Re: K³opot z jakim? .exe

Autor: <zd9WYTNIJTO_at_poczta.onet.pl>
Data: Tue 15 Jun 2004 - 22:22:59 MET DST
Message-ID: <04c1.00000ec1.40cf5aa2@newsgate.onet.pl>
Content-Type: text/plain; charset="iso-8859-2"

Teraz to wsi±k³em ca³kowicie w poszukiwaniu sposobu na zrealizowanie rad jakie
mi udzieli³e¶ !

Na razie idzie mi to opornie - nic nie chce dzia³aæ "jak powinno" ;)

O ile nie pochrzaniê zupe³nie kompa, tak, ¿e nie bêdzie mo¿na dzialaæ w necie -
 postaram siê zameldowaæ o wynikach (a nu¿ mo¿e siê to komu¶ przyda?)

BTW: Za³±czam logfile (zrobiony przed eksperymentami), pozostaj±c w cichej
nadziei, ¿e jaka¶ lito¶ciwa dusza raczy zajrzeæ czy nie ma tam czego¶
podejrzanego :)))

Na razie dziêki za dotychczasowe wskazówki ! :)

Pzdr.,
zd.
----------------------------
Logfile of HijackThis v1.97.7
Scan saved at 21:21:18, on 2004-06-15
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\TINY PERSONAL FIREWALL\PERSFW.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 98\IOMON98.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride =
195.136.71.231;193.109.225.62;193.41.230.81;193.0.242.13;195.205.223.221
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £±cza
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {3DF73DF8-41E2-4fc2-8CBF-4B9407433755} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1
\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1
\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\RunServices: [PersFw] C:\Program Files\Tiny Personal
Firewall\persfw.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98
\IOMON98.EXE"
O4 - Startup: SDI.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Write a Review... - res://alxtb.dll/review.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: WPinacz (HKLM)
O9 - Extra 'Tools' menuitem: WPinacz Poka¿/Ukryj (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Internetia (HKCU)
O9 - Extra button: Wyborcza (HKCU)
O16 - DPF: {AC6FF189-41C3-11D4-B71A-00104BAA5782} (Rejest Control) -
https://e.pkobp.pl/ssl/bin/cert.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GINCHESS Class) -
http://gierki.wp.pl/gry/szachy/chess.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
 http://www.pandasoftware.es/activescan/as/asinst.cab
O16 - DPF: {70AA7362-0A16-11D4-877B-008048C4AC6F} (MainControl Class) -
http://wirusy.onet.pl/skaner/WebScan.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37867.4837152778
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) -
http://www.msinfo.pl/mssupport/Portal/resources/msddsc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
http://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
http://skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0
.6.cab
O16 - DPF: {62360003-D8A7-418B-9DC6-2B9DE95273A0} (MS Investor Ticker) -
http://fdl.msn.com/public/investor/v8/0326/ticker.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall
/xscan53.cab 

-- 
Wys³ano z serwisu OnetNiusy: http://niusy.onet.pl
Received on Tue Jun 15 22:25:14 2004

To archiwum zosta³o wygenerowane przez hypermail 2.1.8 : Tue 15 Jun 2004 - 22:42:03 MET DST