prosze o sprawdzenie loga

[damian.1]

kumpel ma neta od wczoraj i sie obawiamy ze jakiegos syfa zlapal ..komp dziwnie powoli chodzi i sie zwiesza ..ma wina 98 i od 5 lat nic nie robil ...defragmentacja nic ..usuwanie plikow zbednych nic ..czyszczenie rejestru nic ..oto log ..bardzo bym prosił o spr tego loga

Logfile of HijackThis v1.99.1
Scan saved at 21:29:11, on 06-07-23
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\WINDOWS\WT\WCMDMGR.EXE
C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
D:\PROGRAMY\AUTOCONNECT\AUTOCONNECT.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~2.DLL
O2 - BHO: CrsHO Class - {5843A29E-1246-11D4-BA8C-0050DA707ACD} - C:\WINDOWS\SYSTEM\CRS32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [setup] E:\REGSET\Demo\Demo.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [Odkurzacz-MCD] D:\Programy\Odkurzacz 10.1 Pro\odk_mcd.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Program Files\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender9\bdinit.exe"
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [AutoConnect] D:\PROGRAMY\AUTOCONNECT\AUTOCONNECT.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray" ["Gadu-Gadu Sp. z oo"]
"AutoConnect" = "D:\PROGRAMY\AUTOCONNECT\AUTOCONNECT.EXE" ["http://autoconnect.prv.pl"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"internat.exe" = "internat.exe" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"Enable Device" = (empty string)
"setup" = "E:\REGSET\Demo\Demo.exe" [file not found]
"CloneCDTray" = ""C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"" ["Elaborate Bytes AG"]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"wcmdmgr" = "C:\WINDOWS\wt\wcmdmgrl.exe -launch" ["WildTangent, Inc."]
"Lexmark X1100 Series" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."]
"LexStart" = "lexstart.exe" ["Lexmark International, Inc."]
"IrMon" = "IrMon.exe" [MS]
"autoclk" = "autoclk.exe" [file not found]
"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [","]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
"Odkurzacz-MCD" = "D:\Programy\Odkurzacz 10.1 Pro\odk_mcd.exe" ["FranmoSoft"]
"BDMCon" = "C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE" ["SOFTWIN S.R.L."]
"BitDefender Virus Shield" = ""C:\Program Files\Softwin\BitDefender9\vsserv.exe"" ["SOFTWIN S.R.L."]
"BDNewsAgent" = ""C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"" ["SOFTWIN S.R.L"]
"BitDefender Live Service" = ""C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe"" ["SOFTWIN S.R.L."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"SchedulingAgent" = "mstask.exe" [MS]
"BitDefender Live! Init" = ""C:\Program Files\Softwin\BitDefender9\bdinit.exe"" [null data]
"BitDefender Communicator" = ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"" ["Softwin"]
"BitDefender Scan Server" = ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{5843A29E-1246-11D4-BA8C-0050DA707ACD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CrsHO Class"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\CRS32.DLL" ["$"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"
-> {HKLM...CLSID} = "Eksplorator pulpitów"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"
-> {HKLM...CLSID} = "Nero Shell Extension Property Sheet"
\InProcServer32\(Default) = "C:\Program Files\Ahead\nero\neroshx.dll" ["ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@ahead.de"]
"{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"
-> {HKLM...CLSID} = "CloneCD Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Elaborate Bytes\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WINRAR 2\rarext.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WINRAR 2\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WINRAR 2\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WINRAR 2\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\beachlife_3.bmp"


WIN.INI & SYSTEM.INI launch points:
-----------------------------------

SYSTEM.INI
[boot]
"SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\MARINE~1.SCR" (Marine Aquarium 2.scr) [null data]


Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------

C:\WINDOWS\Menu Start\Programy\Autostart
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [","]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
INFECTION WARNING! "PowerReg Scheduler V3.exe" ["Leader Technologies"]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Enabled Scheduled Tasks:
------------------------

"Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS]
"ScanDisk" -> launches: "C:\WINDOWS\SCANDSKW.EXE /SAGERUN:2" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\webhdll.dll ["webHancer Corporation"], 01 - 02
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 03 - 06
C:\WINDOWS\SYSTEM\msafd.dll [MS], 07 - 09
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 10 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL" ["$"]

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL" ["$"]

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL" ["$"]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~2.DLL" [","]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
usbmon\Driver = "usbmon.dll" [MS]
Lexmark Network Printer Monitor\Driver = "lexlmpm.dll" ["Lexmark International, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 25 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 22 seconds.
---------- (total run time: 71 seconds)

[Red]

prosze sciagnac:

http://www.cexx.org/lspfix.htm
Ododpal LSP-Fix zaznacz "I know what I'm doing" następnie w okienku Keep zaznacz plik który chcesz usunac czyli (webhdll.dll) i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish







w trybie awaryjnym prosze usunac:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm
O2 - BHO: CrsHO Class - {5843A29E-1246-11D4-BA8C-0050DA707ACD} - C:\WINDOWS\SYSTEM\CRS32.DLL
O4 - Startup: PowerReg Scheduler V3.exe

prosze to usunac w hijacku

Mam pytanie :znacie to>>

O4 - HKLM\..\Run: [setup] E:\REGSET\Demo\Demo.exe

prosze o logi kontrolnie po usuwaniu

[damian.1]

Logfile of HijackThis v1.99.1
Scan saved at 11:58:59, on 06-07-24
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WT\WCMDMGR.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
D:\PROGRAMY\ODKURZACZ 10.1 PRO\ODK_MCD.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
D:\PROGRAMY\AUTOCONNECT\AUTOCONNECT.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG\COMPONENTS\TALKBACK.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [setup] E:\REGSET\Demo\Demo.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [Odkurzacz-MCD] D:\Programy\Odkurzacz 10.1 Pro\odk_mcd.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Program Files\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender9\bdinit.exe"
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [AutoConnect] D:\PROGRAMY\AUTOCONNECT\AUTOCONNECT.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows 98
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray" ["Gadu-Gadu Sp. z oo"]
"AutoConnect" = "D:\PROGRAMY\AUTOCONNECT\AUTOCONNECT.EXE" ["http://autoconnect.prv.pl"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"internat.exe" = "internat.exe" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"Enable Device" = (empty string)
"setup" = "E:\REGSET\Demo\Demo.exe" [file not found]
"CloneCDTray" = ""C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"" ["Elaborate Bytes AG"]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"wcmdmgr" = "C:\WINDOWS\wt\wcmdmgrl.exe -launch" ["WildTangent, Inc."]
"Lexmark X1100 Series" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."]
"LexStart" = "lexstart.exe" ["Lexmark International, Inc."]
"IrMon" = "IrMon.exe" [MS]
"autoclk" = "autoclk.exe" [file not found]
"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [","]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
"Odkurzacz-MCD" = "D:\Programy\Odkurzacz 10.1 Pro\odk_mcd.exe" ["FranmoSoft"]
"BDMCon" = "C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE" ["SOFTWIN S.R.L."]
"BitDefender Virus Shield" = ""C:\Program Files\Softwin\BitDefender9\vsserv.exe"" ["SOFTWIN S.R.L."]
"BDNewsAgent" = ""C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"" ["SOFTWIN S.R.L"]
"BitDefender Live Service" = ""C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe"" ["SOFTWIN S.R.L."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"SchedulingAgent" = "mstask.exe" [MS]
"BitDefender Live! Init" = ""C:\Program Files\Softwin\BitDefender9\bdinit.exe"" [null data]
"BitDefender Communicator" = ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"" ["Softwin"]
"BitDefender Scan Server" = ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"
-> {HKLM...CLSID} = "Eksplorator pulpitów"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"
-> {HKLM...CLSID} = "Nero Shell Extension Property Sheet"
\InProcServer32\(Default) = "C:\Program Files\Ahead\nero\neroshx.dll" ["ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@ahead.de"]
"{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"
-> {HKLM...CLSID} = "CloneCD Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Elaborate Bytes\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WINRAR 2\rarext.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WINRAR 2\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WINRAR 2\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WINRAR 2\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\beachlife_3.bmp"


WIN.INI & SYSTEM.INI launch points:
-----------------------------------

SYSTEM.INI
[boot]
"SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\MARINE~1.SCR" (Marine Aquarium 2.scr) [null data]


Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------

C:\WINDOWS\Menu Start\Programy\Autostart
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [","]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Enabled Scheduled Tasks:
------------------------

"Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS]
"ScanDisk" -> launches: "C:\WINDOWS\SCANDSKW.EXE /SAGERUN:2" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 - 4
C:\WINDOWS\SYSTEM\msafd.dll [MS], 5 - 7
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 8 - 9


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL" ["$"]

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL" ["$"]

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL" ["$"]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~2.DLL" [","]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
usbmon\Driver = "usbmon.dll" [MS]
Lexmark Network Printer Monitor\Driver = "lexlmpm.dll" ["Lexmark International, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 20 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 21 seconds.
---------- (total run time: 68 seconds)

[Red]

Teraz jest ok
rozumiem ze to znasz:

O4 - HKLM\..\Run: [setup] E:\REGSET\Demo\Demo.exe

[wojtas]

czasami to nie wirus?Demo.exe

http://wirusy.antivirenkit.pl/pl/opis/Email-Worm.Win32.Salga.a.html