Logfile of HijackThis v1.99.1 Scan saved at 23:33:29, on 2007-02-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Labtec\Desktop\V5.1\moffice.exe C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe C:\WINDOWS\System32\winlogin32.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Save\Save.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Elwira\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla RootkitRevealer.zip\RootkitRevealer.exe C:\Documents and Settings\Elwira\Ustawienia lokalne\Temp\RootkitRevealer\RootkitRevealer.exe C:\DOCUME~1\Elwira\USTAWI~1\Temp\EZSB.exe C:\Documents and Settings\Elwira\Pulpit\HijackThis1991.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfobox.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL F2 - REG:system.ini: Shell=Explorer.exe msi32java.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msi32java.exe O1 - Hosts: 200.80.43.9 aquasonyc.sudnet.org O1 - Hosts: 217.96.35.130 auto.search.msn.com O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize O4 - HKLM\..\Run: [yahoo inc.] ypages.exe O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [newname] C:\\newname3.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe O4 - HKLM\..\Run: [cpanel] C:\WINDOWS\System32\winlogin32.exe O4 - HKLM\..\Run: [IRQ Assigning Agent] IRQconf.exe O4 - HKLM\..\Run: [A01FA6CE] C:\WINDOWS\System32\mlsdf8h5749274.exe O4 - HKLM\..\RunServices: [MS Config] msdconfig.exe O4 - HKLM\..\RunServices: [yahoo inc.] ypages.exe O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msi32java.exe O4 - HKLM\..\RunServices: [IRQ Assigning Agent] IRQconf.exe O4 - HKLM\..\RunServices: [A01FA6CE] C:\WINDOWS\System32\mlsdf8h5749274.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [yahoo inc.] ypages.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [cpanel] C:\WINDOWS\System32\winlogin32.exe O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe" O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msi32java.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7B78FFEF-74EC-44FF-99E7-49C86628E0E8}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\lv0o09d3e.dll (file missing) O23 - Service: Print Spooler Service (a0cgy6ss5) - Unknown owner - C:\WINDOWS\System32\mlsdf8h5749274.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CTF Monitor Service (CTFMN) - Unknown owner - C:\WINDOWS\System32\ctfmsvc.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: EZSB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Elwira\USTAWI~1\Temp\EZSB.exe O23 - Service: IAIARBC - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Elwira\USTAWI~1\Temp\IAIARBC.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)