goldenSo [ AnomaliA ]
Spyware
mam problem. na kompie wyskakuje mi różnego rodzaju spyware pod ie. w dodatku ie się zablokowało(ehh niemusze chyba mówić jakie treści wyskakują[18+])
próbowałem ad aware, spy bot
a tutaj zamiesczam log z hijack this!
Logfile of HijackThis v1.97.7
Scan saved at 21:14:32, on 2004-06-02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\XP\System32\smss.exe
C:\XP\system32\winlogon.exe
C:\XP\system32\services.exe
C:\XP\system32\lsass.exe
C:\XP\system32\svchost.exe
C:\XP\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\XP\system32\spoolsv.exe
C:\XP\system32\explorer.exe
C:\XP\Explorer.EXE
C:\XP\system32\regmon.exe
C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe
C:\windows\cvchost.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\Program Files\VirtualCD3\VCDDriveset.EXE
C:\XP\system32\mspaint.exe
C:\XP\System32\svchost.exe
C:\Documents and Settings\Piotr\Pulpit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://any-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://any-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://213.159.117.132/redir.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://213.159.117.132/redir.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://213.159.117.132/redir.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://213.159.117.132/redir.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://any-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://any-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = https://213.159.117.132/redir.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = https://213.159.117.132/redir.php
O2 - BHO: (no name) - A5366673-E8CA-11D3-9CD9-0090271D075B - (no file)
O4 - HKLM\..\Run: [regmon] C:\XP\system32\regmon.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O16 - DPF: 48884C41-EFAC-433D-958A-9FADAC41408E (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
-----
licze na waszą pomoc