Logfile of HijackThis v1.98.2
Scan saved at 16:14:10, on 2004-12-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\W\System32\smss.exe
D:\W\system32\winlogon.exe
D:\W\system32\services.exe
D:\W\system32\lsass.exe
D:\W\system32\svchost.exe
D:\W\System32\svchost.exe
D:\W\system32\spoolsv.exe
D:\W\System32\nvsvc32.exe
D:\W\system32\rundll32.exe
D:\W\Explorer.EXE
D:\PROGRA~1\NEOSTR~1\CnxMon.exe
D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\Documents and Settings\kowal\Pulpit\userguard\UserGuard.exe
D:\Program Files\Windows ControlAd\WinCtlAd.exe
D:\temp\salm.exe
D:\W\system32\explorer.exe
D:\W\System32\systime.exe
D:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
D:\Program Files\CashBack\bin\cashback.exe
D:\Program Files\Internet Optimizer\optimize.exe
D:\W\System32\ctfmon.exe
D:\W\System32\RUNDLL32.EXE
D:\W\System32\systime.exe
D:\Program Files\Internet Optimizer\actalert.exe
D:\Program Files\Neostrada TP\NeostradaTP.exe
D:\Program Files\Neostrada TP\ComComp.exe
D:\Program Files\Neostrada TP\Watch.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\BullsEye Network\bin\bargains.exe
D:\Program Files\WebSiteViewer\124490.dlr
D:\W\System32\wuauclt.exe
E:\setup\setup.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\kowal\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - D:\Program Files\SurfSideKick 2\SskBho.dll
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\W\System32\msdxm.ocx
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - D:\Program Files\IEMenuExtension\tbextn.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\W\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM…\Run: [speedTouch USB Diagnostics] “D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM…\Run: [ViP’s UserGuard] D:\Documents and Settings\kowal\Pulpit\userguard\UserGuard.exe
O4 - HKLM…\Run: [Windows ControlAd] D:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM…\Run: [salm] d:\temp\salm.exe
O4 - HKLM…\Run: [WebRebates0] “D:\Program Files\Web_Rebates\WebRebates0.exe”
O4 - HKLM…\Run: [dsjqr] D:\WINDOWS\dsjqr.exe
O4 - HKLM…\Run: [explorer] D:\W\system32\explorer.exe -go -c21 -w
O4 - HKLM…\Run: [sysTime] D:\W\System32\systime.exe
O4 - HKLM…\Run: [CashBack] D:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM…\Run: [bullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM…\Run: [internet Optimizer] “D:\Program Files\Internet Optimizer\optimize.exe”
O4 - HKLM…\Run: [iE Menu Extension toolbar] rundll32.exe “D:\PROGRA~1\IEMENU~1\tbextn.dll” DllShowTB
O4 - HKLM…\Run: [surfSideKick 2] D:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU…\Run: [CTFMON.EXE] D:\W\System32\ctfmon.exe
O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE D:\W\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU…\Run: [ProtoWall] D:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O4 - HKCU…\Run: [sysTime] D:\W\System32\systime.exe
O4 - HKCU…\Run: [surfSideKick 2] D:\Program Files\SurfSideKick 2\Ssk.exe
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\W\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\W\web\related.htm
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT! http://213.159.117.150:80/iex/ofile.exe?url=http://213.159.117.150:80/rdgPL10.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. … 78c1291781
O16 - DPF: {36C374E9-C82E-6272-8E6D-3D2D78958A9F} - http://213.159.117.150/1/rdgPL333.exe
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.globalphon.com/dialer/russia.CAB
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O17 - HKLM\System\CCS\Services\Tcpip…{B741446C-15E8-451F-810A-69C2CE452466}: NameServer = 194.204.152.34 217.98.63.164
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - D:\W\System32\vbsys2 (file missing)