Gość: Damian
IP: *.kolornet.pl / *.kolornet.pl
20.07.06, 22:44
Co to jest ten plik w tytule, który znajduje się w katologu windowsa. Czy to
wirus?
LOG:
Logfile of HijackThis v1.99.1
Scan saved at 22:40:38, on 2006-07-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programy\eMule\emule.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programy\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.406\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {75762108-CCC4-4891-9E51-E2D57916C8A2} -
C:\WINDOWS\system32\wuweb32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
D:\Programy\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
D:\Programy\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Programy\Kaspersky Lab\Kaspersky Anti-
Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75
\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] D:\Programy\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "D:\Programy\Adobe\Acrobat 7.0
\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Programy\eMule\emule.exe -AutoStart
O4 - Startup: HDDlife.lnk = D:\Programy\BinarySense\HDDlife\HDDlifePro.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a -
D:\Programy\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
D:\Programy\FlashGet\jc_all.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
D:\Programy\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - D:\Programy\FlashGet\flashget.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) -
www.spywarestormer.com/files2/Install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05410FDD-0327-421E-8E7F-
1CCF9659408E}: NameServer = 172.21.104.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{05410FDD-0327-421E-8E7F-
1CCF9659408E}: NameServer = 172.21.104.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{05410FDD-0327-421E-8E7F-
1CCF9659408E}: NameServer = 172.21.104.1
O23 - Service: kavsvc - Kaspersky Lab - D:\Programy\Kaspersky Lab\Kaspersky
Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
