Logfile of HijackThis v1.99.1
Scan saved at 12:51:43, on 2025-03-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\karol\Pulpit\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\karol\USTAWI~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idg.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\karol\USTAWI~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez IDG.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 66.250.57.252 yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Name - {247C4A78-7192-40F7-AFCD-4E0EA80648C5} - C:\WINDOWS\system32\msrpe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: CIEExtension Object - {B51DC573-E998-4834-9B45-BAB7C2AE0A75} - C:\Program Files\Ad-Protect\ADPIEmonitor.dll
O2 - BHO: Name - {BF96677F-060C-4AE9-A85D-62B45B877A40} - C:\WINDOWS\system32\msrpe.dll (file missing)
O2 - BHO: (no name) - {E35084CC-2190-41B8-946D-AB614C581EEE} - C:\WINDOWS\system32\lfob.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM…\Run: [sp] rundll32 C:\DOCUME~1\karol\USTAWI~1\Temp\se.dll,DllInstall
O4 - HKLM…\RunServices: [Windows Services] Iexplore.exe
O4 - HKLM…\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [E052276B] C:\WINDOWS\sys5521.exe
O4 - HKCU…\Run: [D05225F3] C:\WINDOWS\sys5530.exe
O4 - HKCU…\Run: [905A236B] C:\WINDOWS\sys5444.exe
O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q
O4 - HKCU…\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: RegFreeze.lnk = ?
O4 - Startup: Rozmowa.lnk = C:\Program Files\Wirtualna Polska\System syntezy mowy\rozmowy.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Program Files\RegFreeze\rfsearchhandler.dll
O9 - Extra ‘Tools’ menuitem: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Program Files\RegFreeze\rfsearchhandler.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.idg.pl
O15 - Trusted Zone: http://*.iframeprofit.com/
O15 - Trusted Zone: http://*.mycounter.biz/
O15 - Trusted Zone: http://*.porno-search.biz/porn/
O15 - Trusted Zone: http://*.porno-search.biz/sex/
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip…{D9FF3E8D-11BC-4C17-829B-556EEFA83F4A}: NameServer = 69.50.176.156,195.225.176.31
O18 - Filter: text/html - {77E28A22-C31A-4C07-A959-C77B56107750} - C:\WINDOWS\system32\lfob.dll
O18 - Filter: text/plain - {77E28A22-C31A-4C07-A959-C77B56107750} - C:\WINDOWS\system32\lfob.dll
O18 - Filter: tś†5ňUDĆR - {58B28DCE-630B-4401-8142-20E785BB6F5C} - C:\WINDOWS\system32\qwsxp.dll
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe