Gość: xeper
IP: *.neoplus.adsl.tpnet.pl
31.10.05, 17:48
Logfile of HijackThis v1.99.1
Scan saved at 17:44:07, on 05-10-31
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
D:\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE
C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE
C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\EMULE\EMULE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
szukaj.wp.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\SYSTEM\PROTECT32.DLL/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\SYSTEM\PROTECT32.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\SYSTEM\PROTECT32.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\SYSTEM\PROTECT32.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\SYSTEM\PROTECT32.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {59274CD1-8E4E-1325-A97B-8F86DE08B187} -
MNTP.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
C:\WINDOWS\LOCALNRD.DLL
O2 - BHO: (no name) - {68F03B00-6D91-11D9-A89A-00079506C84D} -
C:\WINDOWS\SYSTEM\MSDDA.DLL (file missing)
O2 - BHO: (no name) - {76DB2861-6D91-11D9-A89A-000716BF293A} -
C:\WINDOWS\SYSTEM\PROTECT32.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} -
C:\WINDOWS\SYSTEM\IESP1.DLL (file missing)
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio
Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [LWBMOUSE] C:\PROGRA~1\NETMOU~1\V2.0\NETMOUSE.EXE
O4 - HKLM\..\Run: [SiSSWLED] C:\WINDOWS\SYSTEM\sisswled.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Linksts] Linksts.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRAM FILES\NEOSTRADA
TP\taskbaricon.exe
O4 - HKLM\..\Run: [egpzgfbqboy] C:\WINDOWS\SYSTEM\srzwzk.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [uio] Dest068.exe
O4 - HKLM\..\Run: [xwiz] powerdll.exe
O4 - HKLM\..\Run: [AdTools Service] C:\PROGRAM FILES\ADTOOLS
SERVICE\ADTOOLS.EXE
O4 - HKLM\..\Run: [SPRESTRST] C:\WINDOWS\SYSTEM\SPRESTRST.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Kaspersky Anti-Virus
Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [kavsvc] "D:\Kaspersky Anti-Virus
Personal\kavsvc.exe"
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [newbreed] zantu.exe
O4 - HKCU\..\Run: [prcmon] ms-its.exe
O4 - HKCU\..\Run: [SAPSTR] WTFCTF.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Dane
aplikacji\Microsoft\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM
FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.63.219.181.7
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O18 - Filter: text/html - {76DB2860-6D91-11D9-A89A-000779F38CA1} -
C:\WINDOWS\SYSTEM\PROTECT32.DLL
O18 - Filter: text/plain - {76DB2860-6D91-11D9-A89A-000779F38CA1} -
C:\WINDOWS\SYSTEM\PROTECT32.DLL