Gość: AGNIESZKA
IP: *.neoplus.adsl.tpnet.pl
18.01.05, 17:37
Logfile of HijackThis v1.99.0
Scan saved at 17:16:00, on 2005-01-18
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\defragfatx.exe
C:\WINDOWS\system\lsvchost.exe
C:\windows\system32\csmss32.exe
C:\Program Files\eMule\eMule.exe
C:\WINDOWS\System32\t?skmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\tomek\Dane aplikacji\hccr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tomek\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.onet.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~2.DLL
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru
awaps.net ca.com dispatch.mcafee.com download.mcafee.com
download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com
ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com
mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com
networkassociates.com office.microsoft.com phx.corporate-ir.net
secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com
spd.atdmt.com support.microsoft.com symantec.com update.symantec.com
updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru
windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net
www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com
www.nai.com www.networkassociates.com www.sophos.com www.symantec.com
www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: (no name) - {17B98A4B-30D3-3B7F-FD5C-1F944EEADCCD} -
C:\WINDOWS\System32\qgqxi.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {A608B132-0FA1-0D57-879B-73A2AD87669A} -
C:\WINDOWS\System32\jbcylzy.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
Service\DeskAdServ.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: []KL[HI^YZ] C:\WINDOWS\System32\fsucyvklspm.exe
O4 - HKLM\..\Run: [MS Office32cb Startup] OfficeGUI32cb.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\ypgagy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system32\defragfatx.exe
O4 - HKLM\..\Run: [.mscdsr] C:\WINDOWS\system\lsvchost.exe
O4 - HKLM\..\Run: [spoolsvr32] c:\windows\system32\csmss32.exe
O4 - HKLM\..\RunServices: [MS Office32cb Startup] OfficeGUI32cb.exe
O4 - HKLM\..\RunServices: []KL[HI^YZ] C:\WINDOWS\System32\fsucyvklspm.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Auac] C:\Documents and Settings\tomek\Dane
aplikacji\rsse.exe
O4 - HKCU\..\Run: [Nnbkh] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS Office32cb Startup] OfficeGUI32cb.exe
O4 - HKCU\..\Run: [Wkbzo] C:\WINDOWS\System32\w?wexec.exe
O4 - HKCU\..\Run: [Sses] C:\Documents and Settings\tomek\Dane
aplikacji\hccr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) -
http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) -
http://advnt01.com/dialer/russia.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=1562
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A47C3CA-DD9C-4EBE-BA63-
14871E53BCE0}: NameServer = 194.204.152.34 217.98.63.164
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} -
C:\WINDOWS\System32\Jahgchnl.dll
O21 - SSODL: mtkle - {BCCA4F93-60AE-411D-AE87-5A4DCFE72FAC} -
C:\WINDOWS\System32\ouxh32.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32
\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corpor
