Logfile of HijackThis v1.99.0
Scan saved at 09:30:51, on 05-05-29
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE
C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE
C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PULPIT\HIJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page … _id=138770
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page … _id=138770
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page … _id=138770
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wp.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - D:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL (file missing)
O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM…\Run: [systemTray] SysTray.Exe
O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM…\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe
O4 - HKLM…\Run: [internet Optimizer] “C:\Program Files\Internet Optimizer\optimize.exe”
O4 - HKLM…\Run: [WebRebates0] “C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe”
O4 - HKLM…\Run: [surfSideKick 2] D:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [Windows Services] service32.exe
O4 - HKLM…\Run: [Kaspersky Internet Security 2006 (Proto 2)] C:\PROGRAM FILES\KASPERSKY LAB\AVP6\AVP.EXE
O4 - HKLM…\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM…\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe
O4 - HKLM…\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM…\RunServices: [MDM7] “C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE”
O4 - HKLM…\RunServices: [AstonShellDoctor] shDoctor.exe check
O4 - HKLM…\RunServices: [Windows Services] service32.exe
O4 - HKLM…\RunServices: [AVP] C:\PROGRAM FILES\KASPERSKY LAB\AVP6\AVP.EXE -r
O4 - HKCU…\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU…\Run: [surfSideKick 2] D:\PROGRAM FILES\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU…\Run: [skype] “C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE” /nosplash /minimized
O4 - HKCU…\Run: [Windows Services] service32.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray
O4 - HKCU…\RunServices: [Windows Services] service32.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
O9 - Extra button: Script Checker - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\PROGRAM FILES\KASPERSKY LAB\AVP6\SCIEPLUGIN.DLL
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://67.15.101.3/g_bin/pl/pirate_2_0_0_18.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares … cracks.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. … 002feb2f13
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_30.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media … dge-c6.cab