Hej mam ad aware 2007 i mks vir i niestety jakiegoś wirusa. Ad aware i mks vir wyrzucają mi komunikaty o modyfikacji rejestru, chodzi głównie o stronę startową explorera. W dodatku pojawiaja mi sie jakies dziwne alerty windows. Na pulpicie pojawily mi sie trzy ikonki spywere detector i cos tam jeszcze, sprawdzalam w programach nie ma niczego takiego. WYskakujace okienka mowia ze mam wirusa i chca sie laczyc z netem ale wchodzą na jakąs podejrzaną strone. Z kolei mks vir i ad aware przy skanowaniu nic nie wykrywają, mimo iz wyrzucaja caly czas modyfikacje rejsestru co robic?
Log
Logfile of HijackThis v1.99.1
Scan saved at 23:44:02, on 2007-12-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Program Files\mks_vir_2007\bin\mkstray.exe
D:\Program Files\mks_vir_2007\bin\mks_mail.exe
D:\Program Files\mks_vir_2007\bin\mksregmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\SmartCom\RTEGPRS.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
d:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\mks_vir_2007\bin\MksFwall.exe
D:\Program Files\mks_vir_2007\bin\MksPC.exe
D:\Program Files\mks_vir_2007\bin\mksupdate.exe
D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
d:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Program Files\mks_vir_2007\bin\mks_scan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Fefka\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BDEX System - {8E7FF808-43C3-4D5F-AF01-29FD866BBA58} - C:\WINDOWS\domnftwtwl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mkstray] D:\Program Files\mks_vir_2007\bin\mkstray.exe
O4 - HKLM\..\Run: [mks_mail] D:\Program Files\mks_vir_2007\bin\mks_mail.exe
O4 - HKLM\..\Run: [MKSRegmon] D:\Program Files\mks_vir_2007\bin\mksregmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\SmartCom\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5387344-9B49-4FC3-B740-B562BECD31DD}: NameServer = 194.204.159.1,194.204.157.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: alxvdvm - {AB32CC69-B5C5-4126-95AF-4229FC26150A} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {4A59238A-7500-488E-810C-8BCA83C2B45C} - C:\WINDOWS\bvtqfvx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MksFwall - MKS Sp z o.o. - D:\Program Files\mks_vir_2007\bin\MksFwall.exe
O23 - Service: MksPC - Unknown owner - D:\Program Files\mks_vir_2007\bin\MksPC.exe
O23 - Service: MksUpdate - MKS Sp. z o. o. - D:\Program Files\mks_vir_2007\bin\mksupdate.exe
O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\mks_vir_2007\bin\mks_scan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe