20 Paź 2006, 15:09
20 Paź 2006, 17:14
Logfile of HijackThis v1.99.1
Scan saved at 17:13:41, on 2006-10-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesEset
od32krn.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesEset
od32kui.exe
C:Program FilesMultimedia Combo SetMouseDrv.exe
C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
C:WINDOWSsystem32HBO ScreenSaver.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesCommon Files{ACFCEBC0-0A6B-1045-0804-040406090030}Update.exe
C:Program FilesAresAres.exe
C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsTomekPulpithijackthisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [nod32kui] "C:Program FilesEset
od32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WireLessMouse ] C:Program FilesMultimedia Combo SetMouseDrv.exe
O4 - HKLM..Run: [WireLessKeyboard ] C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
O4 - HKLM..Run: [HBOScreensaver] "C:WINDOWSsystem32HBO ScreenSaver.exe" /sch
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [BearFlix] "C:Program FilesBearFlixBearFlix.exe" /pause
O4 - HKLM..Run: [PVModule] C:PROGRA~1PRINTV~1pvmodule.exe
O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h
O4 - HKCU..Run: [Dzieńdobry!] C:Documents and SettingsTomekMoje dokumentyDzieńdobry!dziendobry.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_30.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_23.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_30.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://83.18.237.172/plugin/h263ctrl.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_46.cab
O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_30.cab
O20 - Winlogon Notify: wintfj32 - C:WINDOWSSYSTEM32wintfj32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEset
od32krn.exe
20 Paź 2006, 17:16
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
"{ACFCEBC0-0A6B-1045-0804-040406090030}" = ""C:Program FilesCommon Files{ACFCEBC0-0A6B-1045-0804-040406090030}Update.exe" mc-110-12-0000272" [null data]
HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ares" = ""C:Program FilesAresAres.exe" -h" ["Ares Development Group"]
"Dzieńdobry!" = "C:Documents and SettingsTomekMoje dokumentyDzieńdobry!dziendobry.exe /auto" ["VSD Software"]
HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun {++}
"ishost.exe" = "ishost.exe" [file not found]
HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay" [null data]
"Skrót do strony właściwości High Definition Audio" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"nod32kui" = ""C:Program FilesEset
od32kui.exe" /WAITSERVICE" ["Eset "]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"WireLessMouse " = "C:Program FilesMultimedia Combo SetMouseDrv.exe" [empty string]
"WireLessKeyboard " = "C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe" [empty string]
"HBOScreensaver" = ""C:WINDOWSsystem32HBO ScreenSaver.exe" /sch" [null data]
"QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]
"BearFlix" = ""C:Program FilesBearFlixBearFlix.exe" /pause" [file not found]
"PVModule" = "C:PROGRA~1PRINTV~1pvmodule.exe" [file not found]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
{HKLM...CLSID} = "Yahoo! Toolbar Helper"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
{HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO"
{HKLM...CLSID} = "My Global Search Bar BHO"
InProcServer32(Default) = "C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL" [file not found]
{C004DEC2-2623-438e-9CA2-C9043AB28508}(Default) = (no title provided)
{HKLM...CLSID} = "ToolBar888"
InProcServer32(Default) = "C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll" [file not found]
HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]
20 Paź 2006, 17:20
20 Paź 2006, 17:46
---------- (total run time: X seconds, including X seconds for message boxes)
20 Paź 2006, 17:56
Logfile of HijackThis v1.99.1
Scan saved at 17:53:46, on 2006-10-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesEset
od32krn.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesEset
od32kui.exe
C:Program FilesMultimedia Combo SetMouseDrv.exe
C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
C:WINDOWSsystem32HBO ScreenSaver.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesCommon Files{ACFCEBC0-0A6B-1045-0804-040406090030}Update.exe
C:Program FilesAresAres.exe
C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesEset
od32.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsTomekPulpithijackthisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [nod32kui] "C:Program FilesEset
od32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WireLessMouse ] C:Program FilesMultimedia Combo SetMouseDrv.exe
O4 - HKLM..Run: [WireLessKeyboard ] C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
O4 - HKLM..Run: [HBOScreensaver] "C:WINDOWSsystem32HBO ScreenSaver.exe" /sch
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [BearFlix] "C:Program FilesBearFlixBearFlix.exe" /pause
O4 - HKLM..Run: [PVModule] C:PROGRA~1PRINTV~1pvmodule.exe
O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h
O4 - HKCU..Run: [Dzieńdobry!] C:Documents and SettingsTomekMoje dokumentyDzieńdobry!dziendobry.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_30.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_23.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_30.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://83.18.237.172/plugin/h263ctrl.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_46.cab
O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_30.cab
O20 - Winlogon Notify: wintfj32 - C:WINDOWSSYSTEM32wintfj32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEset
od32krn.exe
20 Paź 2006, 18:12
- Kod:
C:/WINDOWS/system32/wintfj32.dll <-zamień tylko slashe z / na ten and enterem
20 Paź 2006, 19:54
20 Paź 2006, 19:57
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
"{ACFCEBC0-0A6B-1045-0804-040406090030}" = ""C:Program FilesCommon Files{ACFCEBC0-0A6B-1045-0804-040406090030}Update.exe" mc-110-12-0000272" [null data]
HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ares" = ""C:Program FilesAresAres.exe" -h" ["Ares Development Group"]
"Dzieńdobry!" = "C:Documents and SettingsTomekMoje dokumentyDzieńdobry!dziendobry.exe /auto" ["VSD Software"]
HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay" [null data]
"Skrót do strony właściwości High Definition Audio" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"nod32kui" = ""C:Program FilesEset
od32kui.exe" /WAITSERVICE" ["Eset "]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"WireLessMouse " = "C:Program FilesMultimedia Combo SetMouseDrv.exe" [empty string]
"WireLessKeyboard " = "C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe" [empty string]
"HBOScreensaver" = ""C:WINDOWSsystem32HBO ScreenSaver.exe" /sch" [null data]
"QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]
"BearFlix" = ""C:Program FilesBearFlixBearFlix.exe" /pause" [file not found]
"PVModule" = "C:PROGRA~1PRINTV~1pvmodule.exe" [file not found]
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
{HKLM...CLSID} = "Yahoo! Toolbar Helper"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
{HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO"
{HKLM...CLSID} = "My Global Search Bar BHO"
InProcServer32(Default) = "C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL" [file not found]
{C004DEC2-2623-438e-9CA2-C9043AB28508}(Default) = (no title provided)
{HKLM...CLSID} = "ToolBar888"
InProcServer32(Default) = "C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll" [file not found]
HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
{HKLM...CLSID} = "SimpleShlExt Class"
InProcServer32(Default) = "C:Program FilesATI TechnologiesATI.ACEatiacmxx.dll" [empty string]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
{HKLM...CLSID} = "Portable Media Devices Menu"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOFFICE11msohev.dll" [MS]
"{B089FE88-FB52-11d3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
{HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
InProcServer32(Default) = "C:Program FilesEset
odshex.dll" ["Eset "]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
{HKLM...CLSID} = "NeroDigitalIconHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadlibNeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadlibNeroDigitalExt.dll" ["Nero AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> wintfj32DLLName = "wintfj32.dll" [null data]
HKLMSoftwareClassesPROTOCOLSFilter
<<!>> text/xmlCLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL" [MS]
HKLMSoftwareClassesFoldershellexColumnHandlers
{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadlibNeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]
HKLMSoftwareClasses*shellexContextMenuHandlers
NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"
{HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
InProcServer32(Default) = "C:Program FilesEset
odshex.dll" ["Eset "]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
HKLMSoftwareClassesFoldershellexContextMenuHandlers
NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"
{HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
InProcServer32(Default) = "C:Program FilesEset
odshex.dll" ["Eset "]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsTomekUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSSystem32Goldfish.scr" [null data]
Startup items in "Tomek" & "All Users" startup folders:
-------------------------------------------------------
C:Documents and SettingsAll UsersMenu StartProgramyAutostart
"Adobe Reader Speed Launch" shortcut to: "C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe" ["Adobe Systems Incorporated"]
"Run BBDTMngr.exe" shortcut to: "C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
imon.dll ["Eset "], 01 - 05, 19
%SystemRoot%system32mswsock.dll [MS], 06 - 08, 11 - 18
%SystemRoot%system32 svpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
{HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
"{37B85A29-692B-4205-9CAD-2626E4993404}"
{HKLM...CLSID} = "My Global Search Bar"
InProcServer32(Default) = "C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL" [file not found]
HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
{HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
"{C004DEC2-2623-438E-9CA2-C9043AB28508}" = (no title provided)
{HKLM...CLSID} = "ToolBar888"
InProcServer32(Default) = "C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll" [file not found]
Explorer Bars
HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars
HKLMSoftwareClassesCLSID{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}(Default) = "PrintView"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:PROGRA~1PRINTV~1PRINTH~1.DLL" [empty string]
HKLMSoftwareClassesCLSID{90FE6C53-F8B4-4631-B42A-02D63D1C949C}(Default) = "PrintView"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "C:PROGRA~1PRINTV~1PRINTH~1.DLL" [empty string]
HKLMSoftwareClassesCLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Badanie"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSoftwareMicrosoftInternet ExplorerExtensions
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
"ButtonText" = "Badanie"
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSSystem32Ati2evxx.exe" ["ATI Technologies Inc."]
Machine Debug Manager, MDM, ""C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE"" [MS]
NOD32 Kernel Service, NOD32krn, ""C:Program FilesEset
od32krn.exe"" ["Eset "]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLMSystemCurrentControlSetControlPrintMonitors
Microsoft Document Imaging Writer MonitorDriver = "mdimon.dll" [MS]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 70 seconds, including 3 seconds for message boxes)
20 Paź 2006, 20:21
fugas761 napisał(a):zrobilem jak kazales ,sciagnalem SmitFraudFix.cmd iusuwalo "cos..." ,a co mam wkleic aport txt?, nie rozumiem . Kilboxa tez juz mam i ustawilem na delete on rebot i co mam zrobic? jak to sie zmienia ? Ten DialerQS trojan wciaz sie pokazuje.
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:PROGRA~1PRINTV~1PRINTH~1.DLL
20 Paź 2006, 21:26
20 Paź 2006, 21:26
Logfile of HijackThis v1.99.1
Scan saved at 21:25:42, on 2006-10-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesEset
od32krn.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesEset
od32kui.exe
C:Program FilesMultimedia Combo SetMouseDrv.exe
C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
C:WINDOWSsystem32HBO ScreenSaver.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesAresAres.exe
C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsTomekPulpithijackthisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [nod32kui] "C:Program FilesEset
od32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WireLessMouse ] C:Program FilesMultimedia Combo SetMouseDrv.exe
O4 - HKLM..Run: [WireLessKeyboard ] C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
O4 - HKLM..Run: [HBOScreensaver] "C:WINDOWSsystem32HBO ScreenSaver.exe" /sch
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [BearFlix] "C:Program FilesBearFlixBearFlix.exe" /pause
O4 - HKLM..Run: [PVModule] C:PROGRA~1PRINTV~1pvmodule.exe
O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h
O4 - HKCU..Run: [Dzieńdobry!] C:Documents and SettingsTomekMoje dokumentyDzieńdobry!dziendobry.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_30.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_23.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_30.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://83.18.237.172/plugin/h263ctrl.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_46.cab
O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_30.cab
O20 - Winlogon Notify: wintfj32 - C:WINDOWSSYSTEM32wintfj32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEset
od32krn.exe
20 Paź 2006, 21:28
20 Paź 2006, 21:43
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)