Witam złapałem jakiegoś syfa antyvirus xp 2008
logo z hijackthis":
ogfile of HijackThis v1.99.1
Scan saved at 18:33:49, on 2008-07-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lphc7kbj0ete5.exe
C:\WINDOWS\system32\temp1.exe
C:\WINDOWS\system32\temp2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\TIS\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\rhc3kbj0ete5\rhc3kbj0ete5.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\pphc7kbj0ete5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\Speedy\USTAWI~1\Temp~AceTemp\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = paradyz;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\cgmopenbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM…\Run: [lphc7kbj0ete5] C:\WINDOWS\system32\lphc7kbj0ete5.exe
O4 - HKLM…\Run: [sMrhc3kbj0ete5] C:\Program Files\rhc3kbj0ete5\rhc3kbj0ete5.exe
O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Programy\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip…{24D9A2A8-4507-4676-A0A5-FA49E515BFB4}: NameServer = 85.255.113.132,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip…{6B1865C7-FABE-4A15-BD03-0D3F0F0FC803}: NameServer = 85.255.113.132,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip…{A1D37C0B-E7CC-41FB-BB13-499DCADAB309}: NameServer = 85.255.113.132,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.132 85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip…{24D9A2A8-4507-4676-A0A5-FA49E515BFB4}: NameServer = 85.255.113.132,85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.132 85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip…{24D9A2A8-4507-4676-A0A5-FA49E515BFB4}: NameServer = 85.255.113.132,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.132 85.255.112.195
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - D:\TIS\COSIDS\BIN\TbMux32.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe