Originally posted by Kanciastoporty
lol masz windowsa 98 ? xD
co do loga to te sa troche dziwne
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
Logfile of HijackThis v1.99.1
Scan saved at 23:36:08, on 2007-06-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:PROGRA~1NEOSTR~1CnxMon.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe
C:PROGRA~1NEOSTR~1Watch.exe
C:Program FilesOperaOpera.exe
C:Program FilesGadu-Gadugg.exe
C:Documents and SettingsAdminPulpithijackthisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.neostrada.pl[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLMSystemCCSServicesTcpip..{5CCC0E4F-3985-453B-BC7C-997ED086DC98}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:45:20, on 2007-06-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSExplorer.EXE
D:WINDOWSsystem32CTSvcCDA.exe
D:WINDOWSsystem32inetsrvinetinfo.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32spooldriversw32x863hpztsb06.exe
D:Program FilesCreativeNewsNewsUpd.EXE
D:Program FilesCreativeShareDLLCtNotify.exe
D:Program FilesCreativeAudio2KPROGRAMCTMIX32.EXE
D:PROGRA~1A4TechKeyboardIkeymain.exe
D:Program FilesCommon FilesRealUpdate_OBrealsched.exe
D:Program FilesWinampwinampa.exe
D:WINDOWSsystem32wscntfy.exe
D:Program FilesJavajre1.5.0_09binjusched.exe
D:Program FilesCreativeShareDLLMediaDet.Exe
D:PROGRA~1SonySONICS~1SsAAD.exe
D:Program FilesQuickTimeqttask.exe
D:WINDOWSsystem32ctfmon.exe
D:Program FilesWinZipWZQKPICK.EXE
D:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
D:Program FilesGadu-Gadugg.exe
D:Program FilesSonySony Picture UtilityBrowserSPUBrowser.exe
D:Program FilesWinRARWinRAR.exe
D:DOCUME~1NataliaUSTAWI~1TempRar$EX00.448HiJackThis_v2.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:Program FilesJavajre1.5.0_09binssv.dll
O4 - HKLM..Run: [HPDJ Taskbar Utility] D:WINDOWSsystem32spooldriversw32x863hpztsb06.exe
O4 - HKLM..Run: [NewsUpd] D:Program FilesCreativeNewsNewsUpd.EXE /q
O4 - HKLM..Run: [Disc Detector] D:Program FilesCreativeShareDLLCtNotify.exe
O4 - HKLM..Run: [CreativeMixer] D:Program FilesCreativeAudio2KPROGRAMCTMIX32.EXE /t
O4 - HKLM..Run: [NeroCheck] D:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [iKeyWorks] D:PROGRA~1A4TechKeyboardIkeymain.exe
O4 - HKLM..Run: [TkBellExe] "D:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [WinampAgent] D:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [SunJavaUpdateSched] D:Program FilesJavajre1.5.0_09binjusched.exe
O4 - HKLM..Run: [ImInstaller_IncrediMail] D:DOCUME~1NataliaUSTAWI~1TempImInstallerIncrediMailincredimail_install.exe -startup -product IncrediMail
O4 - HKLM..Run: [SsAAD.exe] D:PROGRA~1SonySONICS~1SsAAD.exe
O4 - HKLM..Run: [QuickTime Task] "D:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [CTFMON.EXE] D:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = D:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:Program FilesWinZipWZQKPICK.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.5.0_09binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.5.0_09binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:Program FilesSkypePlugin ManagerSkype4COM.dll (file missing)
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:WINDOWSSystem32browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:WINDOWSSystem32browseui.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:WINDOWSsystem32CTSvcCDA.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - c:Program FilesFirebirdFirebird_1_5binfbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - c:Program FilesFirebirdFirebird_1_5binfbserver.exe
O23 - Service: iPod Service - Unknown owner - D:Program FilesiPodbiniPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - D:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe
--
End of file - 5946 bytes
Logfile of HijackThis v1.99.1
Scan saved at 07:51:32, on 2007-06-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32brsvc01a.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32brss01a.exe
C:WINDOWSsystem32acs.exe
Crogram FilesAheadInCDInCDsrv.exe
Crogram FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesULI5289ALi5289.exe
Crogram FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
Crogram FilesTP-LINKTWCUTWCU.exe
Crogram FilesJavajre1.5.0_06binjusched.exe
Crogram FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe
Crogram FilesWinampwinampa.exe
Crogram FilesAheadInCDInCD.exe
Crogram FilesDAEMON Toolsdaemon.exe
Crogram FilesScanSoftPaperPortpptd40nt.exe
Crogram FilesBrotherControlCenter2brctrcen.exe
Crogram FilesEsetnod32kui.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
Crogram FilesVidaliavidalia.exe
Crogram FilesPrivoxyprivoxy.exe
C:WINDOWSsystem32WgaTray.exe
Crogram FilesTortor.exe
Crogram FilesMozilla Firefoxfirefox.exe
Cocuments and SettingsuserPulpitHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {FA55320A-F492-F21D-9C4E-F8BAA2601AC4} - C:WINDOWSsystem32hfuate.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_06binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar4.dll
O4 - HKLM..Run: [ALi5289] "Crogram FilesULI5289ALi5289.exe"
O4 - HKLM..Run: [NvCplDaemon] "RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] "nwiz.exe" /install
