-
Przepraszam za brak polskich liter ale ja juz tu siedze od 18 i przegladam wszystkie mozliwosci jak wprowadzic polska literowke na forum i mnie cos zaraz trafi bo trace dzien na nie swoj komp.
-
Komp jest ogolnie zamulony, nie chce sie zainstalowac java bo pisze cos o braku wirtualnej maszyny i brak wpisow w dodaj usun/programy.
Logfile of HijackThis v1.99.1
Scan saved at 5:32:08 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Gadu-Gadu\gg.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\bunnyusa\LOCALS~1\Temp\Temporary Directory 2 for hijackthis1.99.1.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {9F3BE465-8193-A793-E290-B7D1209F7B22} - ftbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {184726FC-0A5F-1C4B-02D0-96C8A7EC9D84} - C:\Program Files\LinkOptimizer\LinkOptimizer.dll (file missing)
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Gadu-Gadu\gg.exe” /tray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-51E5083BE3D9} - C:\Program Files\ArmorIE\SX.dll (HKCU)
O15 - Trusted Zone: *.gadu-gadu.pl
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133284252656
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: horologium - {7be183d2-a42d-4915-bf60-ec86fbf002cf} - C:\WINDOWS\system32\httge.dll (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Gadu-Gadu” = ““C:\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “Adobe PDF Reader Link Helper”
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{184726FC-0A5F-1C4B-02D0-96C8A7EC9D84}(Default) = (no title provided)
-> {HKLM…CLSID} = “Class”
\InProcServer32\(Default) = "C:\Program Files\LinkOptimizer\LinkOptimizer.dll" [file not found]
{52706EF7-D7A2-49AD-A615-E903858CF284}(Default) = (no title provided)
-> {HKLM…CLSID} = “X1IEHook Class”
\InProcServer32\(Default) = "C:\Program Files\NetZero\qsacc\x1IEBHO.dll" ["United Online, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
“{DEE12703-6333-4D4E-8F34-738C4DCC2E04}” = “RecordNow! SendToExt”
-> {HKLM…CLSID} = “RecordNow! SendToExt”
\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
“{7D5C4BDD-B015-4401-8731-1507B87DE297}” = “QBVersionTool”
-> {HKLM…CLSID} = “VersionShellExt Class”
\InProcServer32\(Default) = "C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll" ["Intuit, Inc."]
“{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes”
-> {HKLM…CLSID} = “iTunes”
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
“{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension”
-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<> “{7be183d2-a42d-4915-bf60-ec86fbf002cf}” = “horologium”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\httge.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
“horologium” = “{7be183d2-a42d-4915-bf60-ec86fbf002cf}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\httge.dll" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
“AppInit_DLLs” = (value not set)
HKLM\System\CurrentControlSet\Control\Session Manager\
<> “BootExecute” = “stera” [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}”
-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}”
-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
AntivirusShlExt(Default) = “{BE79B9C8-9791-41d3-9267-C4123AC0AEAE}”
-> {HKLM…CLSID} = “AVShellExt Class”
\InProcServer32\(Default) = "C:\Program Files\Microsoft Windows OneCare Live\AVShellExt.dll" [MS]
Group Policies {policy setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000000
{unrecognized setting}
“NoBandCustomize” = (REG_DWORD) hex:0x00000000
{Disable customizing browser toolbars}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“NoCDBurning” = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\bunnyusa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS]
Enabled Scheduled Tasks:
“MP Scheduled Scan” -> launches: “C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe Scan -RestrictPrivileges” [MS]
“Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [file not found]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 29
C:\WINDOWS\system32\mclsp.dll [“Networks Associates Technology, Inc”], 06 - 16, 28
%SystemRoot%\system32\mswsock.dll [MS], 17 - 19, 22 - 27
%SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{F5735C15-1FB2-41FE-BA12-242757E69DDE}”
-> {HKLM…CLSID} = “ZeroBar”
\InProcServer32\(Default) = "C:\Program Files\NetZero\toolbar.dll" [empty string]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{F5735C15-1FB2-41FE-BA12-242757E69DDE}” = (no title provided)
-> {HKLM…CLSID} = “ZeroBar”
\InProcServer32\(Default) = "C:\Program Files\NetZero\toolbar.dll" [empty string]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{32D93E0D-E3B3-1317-5C87-5B79E434D004}(Default) = (no title provided)
-> {HKLM…CLSID} = “Stealth console”
\InProcServer32\(Default) = "C:\Program Files\LinkOptimizer\LinkOptimizer.dll" [file not found]
{548857A9-80D0-4ACB-B4F9-3F6EEF16A246}(Default) = (no title provided)
-> {HKLM…CLSID} = “ArmorIE”
\InProcServer32\(Default) = "C:\Program Files\ArmorIE\SX.dll" [null data]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{0565CF3E-6070-4272-8EEF-51E5083BE3D9}\
“ButtonText” = “ArmorIE”
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
“ButtonText” = “Spyware Doctor”
“CLSIDExtension” = “{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}”
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
{D81CA86B-EF63-42AF-BEE3-4502D9A03C2D}\
“ButtonText” = “MUSICMATCH MX Web Player”
“Script” = “http://wwws.musicmatch.com/mmz/openWebRadio.html” [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]
Miscellaneous IE Hijack Points
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<> “{9F3BE465-8193-A793-E290-B7D1209F7B22}” = “sysconf16”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "ftbar.dll" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "]
OneCare AntiSpyware and AntiVirus, OneCareMP, ““C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe”” [MS]
Windows Live OneCare, winss, “C:\Program Files\Microsoft Windows OneCare Live\winss.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt09\Driver = “hpzsnt09.dll” [“HP”]
Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS]
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
-
This report excludes default entries except where indicated.
-
To see everywhere the script checks and everything it finds,
launch it from a command prompt or a shortcut with the -all parameter.
-
To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 42 seconds, including 14 seconds for message boxes)
-
Prosze o pomoc.