roma282
29.07.04, 14:42
Logfile of HijackThis v1.97.7
Scan saved at 14:47:38, on 2004-07-29
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Potrzebne\aswUpdSv.exe
D:\Potrzebne\ashServ.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\MKS\Bin\mks_mail.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
D:\WINAMP 5.0\Winamp\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\POTRZE~1\ashDisp.exe
D:\POTRZE~1\ashmaisv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Potrzebne\SCANERY\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-
6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} -
C:\WINDOWS\System32\rfch4yz8j09p27.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MailScanner] C:\Program Files\MKS\Bin\mks_mail.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\WINAMP 5.0\Winamp\winampa.exe
O4 - HKLM\..\Run: [xhlo] C:\WINDOWS\XHLO.exe
O4 - HKLM\..\Run: [athzrjj] "C:\WINDOWS\System32\athzrjj.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points
manager\points manager.exe -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AntyVirK] c:\windows\antyvirk.exe ukrt
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rmp] C:\WINDOWS\rmp.exe
O4 - HKLM\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - HKLM\..\Run: [avast!] D:\POTRZE~1\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] D:\POTRZE~1\ashmaisv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Komunikator] D:\Instalki\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\Gadu-
Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [WinMX] C:\Program Files\Winmx\WinMX.exe -m
O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - Startup: Power Project.lnk = Power GG\PowerGG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Menu mks_vir.lnk = C:\Program Files\MKS\Bin\mks_menu.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
D:\Instalki\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam -
D:\Instalki\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Download with Go!Zilla - file://D:\Go!
Zilla\download-with-gozilla.html
O8 - Extra context menu item: Download with TrueSpeed Download Manager -
C:\Program Files\TrueSpeed\DBooster.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
D:\Instalki\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - D:\Instalki\Avant
Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - D:\Instalki\Avant Browser\Search.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O9 - Extra button: Descargas (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) -
http://install.global-netcom.de/ieloader.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://www.netpaloffers.net/NetpalOffers/DMO1/eeka312.cab
O16 - DPF: {00622A21-90CF-11D3-BFD8-2C065D000000} -
https://sklep.elraty.pl/runtime.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) -
http://63.217.29.115/cax.cab
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) -
http://www.thepaymentcentre.com/build/preload.cab
O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78} (preload control) -
http://www.thepaymentcentre.com/build/preload2.cab
O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://C:\Info6.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {16A7470E-229C-45F9-AE05-A87034FD14CF} (UDConnect Class) -
http://01.sharedsource.org/html/UDConn_5.2.1.3.cab?
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSet
up1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) -
https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/hous
ecall/xscan53.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?
38047.0227314815
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A957CB75-EB22-408A-B718-58F390AF7C53} (obl_cli.obl_cli) -
https://sklep.elraty.pl/skk.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GINWORDSSINGLE Class) -
http://gryonline.wp.pl/files/wordssingle_2_0_0_16.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainC
