Prosze o sprawdzenie loga

kas · 8 Luty 2005 14:11

Logfile of HijackThis v1.99.0

Scan saved at 15:13:42, on 08.02.2005

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINME\SYSTEM\KERNEL32.DLL

C:\WINME\SYSTEM\MSGSRV32.EXE

C:\WINME\SYSTEM\mmtask.tsk

C:\WINME\SYSTEM\MPREXE.EXE

C:\WINME\SYSTEM\STIMON.EXE

C:\WINME\SYSTEM\MSTASK.EXE

C:\WINME\SYSTEM\ZONELABS\VSMON.EXE

C:\WINME\SYSTEM\ZONELABS\ISAFE.EXE

C:\WINME\EXPLORER.EXE

C:\WINME\SYSTEM\RESTORE\STMGR.EXE

C:\WINME\TASKMON.EXE

C:\PROGRAMME\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE

C:\PROGRAMME\3DFX INTERACTIVE\3DFX TOOLS\APPS\3DFXMAN.EXE

C:\WINME\MIXER.EXE

C:\WINME\PCTVOICE.EXE

C:\PROGRAMME\SCANSOFT\OMNIPAGESE\OPWARE32.EXE

C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAMME\BABYLON\BABYLON.EXE

C:\PROGRAMME\RAPIDMEM\RAPIDMEM.EXE

C:\WINME\SYSTEM\MPS.EXE

C:\PROGRAMME\INCREDIMAIL\BIN\IMAPP.EXE

C:\PROGRAMME\BABYLON\utils\shlhook.exe

C:\PROGRAMME\ZONE LABS\ZONEALARM\MAILFRONTIER\MANTISPM.EXE

C:\WINME\SYSTEM\RNAAPP.EXE

C:\WINME\SYSTEM\TAPISRV.EXE

C:\TOTALCMD\TOTALCMD.EXE

C:\KAZEK\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINME\SYSTEM\MSDXM.OCX

O4 - HKLM…\Run: [scanRegistry] C:\WINME\scanregw.exe /autorun

O4 - HKLM…\Run: [TaskMonitor] C:\WINME\taskmon.exe

O4 - HKLM…\Run: [PCHealth] C:\WINME\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot

O4 - HKLM…\Run: [3dfx Task Manager] “C:\Programme\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe”

O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM…\Run: [CountrySelection] pctptt.exe

O4 - HKLM…\Run: [PCTVOICE] pctvoice.exe

O4 - HKLM…\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM…\Run: [Zone Labs Client] “C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe”

O4 - HKLM…\Run: [mps] C:\WINME\SYSTEM\mps.exe /s

O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\RunServices: [*StateMgr] C:\WINME\System\Restore\StateMgr.exe

O4 - HKLM…\RunServices: [stillImageMonitor] C:\WINME\SYSTEM\STIMON.EXE

O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM…\RunServices: [TrueVector] C:\WINME\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM…\RunServices: [CAISafe] C:\WINME\SYSTEM\ZoneLabs\isafe.exe

O4 - HKCU…\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU…\Run: [babylon Translator] C:\PROGRAMME\BABYLON\Babylon.exe

O4 - HKCU…\Run: [WITaj!] C:\PROGRAMME\WITAJ!\WIT2000.EXE

O4 - HKCU…\Run: [NBJ] “C:\PROGRAMME\AHEAD\NERO BACKITUP\NBJ.EXE”

O4 - HKCU…\Run: [RapidMem] “C:\Programme\RapidMem\RapidMem.exe” /tray

O4 - Startup: MICROSOFT OFFICE.LNK = C:\Programme\Microsoft Office\Office10\OSA.EXE

O4 - Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)

O9 - Extra ‘Tools’ menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)

O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.8.cab

O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.206.99.79/activex/AxisCamControl.cab

detektyw · 8 Luty 2005 14:16

do kasacji:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)

O9 - Extra ‘Tools’ menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)

kuz5 · 8 Luty 2005 14:23

Jeżeli nie używasz Windows Messenger to go usuń:

Start=>Uruchom=>Wpisz polecenie

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove