Logfile of HijackThis v1.99.1
Scan saved at 13:39:41, on 2006-08-21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\PWN\Definicje\Bin\Starter.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\dfndrff_16.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\winhst32.exe2560.exe
C:\winstall.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ANIA\USTAWI~1\Temp\Rar$EX00.515\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe”
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
F3 - REG:win.ini: run=
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM…\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [smcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM…\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852”
O4 - HKLM…\Run: [AntiVirus Update Scheduler V2.14C] “C:\WINDOWS\System32\winsock32.exe”
O4 - HKLM…\Run: [keyboard] C:\kybrdff_16.exe
O4 - HKLM…\Run: [defender] C:\dfndrff_16.exe
O4 - HKLM…\Run: [newname] C:\nwnmff_16.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [WinMedia] C:\WINDOWS\System32\winhst32.exe2560.exe
O4 - HKCU…\Run: [Winsvr] C:\WINDOWS\System32\winhst32.exe5632.exe
O4 - HKCU…\Run: [Windows installer] C:\winstall.exe
O4 - HKCU…\Run: [spySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {70B410C0-BADA-11D4-8308-0080C8D7ED4A} (GameDesire Bridge) - http://67.15.101.3/g_bin/pl/bridge_2_0_0_20.cab
O17 - HKLM\System\CCS\Services\Tcpip…{14285F70-96F4-4B8A-B8FF-F14516DD4BB5}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip…{14285F70-96F4-4B8A-B8FF-F14516DD4BB5}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip…{14285F70-96F4-4B8A-B8FF-F14516DD4BB5}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\ir8sl5l71.dll
O20 - Winlogon Notify: winxrz32 - winxrz32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
z góry dziękuję za pomoc
brunetka