Logfile of HijackThis v1.99.0
Scan saved at 15:09:56, on 4.2.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG70\avgamsvr.exe
C:\PROGRA~1\AVG70\avgupsvc.exe
C:\AVGNET\Admin\AVGTCP~1\avgtcpsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WinRoute\winroute.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\PROGRA~1\AVG70\avgcc.exe
C:\PROGRA~1\AVG70\avgemc.exe
C:\WinRoute\WrCtrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\outlook\OFFICE11\OUTLOOK.EXE
C:\Program Files\outlook\OFFICE11\WINWORD.EXE
C:\Program Files\wincmd\WINCMD32.EXE
Z:\Install\Antivirz\HijackThis2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.seznam.czR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://quickmetasear...said=acc0001_hoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.seznam.czR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://quickmetasear...said=acc0001_hoR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1; 192.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=Userinit.exe,TGBRFV_
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net server
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: STLinksCtrl Class - {B54BFA47-D897-49CA-9657-05EC9F80A32B} - C:\Program Files\STLinks\STLinks2.dll
O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:\Program Files\0CAT YellowPages\STIEbar2.dll
O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Program Files\0CAT YellowPages\STIEbar2.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG70\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\AVG70\avgemc.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe
O4 - HKCU\..\Run: [WrCtrl] C:\WinRoute\WrCtrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\prvdi.exe
O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar2.dll
O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar2.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\outlook\OFFICE11\REFIEBAR.DLL
O16 - DPF: KB KTpro Pack -
https://www.mojebank...t_pro_v1101.cabO16 - DPF: KB SH Pack -
https://www.mojebank...ars/sh_pack.cabO16 - DPF: MIB Pack -
https://www.mojebank..._pack_v1400.cabO16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} -
http://akamai.downlo...dtc32_EN_XP.cabO16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downlo...thv32_EN_XP.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1096719572703O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://212.80.66.25/...sCamControl.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.h.../qdiagh.cab?322O17 - HKLM\System\CCS\Services\Tcpip\..\{22B55846-7752-4617-BBD7-3D274555DFE7}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B2F276C-3F72-4B37-BF96-C96EEF93299A}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CCS\Services\Tcpip\..\{82C2A544-1EB1-4227-BDB4-D3CECD99E6C6}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{22B55846-7752-4617-BBD7-3D274555DFE7}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{22B55846-7752-4617-BBD7-3D274555DFE7}: NameServer = 81.27.192.33,81.27.192.97
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\AVG70\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\AVG70\avgupsvc.exe
O23 - Service: AVG7 TCP Server - GRISOFT, s.r.o. - C:\AVGNET\Admin\AVGTCP~1\avgtcpsv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WinRoute Pro 4.2 - Unknown - C:\WinRoute\winroute.exe
\?????? help