O4 - HKLM..Run: [NvMediaCenter] "RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [TWCU] "Crogram FilesTP-LINKTWCUTWCU.exe" -nogui
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.5.0_06binjusched.exe"
O4 - HKLM..Run: [Adobe Photo Downloader] "Crogram FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"
O4 - HKLM..Run: [WinampAgent] "Crogram FilesWinampwinampa.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [InCD] Crogram FilesAheadInCDInCD.exe
O4 - HKLM..Run: [DAEMON Tools] "Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [SSBkgdUpdate] "Crogram FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [PaperPort PTD] Crogram FilesScanSoftPaperPortpptd40nt.exe
O4 - HKLM..Run: [IndexSearch] Crogram FilesScanSoftPaperPortIndexSearch.exe
O4 - HKLM..Run: [SetDefPrt] Crogram FilesBrotherBrmfl05aBrStDvPt.exe
O4 - HKLM..Run: [ControlCenter2.0] Crogram FilesBrotherControlCenter2brctrcen.exe /autorun
O4 - HKLM..Run: [PPort9reminder] "Crogram FilesScanSoftPaperPortWebEregEreg.exe" -r "Cocuments and SettingsAll UsersDane aplikacjiScanSoftPaperPort9Configereg.ini"
O4 - HKLM..Run: [nod32kui] "Crogram FilesEsetnod32kui.exe" /WAITSERVICE
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Uatp] "COCUME~1userDANEAP~1YMANTE~1wuaclt.exe" -vt tzt
O4 - HKCU..Run: [SpySpotter] Crogram FilesSpySpotter3SpySpotter.exe -startup
O4 - HKCU..Run: [SpySpotter System Defender] Crogram FilesSpySpotter3Defender.exe -startup
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesAheadLibNMBgMonitor.exe"
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [Vidalia] "Crogram FilesVidaliavidalia.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Crogram FilesAdobeReader 8.0Readerreader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = Crogram FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 - Global Startup: Privoxy.lnk = Crogram FilesPrivoxyprivoxy.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O12 - Plugin for .spop: Crogram FilesInternet ExplorerPluginsNPDocBox.dll
O20 - AppInit_DLLs: alg.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:WINDOWSsystem32acs.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:WINDOWSsystem32brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - Crogram FilesAheadInCDInCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - Crogram FilesEsetnod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe[/b]
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32RUNDLL32.EXE
D:INTERN~1MEDIAKEY.EXE
C:WINDOWSSystem32CTHELPER.EXE
D:INTERN~1KBOSDCtl.EXE
D:INTERN~1KCodeMsg.EXE
D:Esetnod32kui.exe
C:WINDOWSSystem32MMTray.exe
D:Zone LabsZoneAlarmzlclient.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb10.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesJavajre1.5.0_10binjusched.exe
D:NOKIANOKIAP~1LAUNCH~1.EXE
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:PROGRA~1MICROS~3rapimgr.exe
C:PROGRA~1COMMON~1PCSuiteServicesSERVIC~1.EXE
D:StatBarStatBar.exe
C:Program FilesmfkMFK.EXE
D:lgLGSyncManager.exe
C:Documents and SettingsAll UsersMenu StartProgramyAutostartUninstall.exe
C:WINDOWSsystem32Ctsvccda.exe
d:Esetnod32krn.exe
C:WINDOWSSystem32nvsvc32.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSSystem32MsPMSPSv.exe
D:Gadu-Gadugg.exe
d:Winamp3 winampwinamp.exe
D:przeglądarkiMozilla Firefoxfirefox.exe
D:Winampwinamp.exe
D:gryGanymedebilliards.exe
C:Program FilesHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.windowsxlive.net[/url]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.windowsxlive.net[/url]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:AdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:BitConnetBitComettoolsBitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:FlashGetjccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:FlashGetfgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [MediaKey] D:INTERN~1MEDIAKEY.EXE
O4 - HKLM..Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [Jet Detection] d:CreativeSBLivePROGRAMADGJDet.exe
O4 - HKLM..Run: [nod32kui] "d:Esetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [MMTray] MMTray.exe
O4 - HKLM..Run: [Zone Labs Client] d:Zone LabsZoneAlarmzlclient.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb10.exe
O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [LanguageShortcut] "C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_10binjusched.exe"
O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"
O4 - HKLM..Run: [PCSuiteTrayApplication] D:NOKIANOKIAP~1LAUNCH~1.EXE -onlytray
O4 - HKLM..Run: [Vista Sidebar] C:Program FilesVista Sidebarsidebar.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Konnekt] "C:Program FilesKonnektkonnekt.exe" /autostart
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Gadu-Gadu] "D:Gadu-Gadugg.exe" /tray
O4 - HKCU..Run: [StatBar] D:StatBarStatBar.exe
O4 - HKCU..Run: [MyKeys] "C:Program FilesmfkMFK.EXE" /M
O4 - Startup: Vista sidebar.lnk = C:Program FilesVista Sidebarsidebar.exe
O4 - Global Startup: Expressivo.lnk = C:Program FilesivoExpressivo Demoexpressivo.exe
O4 - Global Startup: LG SyncManager.lnk = D:lgLGSyncManager.exe
O4 - Global Startup: Microsoft Office.lnk = D:Microsoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Uninstall.exe
O8 - Extra context menu item: Download All by FlashGet - D:FlashGetjc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://D:BitConnetBitCometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:BitConnetBitCometBitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:BitConnetBitCometBitComet.exe/AddLink.htm
O8 - Extra context menu item: Download using FlashGet - D:FlashGetjc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:FlashGetflashget.exe
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - [url]http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169818200140[/url]
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [url]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url]
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - [url]http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab[/url]
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - [url]http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab[/url]
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32Ctsvccda.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:Esetnod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared filesRichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
Kanciastoporty domniemywałem, że działasz w dobrej wierze i chcesz różnym osobom pomagać. Trochę się na ciebie wkurzyłem. :killer:R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb - usunac hijackthisem[/b]
Logfile of HijackThis v1.99.1
Scan saved at 12:13:15, on 2007-06-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesTuneUp Utilities 2006WinStylerThemeSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAntiVir PersonalEdition Classicsched.exe
C:Program FilesAntiVir PersonalEdition Classicavguard.exe
C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe
C:WINDOWSSystem32nvsvc32.exe
D:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
D:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
D:Program FilesWapSterAQQAQQ.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
D:Program FilesSkypePhoneSkype.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
D:Program FilesTlen.pltlen.exe
D:Program FilesSAMSAM.exe
D:Program FilesSkypePlugin ManagerskypePM.exe
C:Documents and SettingsAll UsersDane aplikacjiSkypePluginsPluginsE12C95FCBD1240FEAE314D89676CA6F8LieDetector.exe
C:Documents and SettingsAll UsersDane aplikacjiSkypePluginsPluginsDF206D97847745E7983C822C45EE3038ringjack.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesMozilla Firefoxfirefox.exe
D:DocumentMERTHFolder3hijackthisHijackThis.exe
C:WINDOWSsystem32NOTEPAD.EXE
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://gryonline.wp.pl/[/url]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:PROGRA~1MICROS~1Office12GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [GrooveMonitor] "D:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [Onet.pl AutoUpdate] C:Program FilesCommon FilesOnet.plAutoUpdate.exe /tsr
O4 - HKLM..Run: [DAEMON Tools-1033] "D:Program FilesD-Toolsdaemon.exe" -lang 1045
O4 - HKLM..Run: [Teleport Scheduler] "D:Program FilesTeleport Proscheduler.exe" /s
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Skype] "D:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [Komunikator] D:Program FilesTlen.pltlen.exe
O4 - HKCU..RunOnce: [FFTI] C:Documents and SettingsMerthDane aplikacjiMozillaFirefoxProfilesj3ywod2x.defaultextensions{B13721C7-F507-4982-B2E5-502A71474FED}ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:Documents and SettingsMerthDane aplikacjiMozillaFirefoxProfiles/j3ywod2x.defaultextensions{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Startup: SAM.lnk = D:Program FilesSAMSAM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:PROGRA~1MICROS~1Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.1_01binnpjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.1_01binnpjpi141_01.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:PROGRA~1MICROS~1Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:PROGRA~1MICROS~1Office12ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:Program FilesWinHTTrackWinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:Program FilesWinHTTrackWinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:PROGRA~1MICROS~1Office12REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169667085842[/url]
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - [url]http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab[/url]
O17 - HKLMSystemCCSServicesTcpip..{BCAD645B-D670-4652-9E1C-19BBE33CF032}: NameServer = 194.204.159.1,194.204.34.52
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:PROGRA~1MICROS~1Office12GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe
O23 - Service: mysql - Unknown owner - D:apachefriendsxamppmysqlbinmysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2006WinStylerThemeSvc.exe
Originally posted by backspace
<div class='quotetop'>CYTAT
Kanciastoporty domniemywałem, że działasz w dobrej wierze i chcesz różnym osobom pomagać. Trochę się na ciebie wkurzyłem. :killer:R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb - usunac hijackthisem