Gość: hania
IP: *.arcor-ip.net
25.03.05, 12:54
Logfile of HijackThis v1.99.1
Scan saved at 12:43:20, on 25.03.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOINTGR.EXE
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programme\CyberLink\PowerDVD\PowerDVD.exe
C:\Programme\AVPersonal\AVSCHED32.EXE
C:\Programme\Netropa\Onscreen Display\OSD.exe
C:\LifeView FlyVideo\RecSche.exe
C:\Programme\QuickTime\qttask.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system32\lbbascd.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\Dokumente und Einstellungen\Chromik\Anwendungsdaten\esam.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\windows\system32\calc.exe
C:\Programme\Mouse\Mouse Control\Panel.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Dokumente und Einstellungen\Chromik\Eigene
Dateien\Hanja\€hania\HijackThis.exe
C:\Programme\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/0,0.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
www.arcor.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} -
C:\WINDOWS\ceres.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {47149BEF-2A73-74A9-2BB1-7195CEA1DCC2} -
C:\WINDOWS\System32\dmif.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F308EE17-0E8E-5057-879B-03A2DDA26D96} -
C:\WINDOWS\System32\vhffgkg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programme\Netropa\Multimedia
Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [PowerDVD]
C:\Programme\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [RecSche] C:\LifeView FlyVideo\RecSche.exe /Startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows
ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [hdaq7zzy] C:\Programme\hdaq7zzy\hdaq7zzy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02
\bin\jusched.exe
O4 - HKLM\..\Run: [lbbascd] c:\windows\system32\lbbascd.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [B0A047EC] C:\WINDOWS\System32\hsfljlvcej.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programme\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Sfhn] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [Sdrl] C:\Dokumente und
Einstellungen\Chromik\Anwendungsdaten\esam.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Global Startup: Mouse Control Center.lnk = C:\Programme\Mouse\Mouse
Control\Panel.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak
EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK
Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} -
freeload.cc/secure/ieloader.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -
www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -
www1.pc-sicherheit.web.de/ols/fscax.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB}
(VacPro.internazionale_ver4) -
advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {9EAC0186-5F5A-4362-B120-15C312CE012D} -
www.awmdabest.com/cabl/319/tb.cab
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D}
(VacPro.internazionale_ver10) -
<a href="advnt01.com/dialer/