
Logfile of HijackThis v1.99.1
Scan saved at 17:18:28, on 06-09-10
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FSMA32.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FSMB32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FCH32.EXE
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\PROGRAM\FSBWSYS.EXE
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\PROGRAM\F-SECURE AUTOMATIC UPDATE.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FNRB32.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FAMEH32.EXE
C:\PROGRAM FILES\F-SECURE\ANTI-VIRUS\FSGK32.EXE
C:\PROGRAM FILES\F-SECURE\FWES\PROGRAM\FSDFWD.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FIH32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\F-SECURE\ANTI-VIRUS\FSSM32.EXE
C:\PROGRAM FILES\F-SECURE\COMMON\FSM32.EXE
C:\PROGRAM FILES\F-SECURE\ANTI-VIRUS\FSAV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\F-SECURE\FSGUI\FSGUIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\MOJE DOKUMENTY\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Program Files\F-Secure\Common\FSMA32.EXE
O4 - HKCU\..\Run: [NBJ] "C:\PROGRAM FILES\AHEAD\NERO BACKITUP\NBJ.EXE"
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool- http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_35.cab
- Kod: Zaznacz wszystko
- "Silent Runners.vbs", revision 46, http://www.silentrunners.org/
 Operating System: Windows 98
 Output limited to non-default values, except where indicated by "{++}"
 Startup items buried in registry:
 ---------------------------------
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "NBJ" = ""C:\PROGRAM FILES\AHEAD\NERO BACKITUP\NBJ.EXE"" ["Ahead Software AG"]
 "ares" = ""C:\PROGRAM FILES\ARES\ARES.EXE" -h" ["Ares Development Group"]
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "internat.exe" = "internat.exe" [MS]
 "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
 "TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
 "SystemTray" = "SysTray.Exe" [MS]
 "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
 "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup" [MS]
 "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit" [MS]
 "F-Secure Manager" = ""C:\Program Files\F-Secure\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]
 "F-Secure TNB" = ""C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]
 "autoclk" = "autoclk.exe" [file not found]
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
 "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
 "SchedulingAgent" = "mstask.exe" [MS]
 "F-Secure Management Agent" = "C:\Program Files\F-Secure\Common\FSMA32.EXE" ["F-Secure Corporation"]
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
 -> {HKLM...CLSID} = "AcroIEHlprObj Class"
 \InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL" ["Adobe Systems Incorporated"]
 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
 -> {HKLM...CLSID} = "SSVHelper Class"
 \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
 HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
 -> {HKLM...CLSID} = "DesktopContext Class"
 \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVCPL.DLL" ["NVIDIA Corporation"]
 "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
 -> {HKLM...CLSID} = "Desktop Explorer"
 \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
 "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
 -> {HKLM...CLSID} = (no title provided)
 \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
 "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
 -> {HKLM...CLSID} = "nView Desktop Context Menu"
 \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
 "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
 "{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"
 -> {HKLM...CLSID} = "Nero Shell Extension Property Sheet"
 \InProcServer32\(Default) = "C:\Program Files\Ahead\nero\neroshx.dll" ["Ahead Software AG"]
 HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
 Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
 -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
 \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\TRSHLEX.DLL" [file not found]
 HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
 HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
 Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
 -> {HKLM...CLSID} = "Trojan Remover Shell Extension"
 \InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\TRSHLEX.DLL" [file not found]
 Active Desktop and Wallpaper:
 -----------------------------
 Active Desktop is disabled at this entry:
 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 HKCU\Control Panel\Desktop\
 "Wallpaper" = "C:\TAPETA\Tapeta.bmp"
 WIN.INI & SYSTEM.INI launch points:
 -----------------------------------
 SYSTEM.INI
 [boot]
 "SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\TEKST3~1.SCR" (Tekst 3W.scr) [MS]
 Startup items in "Startup" & "All Users...Startup" folders:
 -----------------------------------------------------------
 C:\WINDOWS\Menu Start\Programy\Autostart
 "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [","]
 C:\WINDOWS\All Users\Menu Start\Programy\Autostart
 "F-Secure Automatic Update" -> shortcut to: "C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe -startup" [null data]
 Enabled Scheduled Tasks:
 ------------------------
 "Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS]
 Winsock2 Service Provider DLLs:
 -------------------------------
 Namespace Service Providers
 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
 000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]
 Transport Service Providers
 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
 C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6
 Toolbars, Explorer Bars, Extensions:
 ------------------------------------
 Extensions (Tools menu items, main toolbar menu buttons)
 HKLM\Software\Microsoft\Internet Explorer\Extensions\
 {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
 "MenuText" = "Sun Java Console"
 "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
 -> {HKLM...CLSID} = "Java Plug-in"
 \InProcServer32\(Default) = "C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL" ["Sun Microsystems, Inc."]
 Miscellaneous IE Hijack Points
 ------------------------------
 HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)
 The Internet Explorer version cannot be found!
 C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
 The contents of IERESET.INF cannot be reliably checked!
 Added lines (compared with English-language version):
 [Strings]: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
 [Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
 Missing lines (compared with English-language version):
 [Strings]: 2 lines
 ----------
 + This report excludes default entries except where indicated.
 + To see *everywhere* the script checks and *everything* it finds,
 launch it from a command prompt or a shortcut with the -all parameter.
 + The search for DESKTOP.INI DLL launch points on all local fixed drives
 took 24 seconds.
 + The search for all Registry CLSIDs containing dormant Explorer Bars
 took 15 seconds.
 ---------- (total run time: 58 seconds)

 
	
 
	