paw8
05.06.05, 09:40
Logfile of HijackThis v1.99.1
Scan saved at 09:37:10, on 2005-06-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\jrupsvc.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\Drivers\svchost.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\godqdll.exe
C:\WINDOWS\godqenc.EXE
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\newdial1.exe
C:\WINDOWS\System32\newdial1.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\newdial1.exe
C:\WINDOWS\System32\newdial1.exe
D:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: SpywareGuard Download Protection -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -
C:\WINDOWS\System32\nsy3C.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services]
C:\WINDOWS\System32\Drivers\svchost.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [godqdll] C:\WINDOWS\godqdll.exe
O4 - HKLM\..\Run: [godqenc] C:\WINDOWS\godqenc.EXE
O4 - HKLM\..\Run: [_Cat4] C:\WINDOWS\msmsgr2.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Microsoft AntiSpyware helper -
{C2610784-E278-4B49-B6F5-9080E8048FD8} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
{C2610784-E278-4B49-B6F5-9080E8048FD8} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper -
{C2610784-E278-4B49-B6F5-9080E8048FD8} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
{C2610784-E278-4B49-B6F5-9080E8048FD8} - C:\WINDOWS\System32\wldr.dll (HKCU)
O15 - Trusted Zone: *.bestcounter.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 195.95.218.170
O17 -
HKLM\System\CCS\Services\Tcpip\..\{593EF498-A1C8-46E9-A6B8-372CF1B4CEFD}:
NameServer = 194.204.152.34,194.204.159.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\jrupsvc.exe