Gość: just
IP: *.neoplus.adsl.tpnet.pl
27.03.05, 23:51
Logfile of HijackThis v1.99.1
Scan saved at 23:49:48, on 2005-03-27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\Sqq.exe
C:\WINDOWS\System32\ntddetect.exe
C:\WINDOWS\System32\Services\{052894DE-54E1-4515-B900-0CB7ECFE3CF5}\SVCHOST.EXE
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\0q6tfmnr\0q6tfmnr.exe
C:\WINDOWS\nmstt.exe
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
C:\windows\system32\saie.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\sys11-1334118818.exe
C:\WINDOWS\SysCheckBop32.exe
C:\WINDOWS\System32\tibs.exe
c:\125029.exe
C:\WINDOWS\System32\aircity.exe
G:\A D A M\I N S T A L K I\ZAINSTALOWANE\GG\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\sees.exe
C:\WINDOWS\System32\j?vaw.exe
C:\WINDOWS\System32\tibs.exe
C:\WINDOWS\System32\mocih.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\0q6tfmnr\7791600.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\System32\aircity.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\125029.exe
G:\A D A M\I N S T A L K I\opera\Opera.exe
C:\WINDOWS\System32\dev32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\DOCUME~1\ADAMJU~1\USTAWI~1\Temp\auf7.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\msnml3.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\System32\nvcsnd.exe
C:\DOCUME~1\ADAMJU~1\USTAWI~1\Temp\~compoundinst0\auto_update_loader.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
E:\JUSTYNA - różne\Nowy folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADAMJU~1\USTAWI~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADAMJU~1\USTAWI~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {6B9EFCE0-D962-4D27-BEB6-EB400805633D} - C:\WINDOWS\System32\ihag.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [Sbr] C:\WINDOWS\Sqq.exe
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\ADAMJU~1\USTAWI~1\Temp\keep.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{052894DE-54E1-4515-B900-0CB7ECFE3CF5}\SVCHOST.EXE
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [0q6tfmnr] C:\Program Files\0q6tfmnr\0q6tfmnr.exe
O4 - HKLM\..\Run: [Pae] C:\WINDOWS\System32\Rfb.exe
O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADAMJU~1\USTAWI~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [vozkper] C:\WINDOWS\vozkper.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Dane aplikacji\msw\BMan1.exe
O4 - HKLM\..\Run: [Cfs] C:\WINDOWS\System32\Ded.exe
O4 - HKLM\..\Run: [Vqq] C:\WINDOWS\System32\Ajk.exe
O4 - HKLM\..\Run: [sys11-1334118818] C:\WINDOWS\sys11-1334118818.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\System32\Cache\cxtpls_loader.exe" /HideUninstall /HideDir /PC=CP.FHB /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitexig32.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Vkq] C:\WINDOWS\System32\Hmb.exe
O4 - HKLM\..\Run: [Hji] C:\WINDOWS\Ocq.exe
O4 - HKLM\..\Run: [Jiq] C:\WINDOWS\Rkc.exe
O4 - HKLM\..\Run: [Hmr] C:\WINDOWS\System32\Vrn.exe
O4 - HKLM\..\Run: [Fdt] C:\WINDOWS\System32\Jgd.exe
O4 - HKLM\..\Run: [Rql] C:\WINDOWS\System32\Bdk.exe
O4 - HKLM\..\Run: [Aru] C:\WINDOWS\Nrv.exe
O4 - HKLM\..\Run: [Bth] C:\WINDOWS\System32\Fcn.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\ADAMJU~1\USTAWI~1\Temp\~compoundinst0\auto_update_loader.exe" /HideUninstall /HideDir /PC=CP.FHB /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [375k3pQ] nvcsnd.exe
O4 - HKLM\..\RunS