Gość: czars
IP: *.acn.waw.pl
12.08.05, 15:26
Logfile of HijackThis v1.99.1
Scan saved at 15:25:47, on 2005-08-12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\System32\bq5e85vd.exe
C:\WINDOWS\System32\taskmgs.exe
C:\WINDOWS\System32\secsvc.exe
C:\WINDOWS\System32\servicer.exe
C:\WINDOWS\System32\WINSHELL.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\rpclocator.exe
C:\WINDOWS\System32\mousecrm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
D:\Programy dla Czarka\hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\asm.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
www.directsearchzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
www.directsearchzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
www.directsearchzone.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [bq5e85vd] C:\WINDOWS\System32\bq5e85vd.exe
O4 - HKLM\..\Run: [Task service] taskmgs.exe
O4 - HKLM\..\Run: [Network Security] secsvc.exe
O4 - HKLM\..\Run: [Winddows Servicer] servicer.exe
O4 - HKLM\..\Run: [Windows Command Prompt] WINSHELL.EXE
O4 - HKLM\..\RunServices: [Winddows Servicer] servicer.exe
O4 - HKLM\..\RunServices: [Network Security] secsvc.exe
O4 - HKLM\..\RunServices: [Task service] taskmgs.exe
O4 - HKLM\..\RunServices: [Windows Command Prompt] WINSHELL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Task service] taskmgs.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c420.cab
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) -
advnt01.com/dialer/int_ver30.CAB
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
download.spyspotter.com/spyspotter/SpSp29953.00noopt/SpySpotterCabInstall.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program
Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Procedure Call (RPC) Locator (Locator) - Unknown owner -
C:\WINDOWS\System32\rpclocator.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner -
C:\WINDOWS\System32\mousecrm.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe