Przetłumaczenie po sprawdzeniu loga chodzi o 010-


(jan1) #1

Safe. Shows the version of HijackThis an. The newest version is: v1.99.1!

This should be the newest version. (v1.99.1)

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180!

This should be the newest version. (6.00.2900.2180)

C:\WINDOWS\System32\smss.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\winlogon.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\services.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\lsass.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

Safe. running process. (InCDsrv.exe)

Possibly nasty! According to our database this process runs normally in c:\programme\ahead\incd! Check if you know this process and arrange a viruscheck where required.

C:\WINDOWS\system32\svchost.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\System32\svchost.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\Explorer.EXE

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\spoolsv.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\WINDOWS\system32\CTsvcCDA.exe

Safe. running process. (CTsvcCDA.exe)

Creative Soundkarte

D:\Program Files\MKS_VIR_2006\mksmonsv.exe

Safe. running process. (mksmonsv.exe)

MKS_Vir

Possibly nasty! According to our database this process runs normally in c:\programme\mks\bin! Check if you know this process and arrange a viruscheck where required.

C:\WINDOWS\system32\RUNDLL32.EXE

Safe. running process. (RUNDLL32.EXE)

RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.

C:\WINDOWS\htpatch.exe

Safe. running process. (htpatch.exe)

HTpatch.exe is related to hardware from SiS.

C:\WINDOWS\system32\CTHELPER.EXE

Safe. running process. (CTHELPER.EXE)

Tool für die Creative Soundkarte.

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

Safe. running process. (InCD.exe)

Possibly nasty! According to our database this process runs normally in c:\programme\ahead\incd! Check if you know this process and arrange a viruscheck where required.

D:\Program Files\MKS_VIR_2006\mks2006.exe

Unknown running process. (mks2006.exe)

This is a unknown process.

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

Safe. running process. (jusched.exe)

Java Runtime

C:\WINDOWS\system32\nvsvc32.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\Program Files\UPSMON\UPSMON.exe

Unknown running process. (UPSMON.exe)

This is a unknown process.

C:\Program Files\Lexmark 4300 Series\lxcemon.exe

Unknown running process. (lxcemon.exe)

This is a unknown process.

C:\Program Files\Lexmark 4300 Series\ezprint.exe

Safe. running process. (ezprint.exe)

Lexmark printer related

D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

Unknown running process. (SpywareTerminatorShield.exe)

This is a unknown process.

C:\WINDOWS\system32\svchost.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

Safe. running process. (NMBgMonitor.exe)

Nero Burning Monitor

D:\Program Files\MKS_VIR_2006\Mks_mail.exe

Unknown running process. (Mks_mail.exe)

This is a unknown process.

C:\Program Files\UPSMON\UPSMON_Service.Exe

Unknown running process. (UPSMON_Service.Exe)

This is a unknown process.

D:\Program Files\HDD Thermometer\HDD Thermometer.exe

Safe. running process. (HDDThermometer.exe)

HDD Thermometer

D:\pliki win-rar tymczasowe\Rar$EX00.250\Zegarynka.exe

Unknown running process. (Zegarynka.exe)

This is a unknown process.

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

Unknown running process. (KodakSoftwareUpdater.exe)

This is a unknown process.

D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Safe. running process. (EasyShare.exe)

C:\WINDOWS\system32\MsPMSPSv.exe

Safe. running process. (MsPMSPSv.exe)

Helper service installed by Windows Media Player 7.

C:\WINDOWS\system32\lxcecoms.exe

Unknown running process. (lxcecoms.exe)

This is a unknown process.

D:\Program Files\MKS_VIR_2006\mks_scan.exe

Safe. running process. (mks_scan.exe)

MKS_Vir

Possibly nasty! According to our database this process runs normally in c:\program files\mks\bin! Check if you know this process and arrange a viruscheck where required.

C:\WINDOWS\system32\wuauclt.exe

Safe. running process. (wuauclt.exe)

Windows Update AutoUpdate Client

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

Safe. running process. (OUTLOOK.EXE)

E-Mail Client für Windows.

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

Safe. running process. (WINWORD.EXE)

Microsoft Word

C:\Program Files\Mozilla Firefox\firefox.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

D:\Pobrane-Internet\Wirusy\HijackThis.exe

Safe. running process. (HijackThis.exe)

Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe

Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

Safe.

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

Possibly nasty Should be fixed if you do not know the application or if no application is mentioned.

Should be fixed if you do not know this application.

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 100,00%

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

Safe. Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644-206D7942484F] - Result: 53707962-6F74-2D53-2644-206D7942484F) has been checked. Hit rate: 100,00%

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

Safe. Entries found in this registry zone are potentially nasty. This application ([761497BB-D6F0-462C-B6EB-D4DAF1D92D43] - Result: 761497BB-D6F0-462C-B6EB-D4DAF1D92D43) has been checked. Hit rate: 100,00%

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

Safe. Entries found in this registry zone are potentially nasty. This application ([AA58ED58-01DD-4d91-8333-CF10577473F7] - Result: AA58ED58-01DD-4d91-8333-CF10577473F7) has been checked. Hit rate: 100,00%

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

Safe. Entries found in this registry zone are potentially nasty. This application ([2318C2B1-4965-11d4-9B18-009027A5CD4F] - Result: 2318C2B1-4965-11D4-9B18-009027A5CD4F) has been checked. Hit rate: 97,22%

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Safe. Part of NVidia

Hit rate: 100,00 % (result)

O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

Safe. HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%

Hit rate: 100,00 % (result)

O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

Safe. SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP. Why is it in the startups though?

Hit rate: 100,00 % (result)

O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE

Safe. CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so its best left disabled unless you need it

Hit rate: 95,45 % (result)

Not dangerous, but unnecessary.

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

Safe. Reminder to register Creative Labs SoundBlaster Live! cards

Hit rate: 80,00 % (result)

Not dangerous, but unnecessary.

O4 - HKLM..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

Safe. Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection

Hit rate: 100,00 % (result)

Not dangerous, but unnecessary.

O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

Safe. Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard

Hit rate: 87,50 % (result)

Not dangerous, but unnecessary.

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

Safe. Associated with "Nero Burning Rom" CD writing software. Checks for driver issues

Hit rate: 100,00 % (result)

O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

Safe.

Hit rate: 100,00 % (result)

O4 - HKLM..\Run: [MKS_VIR_2006] D:\Program Files\MKS_VIR_2006\mks2006.exe

Unknown

Hit rate: 0,00 % (result)

Unknown application.

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

Safe. Java von Sun

Hit rate: 100,00 % (result)

O4 - HKLM..\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exe

Unknown

Hit rate: 0,00 % (result)

Unknown application.

O4 - HKLM..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"

Possibly nasty

Hit rate: 0,00 % (result)

It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.

O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"

Safe. Lexmark printer related

Hit rate: 100,00 % (result)

O4 - HKLM..\Run: [spywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

Unknown

Hit rate: 0,00 % (result)

Unknown application.

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

Unknown

Hit rate: 0,00 % (result)

Unknown application.

O4 - HKCU..\Run: [MailScanner] D:\Program Files\MKS_VIR_2006\Mks_mail.exe

Unknown

Hit rate: 0,00 % (result)

Unknown application.

O4 - HKCU..\Run: [RSD_HDDThermo] D:\Program Files\HDD Thermometer\HDD Thermometer.exe

Unknown

Hit rate: 0,00 % (result)

Unknown application.

O4 - HKCU..\Run: [Zegarynka] D:\pliki win-rar tymczasowe\Rar$EX00.250\Zegarynka.exe

Unknown

Hit rate: 0,00 % (result)

Unknown application.

O4 - HKCU..\Run: [WITaj!] D:\Program Files\WITaj!\Wit2000.exe /jeden /prywatne

Unknown

Hit rate: 0,00 % (result)

Unknown application.

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

Safe. Sagem DSL modem related. Apparently needed to detect the modem.

Hit rate: 62,50 % (result)

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

Unknown

Hit rate: 0,00 % (result)

Unknown application.

O4 - Global Startup: Oprogramowanie Kodak EasyShare.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Safe. Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually.

Hit rate: 75,86 % (result)

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

Safe. The entry &Google Search has been identified as safe.

If the entry '&Google Search ' is not needed anymore, it should be fixed.

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

Safe. The entry &Translate English Word has been identified as safe.

If the entry '&Translate English Word ' is not needed anymore, it should be fixed.

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

Safe. The entry Backward Links has been identified as safe.

If the entry 'Backward Links ' is not needed anymore, it should be fixed.

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

Safe. The entry Cached Snapshot of Page has been identified as safe.

If the entry 'Cached Snapshot of Page ' is not needed anymore, it should be fixed.

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Safe. The entry E&ksport do programu Microsoft Excel has been identified as safe.

If the entry 'E&ksport do programu Microsoft Excel ' is not needed anymore, it should be fixed.

O8 - Extra context menu item: Pobierz używając Download &Express'a - D:\Program Files\Download Express\Add_Url.htm

Safe. The entry Pobierz używając Download &Express'a has been identified as safe.

If the entry 'Pobierz używając Download &Express'a ' is not needed anymore, it should be fixed.

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

Safe. The entry Similar Pages has been identified as safe.

If the entry 'Similar Pages ' is not needed anymore, it should be fixed.

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

Safe. The entry Translate Page into English has been identified as safe.

If the entry 'Translate Page into English ' is not needed anymore, it should be fixed.

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

Safe. The entry has been identified as safe.

If the entry '' is not needed anymore, it should be fixed.

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

Safe. The entry Sun Java Console has been identified as safe.

If the entry 'Sun Java Console ' is not needed anymore, it should be fixed.

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

Safe. The entry Badanie has been identified as safe.

If the entry 'Badanie ' is not needed anymore, it should be fixed.

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll

Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.

Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll

Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.

Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll

Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.

Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll

Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.

Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll

Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.

Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab

Safe. This entry has been identified as safe.

O17 - HKLM\System\CCS\Services\Tcpip..{E0C02C6C-9780-4F10-B0B8-DF0EF2E37401}: NameServer = 194.204.152.34 217.98.63.164

Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.

Do you know the IP or Domain '194.204.152.34 217.98.63.164'? If not, fix this entry.

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (CTsvcCDA.exe) was identified as a good one.

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (InCDsrv.exe) was identified as a good one.

O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe

Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

Unknown service. (lxcecoms.exe)

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\MKS_VIR_2006\mksmonsv.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (mksmonsv.exe) was identified as a good one.

O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\MKS_VIR_2006\mks_scan.exe

Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

This service (mks_scan.exe) was identified as a good one.

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

Unknown service. (NBService.exe)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Safe. This entry was classified from our visitors as good.

Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.

O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe

Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

Unknown service. (UPSMON_Service.Exe)


(Gblade) #2

Co to jest :o ? nie wkleiłeś to czasem z jakiego analizatora ? Wklej "normalny log z hijackthis" i silent runners.


(jan1) #3

Tak to jest log z analizatora tyle że firmowego-hijacthisa.

Wysłałem go tam bo mam problem z zaporą MKS-a, blokuje przy powtórnym połączeniu dostęp do serwera. Już raz dałem loga proponowano użyć Winsockfix efekt był taki że zostały usunięte pliki zapory..

Jeśli się nie mylę analizator własnie w niej widzi jakieś problemy..

Stąd moja prośba,tym niemniej wysyłam loga poniżej.

Logfile of HijackThis v1.99.1

Scan saved at 16:01:25, on 2006-07-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\UPSMON\UPSMON.exe

C:\Program Files\Lexmark 4300 Series\lxcemon.exe

C:\Program Files\Lexmark 4300 Series\ezprint.exe

D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\UPSMON\UPSMON_Service.Exe

D:\Program Files\HDD Thermometer\HDD Thermometer.exe

D:\pliki win-rar tymczasowe\Rar$EX00.250\Zegarynka.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\lxcecoms.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

D:\Program Files\MKS_VIR_2006\mks2006.exe

D:\Program Files\MKS_VIR_2006\mksmonsv.exe

D:\Program Files\MKS_VIR_2006\mks_mail.exe

D:\Program Files\MKS_VIR_2006\mks_scan.exe

D:\Pobrane-Internet\Wirusy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM..\Run: [MKS_VIR_2006] D:\Program Files\MKS_VIR_2006\mks2006.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM..\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exe

O4 - HKLM..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"

O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"

O4 - HKLM..\Run: [spywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [MailScanner] D:\Program Files\MKS_VIR_2006\Mks_mail.exe

O4 - HKCU..\Run: [RSD_HDDThermo] D:\Program Files\HDD Thermometer\HDD Thermometer.exe

O4 - HKCU..\Run: [Zegarynka] D:\pliki win-rar tymczasowe\Rar$EX00.250\Zegarynka.exe

O4 - HKCU..\Run: [WITaj!] D:\Program Files\WITaj!\Wit2000.exe /jeden /prywatne

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Oprogramowanie Kodak EasyShare.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz używając Download &Express'a - D:\Program Files\Download Express\Add_Url.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll

O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip..{E0C02C6C-9780-4F10-B0B8-DF0EF2E37401}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\MKS_VIR_2006\mksmonsv.exe

O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\MKS_VIR_2006\mks_scan.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe


(Monczkin) #4

jan1 proszę logi obejmować znaczikiem quote


(Gblade) #5

log czysty

Winsockfix resetuje cały łańcuch do domyślnych ustawień, nie skasował filtra mksa, tylko wykluczył go z łańcucha.

Problemów z nowym mks'em jest dość dużo, może spytaj się na ich forum, to ci coś podpowiedzą.


(jan1) #6

Pytam,pytam...i pomoc techniczna też w to zaangażowana na razie bez rezultatu