browanx
17.10.05, 22:50
Logfile of HijackThis v1.99.1
Scan saved at 14:28:06, on 2005-10-16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\winstall.exe
C:\WINDOWS\tool2.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe
C:\freescan\freescan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Klaus\Ustawienia lokalne\Temp\Katalog tymczasowy
1 dla hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Łącza
F2 - REG:system.ini: Shell=explorer.exe "c:\program files\common
files\microsoft shared\web folders\ibm00001.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: CSABHO Object - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -
c:\program files\zangoclient\zanuhook.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media
Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
/partner BO1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program
Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration
Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program
Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and
Settings\Klaus\Pulpit\Gadu-Gadu\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft
Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware
Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet
Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) -
advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111111} -
www.sexmagia.pl/sexmagia.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127576087700
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} -
installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC -
C:\Program Files\Spyware Cleaner\SCService.exe