Niemożliwe ale wymiana bateryki pomogła ( jak narazie), komp startuje normalnie , tyle że nadal nie moge przesłac loga dopiero jak go podłącze do neta w domu , nie mam stacji dyskietek a nagrywarka do wymiany( jak pech to pech) , a teraz korzystam z laptopa z bezprzewodówką więc nie mam jak narazie przenieść logów. serdeczne pozdro
Złączono Posta : 02.01.2007 (Wto) 11:48
Witam serdecznie w Nowym Roku , bardzo proszę o ponowne sprawdzenie loga. pozdrawiam
Logfile of HijackThis v1.99.1
Scan saved at 11:27:41, on 07-01-02
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\AXBX\VIRUSKEEPER 2007 PRO TRIAL\VIRUSKEEPER.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [Transparent] Trans.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2007 Pro Trial\VirusKeeper.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Gadu-Gadu” = ““C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray” [“Gadu-Gadu S.A.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS]
“TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS]
“SystemTray” = “SysTray.Exe” [MS]
“LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS]
“Zasobnik systemowy” = “SysTray.Exe” [MS]
“nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "]
“Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS]
“IgfxTray” = “C:\WINDOWS\SYSTEM\igfxtray.exe” [“Intel Corporation”]
“HotKeysCmds” = “C:\WINDOWS\SYSTEM\hkcmd.exe” [“Intel Corporation”]
“Transparent” = “Trans.exe” [null data]
“StillImageMonitor” = “C:\WINDOWS\SYSTEM\STIMON.EXE” [MS]
“HP Software Update” = “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”]
“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]
“Tweak UI” = “RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp” [MS]
“VirusKeeper” = “C:\Program Files\AxBx\VirusKeeper 2007 Pro Trial\VirusKeeper.exe” [“AxBx”]
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ {++}
“LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS]
“SchedulingAgent” = “mstask.exe” [MS]
“NOD32kernel” = ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "]
“Hidserv” = “Hidserv.exe run” [MS]
“KB891711” = “C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar Helper”
\InProcServer32(Default) = “C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL” [“Yahoo! Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data]
“{23170F69-40C1-278A-1000-000100020000}” = “7-Zip Shell Extension”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”]
“{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.org 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}”
-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data]
7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data]
7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “C:\Program Files\7-Zip\7-zip.dll” [“Igor Pavlov”]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}”
-> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\PROGRAM FILES\WINRAR\rarext.dll” [null data]
Active Desktop and Wallpaper:
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by System Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\Chmury.bmp”
Displayed if Active Desktop disabled and wallpaper not set by System Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\WINDOWS\Chmury.bmp”
Active Desktop web content (hidden if disabled):
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
“FriendlyName” = “”
“Source” = “http://www.dombank.pl/_iMg/site/icons/ico_site_pdf.gif”
“SubscribedURL” = “http://www.dombank.pl/_iMg/site/icons/ico_site_pdf.gif”
WIN.INI & SYSTEM.INI launch points:
SYSTEM.INI
[boot]
“SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\DELFIN~1.SCR” [file not found]
Startup items in “Startup” & “All Users…Startup” folders:
C:\WINDOWS\Menu Start\Programy\Autostart
“HP Digital Imaging Monitor” -> shortcut to: “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe” [“Hewlett-Packard Co.”]
Enabled Scheduled Tasks:
“Rozpoczęcie aplikacji dostrajania” -> launches: “walign” [MS]
“Konserwacja — Scandisk” -> launches: “C:\WINDOWS\SCANDSKW.EXE /SAGERUN:0 /ALL /N” [MS]
“Konserwacja — programy Defragmentacji” -> launches: “C:\WINDOWS\DEFRAG.EXE /SAGERUN:0” [MS]
“Konserwacja — Porządkowanie dysku” -> launches: “C:\WINDOWS\CLEANMGR.EXE /SAGERUN:0” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\SYSTEM\imon.dll [null data], 01 - 05, 15
C:\WINDOWS\SYSTEM\msafd.dll [MS], 06 - 08
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 09 - 10
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 11 - 14
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}”
-> {HKLM…CLSID} = “Yahoo! Toolbar”
\InProcServer32(Default) = “C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL” [“Yahoo! Inc.”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar”
\InProcServer32(Default) = “C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL” [“Yahoo! Inc.”]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}”
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_04”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll” [“Sun Microsystems, Inc.”]
Miscellaneous IE Hijack Points
HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)
The Internet Explorer version cannot be found!
C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”)
The contents of IERESET.INF cannot be reliably checked!
Added lines (compared with English-language version):
Missing lines (compared with English-language version):
strings: 2 lines
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided)
-> {HKLM…CLSID} = “Search Class”
\InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [","]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = “HpTcpMon.dll” [“Hewlett Packard”]
usbmon\Driver = “usbmon.dll” [MS]
hpzl9x12\Driver = “hpzl9x12.dll” [“HP”]
usbmon.dll\Driver = “usbmon.dll” [MS]
<>: Suspicious data at a browser hijack point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 8 seconds.
---------- (total run time: 72 seconds)