Prosze o sprawdzenie Loga
Logfile of HijackThis v1.99.1
Scan saved at 10:15:20, on 2005–08–09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\usr\mysql\bin\mysqld–nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
D:\Programy\Gadu–Gadu\gg.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Misiek\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Programy\adobe readed\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Accoona Search Assistant – {944864A5–3916–46E2–96A9–A2E84F3F1208} – C:\Program Files\Accoona\ASearchAssist.dll
O2 – BHO: TGTSoft Explorer Toolbar Changer – {C333CF63–767F–4831–94AC–E683D962C63C} – C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – C:\Program Files\DAP\DAPIEBar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Accoona – {364B6276–C6C1–40B6–A6D7–6C48871FD707} – C:\Program Files\Accoona\atoolbar.dll
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 – HKLM\..\Run: [WinampAgent] d:\programy\Winamp\winampa.exe
O4 – HKLM\..\Run: [No–IP Client 1.2] "C:\Documents and Settings\Misiek\Pulpit\noipclient.exe"
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [MailScanner] C:\Program Files\MKS\Bin\mks_mail.exe
O4 – HKLM\..\RunServicesOnce: [1] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCHal.dll
O4 – HKLM\..\RunServicesOnce: [2] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BlstCtrl.dll
O4 – HKLM\..\RunServicesOnce: [3] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCInfo.dll
O4 – HKLM\..\RunServicesOnce: [4] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCMon.dll
O4 – HKLM\..\RunServicesOnce: [5] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCColor.dll
O4 – HKLM\..\RunServicesOnce: [6] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCDesk.dll
O4 – HKLM\..\RunServicesOnce: [20] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCPref.dll
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Programy\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [Power LED 1.0] C:\Documents and Settings\Misiek\Pulpit\Power LED.exe
O4 – Startup: PowerReg Scheduler V3.exe
O4 – Startup: PowerReg Scheduler.exe
O4 – Startup: Reboot.exe
O4 – Startup: WinMySQLadmin.lnk = C:\usr\mysql\bin\winmysqladmin.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra button: Run WinHTTrack – {36ECAF82–3300–8F84–092E–AFF36D6C7040} – d:\programy\WinHTTrack\WinHTTrackIEBar.dll
O9 – Extra 'Tools' menuitem: Launch WinHTTrack – {36ECAF82–3300–8F84–092E–AFF36D6C7040} – d:\programy\WinHTTrack\WinHTTrackIEBar.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O12 – Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 – Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 – Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c6.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_63.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {4C39376E–FA9D–4349–BACC–D305C1750EF3} (EPUImageControl Class) – http://tools.ebayimg.com/eps/activex/EPUWALControl_v1–0–3–18.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123484783763
O16 – DPF: {745395C8–D0E1–4227–8586–624CA9A10A8D} (AxisMediaControl Class) – http://217.96.55.11//activex/AMC.cab
O16 – DPF: {A854AD6D–6DB5–41FB–8044–0BD38092A007} (Ganymede Sudoku) – http://67.15.101.3/g_bin/pl/sudoku_2_0_0_3.cab
O16 – DPF: {A8739816–022C–11D6–A85D–00C04F9AEAFB} (Web Camera Server Control) – http://217.28.152.24/wg_webeye.cab
O16 – DPF: {E23FABEE–12E3–33DA–DA12–195DAC123984} (GameDesire Mahjong) – http://67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 – DPF: {E7D2588A–7FB5–47DC–8830–832605661009} (Live Collaboration) – http://bok.plusgsm.pl/rnt/rnl/java/RntX.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GameDesire Soccer) – http://67.15.101.3/g_bin/pl/soccer_2_0_0_8.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{D310E6BE–E6E5–4FCA–86AB–492E4A1CE1DE}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Proxy Service (ccPxySvc) – Symantec Corporation – C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 – Service: Crypkey License – Kenonic Controls Ltd. – C:\WINDOWS\SYSTEM32\crypserv.exe
O23 – Service: Macromedia Licensing Service – Unknown owner – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: MySql – Unknown owner – c:/usr/mysql/bin/mysqld–nt.exe
O23 – Service: Norton Personal Firewall Accounts Manager (NISUM) – Symantec Corporation – C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Odpowiedzi: 2
dziękuje bardzo
Pozdrawiam
Pozdrawiam
Będąc konsekwentny powinienem temat od ręki zamknąc albo od razu usunąć, ale na razie będe upominał.
Jeśli sam nie instalowałeś Accoony to wylatuje:
Pozbadz się:
Pozostałych ActiveX nie wymieniałem bo nie wiem czy są Twoje.
To zdaje się od Creative, ale po co to ? Chyba moźna usunąc.
Jeśli sam nie instalowałeś Accoony to wylatuje:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 – BHO: Accoona Search Assistant – {944864A5–3916–46E2–96A9–A2E84F3F1208} – C:\Program Files\Accoona\ASearchAssist.dll
O3 – Toolbar: Accoona – {364B6276–C6C1–40B6–A6D7–6C48871FD707} – C:\Program Files\Accoona\atoolbar.dll
Pozbadz się:
R3 – Default URLSearchHook is missing
O4 – Startup: Reboot.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c6.cab
Pozostałych ActiveX nie wymieniałem bo nie wiem czy są Twoje.
To zdaje się od Creative, ale po co to ? Chyba moźna usunąc.
O4 – HKLM\..\RunServicesOnce: [1] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCHal.dll
O4 – HKLM\..\RunServicesOnce: [2] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BlstCtrl.dll
O4 – HKLM\..\RunServicesOnce: [3] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCInfo.dll
O4 – HKLM\..\RunServicesOnce: [4] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCMon.dll
O4 – HKLM\..\RunServicesOnce: [5] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCColor.dll
O4 – HKLM\..\RunServicesOnce: [6] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCDesk.dll
O4 – HKLM\..\RunServicesOnce: [20] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCPref.dll
Strona 1 / 1