Logfile of HijackThis v1.99.1
Scan saved at 23:56:01, on 2005-02-20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\CCProxy\CCProxy.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\temp\salm.exe
C:\Program Files\AdStatus Service\AdStatServ.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\AdStatus Service\AdStatKeep.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\systime.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = chttp://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 127.0.0.3 http://www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 http://www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 http://www.vparivalka.comtoescrowpay.com
O1 - Hosts: 127.0.0.3 http://www.awmdabest.com
O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 http://www.allforadult.com
O1 - Hosts: 127.0.0.3 http://www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 http://www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 http://www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 http://www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 http://www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 http://www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 http://www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 http://www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 http://www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 http://www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: http://213.159.117.203/dkprogs/hosts.txt
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\porynt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM…\Run: [WinVNC] “C:\Program Files\RealVNC\WinVNC\WinVNC.exe” -servicehelper
O4 - HKLM…\Run: [CCProxy] C:\CCProxy\CCProxy.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM…\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM…\Run: [salm] c:\temp\salm.exe
O4 - HKLM…\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
O4 - HKLM…\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM…\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM…\Run: [sysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [WrCtrl] C:\Program Files\WinRoute Pro\WrCtrl.exe
O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU…\Run: [Gadu-Gadu] “D:\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [sysTime] C:\WINDOWS\System32\systime.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: komentator - http://sport.onet.pl/komentator.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht! http://www.kazaalite.pl/stats/loudklite.chm::/bridge-c46.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.134.164.128/activex/AxisCamControl.cab
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\porynt.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\porynt.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
Teraz dobrze??