Gość: agnieszka
IP: 80.51.233.*
20.03.05, 17:40
Logfile of HijackThis v1.99.1
Scan saved at 17:39:01, on 2005-03-20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Wiadomek\Wiadomek.exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
c:\searchpage.html#1507
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
file://C:\WINDOWS\System32/left.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.bankmacieja.com/pages/rotator.php?user=garden54
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
c:\searchpage.html#1507
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
c:\searchpage.html#1507
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
c:\searchpage.html#1507
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
c:\searchpage.html#1507
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
c:\searchpage.html#1507
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
searchmyrequest.com/hp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=e:\colins\watch.exe
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} -
C:\WINDOWS\BTGrab.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} -
C:\WINDOWS\System32\inetp60.dll
O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} -
C:\WINDOWS\System32\msiefr40.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} -
C:\WINDOWS\System32\stlb2.dll (file missing)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Fun and Games Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} -
C:\WINDOWS\DOWNLO~1\potwbar.dll
O2 - BHO: (no name) - {61AD6F5B-9630-0A99-875E-63557BA47B6C} -
C:\WINDOWS\System32\qnop.dll (file missing)
O2 - BHO: browsebyte - {83662615-AC03-9B23-07F6-86F0D0865739} - C:\PROGRA~1
\GREATD~1\Vga gpl.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -
C:\WINDOWS\Downloaded Program Files\bridge.dll (file missing)
O2 - BHO: Curl Class - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} -
C:\WINDOWS\System32\NDrv.dll (file missing)
O2 - BHO: UrlCatcher Class - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -
C:\WINDOWS\System32\apuc.dll (file missing)
O2 - BHO: TestMyIE2 Class - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} -
C:\WINDOWS\System32\mshelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: longbuildanti - {AB33EE07-3FD8-1531-AFC5-C6283FF1E616} -
C:\PROGRA~1\GREATD~1\Vga gpl.dll (file missing)
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} -
C:\WINDOWS\System32\stlb2.dll (file missing)
O3 - Toolbar: Fun and Games Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7BA09AAA7D} -
C:\WINDOWS\DOWNLO~1\potwbar.dll
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program
Files\bridge.dll",Load
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [New Hope] C:\DOCUME~1\AGNIES~1\DANEAP~1\Binusernurb\pop
type heck.exe
O4 - HKLM\..\Run: [kbsv] C:\WINDOWS\kbsv.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
\bin\jusched.exe
O4 - HKLM\..\Run: [Windows HTTP SubSystem] C:\WINDOWS\System32\winhttp.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32
\inetp60.dll,DllRunServer
O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32
\msiefr40.dll,DllRunServer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egziwmotqqhs] C:\WINDOWS\System32\sjdysx.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\He