXE
            O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
            Files\MKS\bin\MkSUpdateInt.exe
            O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
            Files\MKS\Bin\mksmonsv.exe
            O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
            C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
            Inc. - C:\Program Files\Sygate\SPF\smc.exe

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka