DZIŚ O 6.01 ATAK!!!–hj po ATAKU I PO WALCE PROSZE SPRAWDZIĆ
pROSZĘ O SPRAWDZENIE HJ I ...CO MAM JESZCZE ZROBIC EWENTUALANIE.
EWLogfile of HijackThis v1.99.1
Scan saved at 06:35:21, on 2005–11–30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Documents and Settings\Radek\Pulpit\Nie ruszać\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3cache.galas.tuchow.pl/proxy.pac
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – F:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] F:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] F:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKCU\..\Run: [NetMonSVStat] F:\Program Files\MKS\Bin\netsvst.exe
O4 – Startup: Rejestrowanie produktów Corela.lnk = F:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 – Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Microtek Scanner Finder.lnk = F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: Kalendarz XP.lnk = F:\Program Files\Kalendarz XP\Kalendarz.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O12 – Plugin for .bcf: F:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 – Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120758474530
O16 – DPF: {82CF9738–0BDA–4AAF–AB08–5AC5875FF3BB} (YMultiRecord Class) – file://F:\Program Files\Angielski z Cambridge – demo\lekcje\localplayer\recording\yrecording.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{63FEDFAC–6D06–4BF1–8742–72DC1E1B8963}: NameServer = 192.168.3.1
O20 – Winlogon Notify: msctl32.dll – F:\WINDOWS\System32\msctl32.dll
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – F:\Program Files\MKS\Bin\NetMon
Logfile of HijackThis v1.99.1
Scan saved at 12:03:17, on 2005–11–30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\MKS\Bin\NetMonSV.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\MKS\Bin\mksmonsv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
F:\Program Files\MKS\Bin\ABregmon.exe
F:\Program Files\MKS\Bin\netsvst.exe
F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
F:\Program Files\Kalendarz XP\Kalendarz.exe
F:\Program Files\D–Link AirPlus\AirPlus.exe
F:\Program Files\Corel\Graphics9\Register\Remind32.exe
F:\Program Files\MKS\Bin\mks_scan.exe
F:\Documents and Settings\Radek\Pulpit\Nie ruszać\hijackthis\HijackThis.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Internet Explorer\iexplore.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3cache.galas.tuchow.pl/proxy.pac
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – F:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] F:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] F:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKCU\..\Run: [NetMonSVStat] F:\Program Files\MKS\Bin\netsvst.exe
O4 – Startup: Rejestrowanie produktów Corela.lnk = F:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 – Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Microtek Scanner Finder.lnk = F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: Kalendarz XP.lnk = F:\Program Files\Kalendarz XP\Kalendarz.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O12 – Plugin for .bcf: F:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 – Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120758474530
O16 – DPF: {82CF9738–0BDA–4AAF–AB08–5AC5875FF3BB} (YMultiRecord Class) – file://F:\Program Files\Angielski z Cambridge – demo\lekcje\localplayer\recording\yrecording.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{63FEDFAC–6D06–4BF1–8742–72DC1E1B8963}: NameServer = 192.168.3.1
O20 – Winlogon Notify: msctl32.dll – F:\WINDOWS\System32\msctl32.dll (file missing)
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – F:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: ewido security suite control – ewido networks – F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – F:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – F:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – F:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – F:\WINDOWS\System32\nvsvc32.exe
EWLogfile of HijackThis v1.99.1
Scan saved at 06:35:21, on 2005–11–30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Documents and Settings\Radek\Pulpit\Nie ruszać\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3cache.galas.tuchow.pl/proxy.pac
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – F:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] F:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] F:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKCU\..\Run: [NetMonSVStat] F:\Program Files\MKS\Bin\netsvst.exe
O4 – Startup: Rejestrowanie produktów Corela.lnk = F:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 – Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Microtek Scanner Finder.lnk = F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: Kalendarz XP.lnk = F:\Program Files\Kalendarz XP\Kalendarz.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O12 – Plugin for .bcf: F:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 – Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120758474530
O16 – DPF: {82CF9738–0BDA–4AAF–AB08–5AC5875FF3BB} (YMultiRecord Class) – file://F:\Program Files\Angielski z Cambridge – demo\lekcje\localplayer\recording\yrecording.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{63FEDFAC–6D06–4BF1–8742–72DC1E1B8963}: NameServer = 192.168.3.1
O20 – Winlogon Notify: msctl32.dll – F:\WINDOWS\System32\msctl32.dll
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – F:\Program Files\MKS\Bin\NetMon
a TO PO WALCE
Logfile of HijackThis v1.99.1
Scan saved at 12:03:17, on 2005–11–30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\MKS\Bin\NetMonSV.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\MKS\Bin\mksmonsv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
F:\Program Files\MKS\Bin\ABregmon.exe
F:\Program Files\MKS\Bin\netsvst.exe
F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
F:\Program Files\Kalendarz XP\Kalendarz.exe
F:\Program Files\D–Link AirPlus\AirPlus.exe
F:\Program Files\Corel\Graphics9\Register\Remind32.exe
F:\Program Files\MKS\Bin\mks_scan.exe
F:\Documents and Settings\Radek\Pulpit\Nie ruszać\hijackthis\HijackThis.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Internet Explorer\iexplore.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3cache.galas.tuchow.pl/proxy.pac
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – F:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] F:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] F:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKCU\..\Run: [NetMonSVStat] F:\Program Files\MKS\Bin\netsvst.exe
O4 – Startup: Rejestrowanie produktów Corela.lnk = F:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 – Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Microtek Scanner Finder.lnk = F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: Kalendarz XP.lnk = F:\Program Files\Kalendarz XP\Kalendarz.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O12 – Plugin for .bcf: F:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 – Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120758474530
O16 – DPF: {82CF9738–0BDA–4AAF–AB08–5AC5875FF3BB} (YMultiRecord Class) – file://F:\Program Files\Angielski z Cambridge – demo\lekcje\localplayer\recording\yrecording.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{63FEDFAC–6D06–4BF1–8742–72DC1E1B8963}: NameServer = 192.168.3.1
O20 – Winlogon Notify: msctl32.dll – F:\WINDOWS\System32\msctl32.dll (file missing)
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – F:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: ewido security suite control – ewido networks – F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – F:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – F:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – F:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – F:\WINDOWS\System32\nvsvc32.exe
mYŚLĘ, ŻE TO SECURE32..ale nie jestem pewny.
Dziękuję
Odpowiedzi: 3
Ubite – nie powraca
Dziękuję za pomoć.....tak to wygląda obecnie...zastanawia mnie ten adres IP?...
Logfile of HijackThis v1.99.1
Scan saved at 07:59:04, on 2005–12–01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\MKS\Bin\NetMonSV.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\MKS\Bin\mksmonsv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
F:\Program Files\MKS\Bin\mks_menu.exe
F:\Program Files\MKS\Bin\ABregmon.exe
F:\Program Files\MKS\Bin\netsvst.exe
F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
F:\Program Files\Kalendarz XP\Kalendarz.exe
F:\Program Files\D–Link AirPlus\AirPlus.exe
F:\Program Files\Corel\Graphics9\Register\Remind32.exe
F:\Program Files\MKS\Bin\mks_scan.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Radek\Pulpit\Nie ruszać\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3cache.galas.tuchow.pl/proxy.pac
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – F:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] F:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] F:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKCU\..\Run: [NetMonSVStat] F:\Program Files\MKS\Bin\netsvst.exe
O4 – Startup: Rejestrowanie produktów Corela.lnk = F:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 – Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Microtek Scanner Finder.lnk = F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: Kalendarz XP.lnk = F:\Program Files\Kalendarz XP\Kalendarz.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O12 – Plugin for .bcf: F:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 – Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120758474530
O16 – DPF: {82CF9738–0BDA–4AAF–AB08–5AC5875FF3BB} (YMultiRecord Class) – file://F:\Program Files\Angielski z Cambridge – demo\lekcje\localplayer\recording\yrecording.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{63FEDFAC–6D06–4BF1–8742–72DC1E1B8963}: NameServer = 192.168.3.1
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – F:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: ewido security suite control – ewido networks – F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – F:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – F:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – F:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – F:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 07:59:04, on 2005–12–01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\MKS\Bin\NetMonSV.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\MKS\Bin\mksmonsv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
F:\Program Files\MKS\Bin\mks_menu.exe
F:\Program Files\MKS\Bin\ABregmon.exe
F:\Program Files\MKS\Bin\netsvst.exe
F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
F:\Program Files\Kalendarz XP\Kalendarz.exe
F:\Program Files\D–Link AirPlus\AirPlus.exe
F:\Program Files\Corel\Graphics9\Register\Remind32.exe
F:\Program Files\MKS\Bin\mks_scan.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Radek\Pulpit\Nie ruszać\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://w3cache.galas.tuchow.pl/proxy.pac
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – F:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] F:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] F:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKCU\..\Run: [NetMonSVStat] F:\Program Files\MKS\Bin\netsvst.exe
O4 – Startup: Rejestrowanie produktów Corela.lnk = F:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 – Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Microtek Scanner Finder.lnk = F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: Kalendarz XP.lnk = F:\Program Files\Kalendarz XP\Kalendarz.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O12 – Plugin for .bcf: F:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 – Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120758474530
O16 – DPF: {82CF9738–0BDA–4AAF–AB08–5AC5875FF3BB} (YMultiRecord Class) – file://F:\Program Files\Angielski z Cambridge – demo\lekcje\localplayer\recording\yrecording.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{63FEDFAC–6D06–4BF1–8742–72DC1E1B8963}: NameServer = 192.168.3.1
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – F:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: ewido security suite control – ewido networks – F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – F:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – F:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – F:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – F:\WINDOWS\System32\nvsvc32.exe
Usuwałeś, ale nie do końca, ubij:
W razie jakby wpisy powracały dorzuyć log Silent Runners'a
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O20 – Winlogon Notify: msctl32.dll – F:\WINDOWS\System32\msctl32.dll (file missing)
W razie jakby wpisy powracały dorzuyć log Silent Runners'a
Strona 1 / 1