Proszę o pomoc. Od niedawna mam dziwna ikonke w tray’u (2 zmieniajace sie ikonki: pierwsza to taka jak aktualizuje windows, a druga to krzyrzyk na okrągłym białym tle). Z ikonki co chwile wyskakuje chmurka “Your computer is infected” i zachęca żeby ściagnąć jakieś oprogramowanie żeby usunąć ten problem. Jakby nie było to sam je potem ściągnie i zainstaluje nawet jak go będe cały czas odinstalowywał :evil: Proszę o jakieś wsparcie.
Logfile of HijackThis v1.99.1
Scan saved at 18:10:37, on 2006-02-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\cisvc.exe
E:\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Eset\nod32krn.exe
E:\Registry Defragmentation\RegManServ.exe
E:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\CursorXP\CursorXP.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
E:\AQQ\AQQ.exe
E:\MOZILL~1\firefox.exe
C:\Documents and Settings\GOMO's\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.pirxnet.pl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp7491.tmp (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: Peer2Mail Toolbar - {43F2A7F9-06F6-48a5-B0DC-8530BF29CE66} - C:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [nod32kui] "E:\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] E:\CursorXP\CursorXP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: RapidShare-Download - res://C:\DOCUME~1\GOMO's\USTAWI~1\Temp\ir_ext_temp_3\AutoPlay\Docs\more-rapid.exe/RsMenExt.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .exe: E:\Opera7\PLUGINS\NPFgc1.dll
O12 - Plugin for .mp3: E:\Opera7\PLUGINS\NPFgc3.dll
O12 - Plugin for .rar: E:\Opera7\PLUGINS\NPFgc1.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .zip: E:\Opera7\PLUGINS\NPFgc1.dll
O12 - Plugin for ¸ćż: E:\Opera7\PLUGINS\NPFgc1.dll
O12 - Plugin for ôĺ: E:\Opera7\PLUGINS\NPFgc1.dll
O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
O16 - DPF: {F96D229F-129A-43B5-9B51-B7820E1BF2D3} (GameControl2 Control) - http://www.miastoplusa.pl/applets/GameControl104.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: License Management Service SON - e-sonopress - C:\Program Files\Common Files\esonopress Shared\Service\Licence Manager SON.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Eset\nod32krn.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - E:\Registry Defragmentation\RegManServ.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PS. Dodam jeszcze, że program, który się instaluje nazywa się “Spyfalcon”
