no to jeszcze raz zrobilam tego loga.
Logfile of HijackThis v1.99.1
Scan saved at 23:18:51, on 2005-05-03
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\temp\salm.exe
C:\DOCUME~1\MiD\USTAWI~1\Temp\SAHAGE~1.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Documents and Settings\MiD\Dane aplikacji\emse.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\w?nword.exe
C:\Program Files\Teledat\IWatch.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\program files\internet explorer\iexplore.exe
C:\Programme\boersenreport_boersenreport.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\WinAce\WinAce.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\MiD\Ustawienia lokalne\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://G609.tjaw.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://G609.tjaw.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://G609.tjaw.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://G609.tjaw.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://G609.tjaw.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {9A3F863B-2AE3-4868-8B4E-4CF270598B8C} - C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: rlpqoibecitmmjzendhj - {a2620189-e9c5-4b74-9552-0afa38e6b480} - C:\DOCUME~1\MiD\DANEAP~1\ostbltlssh.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D8A8ADC4-6D74-64D8-5F88-6F53070241C2} - C:\WINDOWS\System32\guugikfa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: keouztprgrb - {786769b6-9e97-4fcb-b0c3-27df61d2065d} - C:\DOCUME~1\MiD\DANEAP~1\ostbltlssh.dll
O4 - HKLM…\Run: [sMSERIAL] sm56hlpr.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”
O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM…\Run: [shStatEXE] “C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE” /STANDALONE
O4 - HKLM…\Run: [McAfeeUpdaterUI] “C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe”
O4 - HKLM…\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM…\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [salm] c:\temp\salm.exe
O4 - HKLM…\Run: [sAHBundle] C:\DOCUME~1\MiD\USTAWI~1\Temp\SAHAGE~1.EXE run
O4 - HKLM…\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM…\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKCU…\Run: [Komunikator] C:\RECYCLER\NPROTECT\00107797.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [Daur] C:\Documents and Settings\MiD\Dane aplikacji\emse.exe
O4 - HKCU…\Run: [Krx] C:\WINDOWS\System32\w?nword.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Program Files\Teledat\IWatch.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht! http://www.kazaalite.pl/stats/xaw.chm::/bridge-c18.cab
O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht! http://kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = R20967.tjaw.com
O17 - HKLM\Software…\Telephony: DomainName = R20967.tjaw.com
O17 - HKLM\System\CCS\Services\Tcpip…{11158615-09BD-46C0-8B44-BF28EFF005C5}: NameServer = 192.168.121.252,192.168.121.253
O17 - HKLM\System\CCS\Services\Tcpip…{34C06DBA-22FF-4161-9DD2-8EA5D307868A}: Domain = R20967.tjaw.com
O17 - HKLM\System\CCS\Services\Tcpip…{F016AE95-E36A-44AC-B549-290DF8BDBF9C}: NameServer = 213.20.148.144 193.189.244.205
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = R20967.tjaw.com
O17 - HKLM\System\CS1\Services\Tcpip…{11158615-09BD-46C0-8B44-BF28EFF005C5}: NameServer = 192.168.121.252,192.168.121.253
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = R20967.tjaw.com
O17 - HKLM\System\CS2\Services\Tcpip…{11158615-09BD-46C0-8B44-BF28EFF005C5}: NameServer = 192.168.121.252,192.168.121.253
O18 - Protocol: ayb - {07C0D34D-11D7-43F7-832B-C6BB41726F5F} - C:\DOCUME~1\MiD\DANEAP~1\drgdtresseh.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\Ctsvccda.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe