Proszęo sprawdzenie logaLogfile of HijackThis v1.99.0
Scan saved at 11:43:42, on 2005-02-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe
C:\Program Files\MemStat XP\MemStat.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\G DATA\AntiVirenKit InternetSecurity\Firewall\kavpf.exe
C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE
C:\Program Files\Opera\Opera.exe
H:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg1783.dll
O4 - HKLM…\Run: [PCShield] regsvr32 /s “C:\WINDOWS\System32\sfg1783.dll”
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM…\Run: [wpkontakt] C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart
O4 - HKLM…\Run: [AVK Mail Checker] “C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE”
O4 - HKCU…\Run: [MemStat] C:\Program Files\MemStat XP\MemStat.exe
O4 - HKCU…\Run: [PCShield] regsvr32 /s “C:\WINDOWS\System32\sfg1783.dll”
O4 - HKCU…\Run: [PowerBar] “C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe” /AtBootTime
O4 - HKCU…\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [Play_PC_Backup] C:\Program Files\PC Backup 2004\pcbackup.exe -silent
O4 - Global Startup: Aktywacja Testera.lnk = C:\Program Files\YDP\YdpDict\Watch.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Webfilter.lnk = ?
O4 - Global Startup: Firewall.lnk = ?
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BINGOOO - {D999117D-8649-4C01-8BD9-9A8661597A61} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra ‘Tools’ menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O23 - Service: AVK Service - Unknown - C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: Strażnik AVK - Unknown - C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: InCD Helper - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC - Unknown - C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe