Gość: Daw
IP: *.ssnet.pl
14.05.05, 11:21
Mam taki problem: przeglądałem sobie stronki a mi nagle wyskoczyło kilka pop-
upów z czego większośc o tym, że mam jakiegoś spyware. Strona startowa mi się
zmieniła na jakąś taką z wyszukiwaniami, a w nagłowku pisze że about;blank.
oto mój skan z hijack:
Logfile of HijackThis v1.99.1
Scan saved at 11:18:12, on 2005-05-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\temp\salm.exe
C:\DOCUME~1\Dawid\USTAWI~1\Temp\SAHAGE~1.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Dawid\Dane aplikacji\ssct.exe
C:\WINDOWS\System32\w?nlogon.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\Dawid\USTAWI~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\Dawid\USTAWI~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {5C737EDC-CE6D-4E77-A111-8BE52E2BFAAC} -
C:\WINDOWS\System32\fbfk.dll
O2 - BHO: (no name) - {5E511A32-8E8F-8075-A5C1-836DD330B7BA} -
C:\WINDOWS\System32\hmk.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {E1A974C3-A57D-C38A-FC55-9174EC59F406} - C:\DOCUME~1
\Dawid\DANEAP~1\DRAWMI~1\Support upload.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2
\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Dawid\USTAWI~1\Temp\SAHAGE~1.EXE run
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Grid Byte Slow Eggs] C:\Documents and Settings\All
Users\Dane aplikacji\KIND FAST GRID BYTE\drive one.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Dawid\USTAWI~1
\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Urce] C:\Documents and Settings\Dawid\Dane
aplikacji\ssct.exe
O4 - HKCU\..\Run: [Zxzldv] C:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\Run: [ProxyMpeg] C:\DOCUME~1\Dawid\DANEAP~1\BATNAM~1
\4infoaxis.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program
Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
its:mhtml:file://c:\nosuxxx.mht!
www.kazaalite.pl/stats/xaw.chm::/bridge-c18.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - ms-its:mhtml:file://c:\nosuxxx.mht!
kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-
960C44D3E99D}: NameServer = 194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-
960C44D3E99D}: NameServer = 194.204.159.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0271D1BB-4E48-49E6-852F-
960C44D3E99D}: NameServer = 194.204.159.1
O18 - Filter: text/html - {32319B6F-E556-4DE8-8ADC-129881CFF829} -
C:\WINDOWS\System32\fbfk.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. -
C:\Program Files\MKS\Bin\NetMonSV.exe
O23 - Service: Trace network connections (ACCRA) - Unknown owner -
C:\WINDOWS\System32\mocih.exe (file missing)
O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
C:\WINDOWS\System32\dev32.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program
Files\MKS\Bin\mks_scan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
Inc. - C:\Program Files\Sygate\SPF\smc.exe
Proszę, ratujcie mnie.