Prośba o sprawdzenie logów - WIN98SE PL


(Pawelktr) #1
Logfile of HijackThis v1.99.1

Scan saved at 10:04:16, on 06-09-21

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

C:\NOWY FOLDER\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /waitservice

O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [kav] "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [AVP] "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE -r"

O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service

O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\PLUGINS\BROWSERBAR\IE_BAR.DLL

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SCIEPLUGIN.DLL

O15 - Trusted Zone: http://*.windowsupdate.com 

O16 - DPF: {E5EE81D5-C49F-45E5-B42F-0B7AEEDD047C} (Druk Control) - http://lpstudent.lexpolonica.pl/lexpolonica/printTempl/export.cab

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab

O21 - SSODL: System - {0272AD80-E637-11D9-9B70-00E04C01A455} - (no file)

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/

Operating System: Windows 98

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"internat.exe" = "internat.exe" [MS]

"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]

"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]

"Zasobnik systemowy" = "SysTray.Exe" [MS]

"Outpost Firewall" = "C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /waitservice" ["Agnitum Ltd."]

"OutpostFeedBack" = "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup" ["Agnitum Ltd."]

"kav" = ""C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE"" ["Kaspersky Lab"]

"(Default)" = (empty string)


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}

"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]

"KB891711" = "C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE" [MS]

"AVP" = ""C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE -r"" ["Kaspersky Lab"]

"Outpost Firewall" = "C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service" ["Agnitum Ltd."]


HKLM\Software\Microsoft\Active Setup\Installed Components\

{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\(Default) = "Microsoft Outlook Express 5"

                                       \StubPath = ""C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /uninstall" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

"{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"

  -> {HKLM...CLSID} = "Nero Shell Extension Property Sheet"

                   \InProcServer32\(Default) = "C:\Program Files\Ahead\nero\neroshx.dll" ["Ahead Software AG"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVCPL.DLL" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OP_SHELL.DLL" ["Agnitum Ltd."]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SHELLEX.DLL" ["Kaspersky Lab"]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OP_SHELL.DLL" ["Agnitum Ltd."]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OP_SHELL.DLL" ["Agnitum Ltd."]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SHELLEX.DLL" ["Kaspersky Lab"]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState



Enabled Scheduled Tasks:

------------------------


"Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:

C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1

C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4

C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{A1A7E22D-1587-4230-8F16-081C68D21448}\(Default) = "Szybkie dostosowywanie programu"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\PLUGINS\BROWSERBAR\IE_BAR.DLL" ["Agnitum Ltd."]


HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Ochrona WWW"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SCIEPLUGIN.DLL" ["Kaspersky Lab"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{44627E97-789B-40D4-B5C2-58BD171129A1}\

"ButtonText" = "Szybkie dostosowywanie programu Outpost Firewall Pro"


{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

  -> {HKLM...CLSID} = "Java Plug-in"

                   \InProcServer32\(Default) = "C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL" ["Sun Microsystems, Inc."]


{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

"ButtonText" = "Ochrona WWW"



Miscellaneous IE Hijack Points

------------------------------


HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)

The Internet Explorer version cannot be found!


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

The contents of IERESET.INF cannot be reliably checked!


Added lines (compared with English-language version):

[Strings]: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"


Missing lines (compared with English-language version):

[Strings]: 2 lines



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 18 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 17 seconds.

---------- (total run time: 61 seconds)

a tutaj jeszcze HT z opcja startup list:

StartupList report, 06-09-21, 10:08:02

StartupList version: 1.52.2

Started from : C:\NOWY FOLDER\HIJACKTHIS.EXE

Detected: Windows 98 SE (Win9x 4.10.2222A)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================


Running processes:


C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

C:\TOTALCMD\TOTALCMD.EXE

C:\NOWY FOLDER\HIJACKTHIS.EXE


--------------------------------------------------


Listing of startup folders:


Shell folders Startup:

[C]

*No files*


Shell folders AltStartup:

*Folder not found*


User shell folders Startup:

*Folder not found*


User shell folders AltStartup:

*Folder not found*


Shell folders Common Startup:

[C]

*No files*


Shell folders Common AltStartup:

*Folder not found*


User shell folders Common Startup:

*Folder not found*


User shell folders Alternate Common Startup:

*Folder not found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run


internat.exe = internat.exe

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun

TaskMonitor = C:\WINDOWS\taskmon.exe

Zasobnik systemowy = SysTray.Exe

Outpost Firewall = C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /waitservice

OutpostFeedBack = C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup

kav = "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE"

(Default) = 


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices


LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

KB891711 = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

Outpost Firewall = C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices


*Registry key not found*


--------------------------------------------------


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce


*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run


[OptionalComponents]

*No values found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*


--------------------------------------------------


Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*


--------------------------------------------------


File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command


(Default) = "%1" %*


--------------------------------------------------


File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command


(Default) = "%1" /S


--------------------------------------------------


File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command


(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*


--------------------------------------------------


File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command


(Default) = C:\WINDOWS\NOTEPAD.EXE %1


--------------------------------------------------


Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)


[SetupcPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf


[AppletsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf


[FontsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf


[{5A8D6EE0-3E18-11D0-821E-444553540000}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36


[PerUser_ICW_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf


[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}


[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP


[{89820200-ECBD-11cf-8B85-00AA005B4395}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36


[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *

StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf


[PerUser_Msinfo] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf


[PerUser_Msinfo2] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf


[MotownMmsysPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf


[MotownAvivideoPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf


[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub


[MotownMPlayPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf


[PerUser_Base] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf


[ShellPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf


[Shell2PerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf


[PerUser_winbase_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf


[PerUser_winapps_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf


[PerUser_LinkBar_URLs] *

StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L


[TapiPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf


[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1


[PerUserOldLinks] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf


[MmoptRegisterPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf


[PerUser_Paint_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf


[PerUser_Calc_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf


[PerUser_dxxspace_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf


[PerUser_CVT_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf


[MotownRecPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf


[PerUser_Vol] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf


[PerUser_MSWordPad_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf


[PerUser_RNA_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf


[PerUser_DCC_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf


[PerUser_Wingames_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf


[PerUser_Sysmon_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf


[PerUser_netwatch_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf


[PerUser_CharMap_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf


[PerUser_ClipBrd_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf


[PerUser_CDPlayer_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf


[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install


[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub


[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP


[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *

StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl


[NetservrPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection NetservrPerUser 64 C:\WINDOWS\INF\netservr.inf


[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /uninstall


[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub


--------------------------------------------------


Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps


*Registry key not found*


--------------------------------------------------


Load/Run keys from C:\WINDOWS\WIN.INI:


load=

run=


--------------------------------------------------


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:


Shell=Explorer.exe

SCRNSAVE.EXE=

drivers=mmsystem.dll power.drv


--------------------------------------------------


Checking for EXPLORER.EXE instances:


C:\WINDOWS\Explorer.exe: PRESENT!


C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present


--------------------------------------------------


C:\WINDOWS\WININIT.INI listing:


*File not found*


--------------------------------------------------


C:\WINDOWS\WININIT.BAK listing:

(Created 13/9/2006, 10:58:10)


[rename]

NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp


--------------------------------------------------


C:\AUTOEXEC.BAT listing:


SET BLASTER=A220 I5 D1 H5 P330 T6

SET CTSYN=C:\WINDOWS

C:\PROGRA~1\CREATIVE\SBLIVE\DOSDRV\SBEINIT.COM

mode con codepage prepare=((852) C:\WINDOWS\COMMAND\ega.cpi)

mode con codepage select=852

keyb pl,,C:\WINDOWS\COMMAND\keybrd4.sys

SET PATH=C:\WINDOWS\SYSTEM\WBEM;%PATH%


--------------------------------------------------


C:\CONFIG.SYS listing:


DEVICE=C:\WINDOWS\HIMEM.SYS

DEVICE=C:\WINDOWS\EMM386.EXE

device=C:\WINDOWS\COMMAND\display.sys con=(ega,,1)

Country=048,852,C:\WINDOWS\COMMAND\country.sys


--------------------------------------------------


C:\WINDOWS\WINSTART.BAT listing:


*File not found*


--------------------------------------------------


C:\WINDOWS\DOSSTART.BAT listing:


C:\PROGRA~1\CREATIVE\SBLIVE\DOSDRV\SBEINIT.COM


--------------------------------------------------


Checking for superhidden extensions:


.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden


--------------------------------------------------


Verifying REGEDIT.EXE integrity:


- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Edytor Rejestru'


Registry check passed


--------------------------------------------------


Enumerating Browser Helper Objects:


(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}


--------------------------------------------------


Enumerating Task Scheduler jobs:


Rozpoczęcie aplikacji dostrajania.job


--------------------------------------------------


Enumerating Download Program Files:


[Microsoft XML Parser for Java]


[DirectAnimation Java Classes]


[Internet Explorer Classes for Java]


[Update Class]

InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38378.4354513889


[Shockwave Flash Object]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8A.OCX

CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab


[Druk Control]

CODEBASE = http://lpstudent.lexpolonica.pl/lexpolonica/printTempl/export.cab


[ParallelGraphics Cortona Control]

CODEBASE = http://www.parallelgraphics.com/bin/cortvrml.cab


[Java Plug-in]

InProcServer32 = C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab


[Java Plug-in 1.5.0_06]

InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab


[Java Plug-in 1.5.0_06]

InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab


--------------------------------------------------


Enumerating Winsock LSP files:


NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll

Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll

Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll

Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll


--------------------------------------------------


Enumerating Win9x VxD services:


VNETSUP: vnetsup.vxd

NDIS: ndis.vxd,ndis2sup.vxd

JAVASUP: JAVASUP.VXD

CONFIGMG: *CONFIGMG

NTKern: *NTKERN

VWIN32: *VWIN32

VFBACKUP: *VFBACKUP

VCOMM: *VCOMM

COMBUFF: *COMBUFF

IFSMGR: *IFSMGR

IOS: *IOS

MTRR: *mtrr

SPOOLER: *SPOOLER

UDF: *UDF

VFAT: *VFAT

VCACHE: *VCACHE

VCOND: *VCOND

VCDFSD: *VCDFSD

VXDLDR: *VXDLDR

VDEF: *VDEF

VPICD: *VPICD

VTD: *VTD

REBOOT: *REBOOT

VDMAD: *VDMAD

VSD: *VSD

V86MMGR: *V86MMGR

PAGESWAP: *PAGESWAP

DOSMGR: *DOSMGR

VMPOLL: *VMPOLL

SHELL: *SHELL

PARITY: *PARITY

BIOSXLAT: *BIOSXLAT

VMCPD: *VMCPD

VTDAPI: *VTDAPI

PERF: *PERF

VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386

VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd

VNETBIOS: vnetbios.vxd

VREDIR: vredir.vxd

DFS: dfs.vxd

VSERVER: vserver.vxd

KLIF: C:\WINDOWS\SYSTEM\klif.vxd

KL1: C:\WINDOWS\SYSTEM\kl1.vxd


--------------------------------------------------


Enumerating ShellServiceObjectDelayLoad items:


WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

System: *Registry key not found*


--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


*No values found*


--------------------------------------------------


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


*Registry key not found*


--------------------------------------------------


End of report, 21 275 bytes

Report generated in 0,688 seconds


Command line options:

   /verbose - to add additional info on each section

   /complete - to include empty sections and unsuspicious data

   /full - to include several rarely-important sections

   /force9x - to include Win9x-only startups even if running on WinNT

   /forcent - to include WinNT-only startups even if running on Win9x

   /forceall - to include all Win9x and WinNT startups, regardless of platform

   /history - to list version history only

No i to chyba wszystko, z góry dziękuję za pomoc :slight_smile: :slight_smile:


(Bbieniol) #2

Kosmetycznie usuń Hijackiem ten wpis:

Poza tym w logach czysto :slight_smile:

Czy jest jakiś problem?


(Pawelktr) #3

Bardzo dziękuję, nie ma żadnego problemu który ja bym zauważył,ale ponieważ nie znam się na tym za bardzo to wolałem zasięgnąć opinii specjalistów na wszelki wypadek, "strzeżonego.." itd. :slight_smile: Jeszcze raz dziękuję.