O4 – HKLM\..\Run: [Media service] notpad.exe
O4 – HKLM\..\Run: [Windows Network Controller] Win9x.exe
O4 – HKLM\..\Run: [MSN32 Z Services] MSN32z.EXE
O4 – HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe

O4 – HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe –boot
Ten program odinstaluj bo to fałszywiec

O4 – HKLM\..\RunServices: [Media service] notpad.exe
O4 – HKLM\..\RunServices: [Windows Network Controller] Win9x.exe
O4 – HKLM\..\RunServices: [MSN32 Z Services] MSN32z.EXE
O4 – HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 – HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\RunOnce: [Windows Network Controller] Win9x.exe
O4 – HKCU\..\Run: [Windows Network Controller] Win9x.exe
O4 – HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 – HKCU\..\RunOnce: [Windows Network Controller] Win9x.exe
O4 – HKCU\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe

C:\WINDOWS\System32\notpad.exe
C:\WINDOWS\System32\MSN32z.EXE
O4 – HKLM\..\Run: [Media service] notpad.exe
O4 – HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\Run: [Windows Network Controller] Win9x.exe
O4 – HKLM\..\Run: [MSN32 Z Services] MSN32z.EXE
O4 – HKLM\..\RunServices: [Media service] notpad.exe
O4 – HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\RunServices: [Windows Network Controller] Win9x.exe
O4 – HKLM\..\RunServices: [MSN32 Z Services] MSN32z.EXE
O4 – HKLM\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\RunOnce: [Windows Network Controller] Win9x.exe
O4 – HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 – HKCU\..\Run: [Windows Network Controller] Win9x.exe
O4 – HKCU\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 – HKCU\..\RunOnce: [Windows Network Controller] Win9x.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm

Logfile of HijackThis v1.99.1
Scan saved at 17:24:31, on 2005–07–02
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\notpad.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\MSN32z.EXE
C:\WINDOWS\System32\sysmsvc.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\System32\msiexec.exe
C:\DOCUME~1\chab\USTAWI~1\Temp\_tc\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: PopUpCop – {DB43E4E6–FF8A–4018–8C8E–F68587A44A73} – C:\PROGRA~1\POPUPCOP\PopUpCop.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [Media service] notpad.exe
O4 – HKLM\..\Run: [Windows Network Controller] Win9x.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [MSN32 Z Services] MSN32z.EXE
O4 – HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe –boot
O4 – HKLM\..\RunServices: [Media service] notpad.exe
O4 – HKLM\..\RunServices: [Windows Network Controller] Win9x.exe
O4 – HKLM\..\RunServices: [MSN32 Z Services] MSN32z.EXE
O4 – HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 – HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\RunOnce: [Windows Network Controller] Win9x.exe
O4 – HKCU\..\Run: [Windows Network Controller] Win9x.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 – HKCU\..\RunOnce: [Windows Network Controller] Win9x.exe
O4 – HKCU\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 – Global Startup: GetRight – Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Open Image in New Window – res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120056799734
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{0D181416–4D7C–4E56–923F–0CAE4EED291B}: NameServer = 194.204.152.34,194.204.159.1
O17 – HKLM\System\CCS\Services\Tcpip\..\{5D15DB4D–89F9–48AF–8C25–A3FEF6C9EB9D}: NameServer = 194.204.152.34,194.204.159.1
O17 – HKLM\System\CS1\Services\Tcpip\..\{0D181416–4D7C–4E56–923F–0CAE4EED291B}: NameServer = 194.204.152.34,194.204.159.1
O17 – HKLM\System\CS2\Services\Tcpip\..\{0D181416–4D7C–4E56–923F–0CAE4EED291B}: NameServer = 194.204.152.34,194.204.159.1
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe

Logfile of HijackThis v1.99.1
Scan saved at 17:24:19, on 2005–07–02
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PowerS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett–Packard\HP Share–to–Web\hpgs2wnd.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\notpad.exe
C:\WINDOWS\System32\MSN32z.EXE
C:\Program Files\Tlen.pl\tlen.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Prolink\PlayTV HD\TVSCHL.EXE
C:\Program Files\Prolink\PlayTV PVR\TVRMVCR.EXE
C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
C:\Program Files\EdgeCAM\Cam\edgecls.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\CHAB\USTAWI~1\TEMP\_tc\HIJACK~1.EXE

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe"
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [Share–to–Web Namespace Daemon] C:\Program Files\Hewlett–Packard\HP Share–to–Web\hpgs2wnd.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKLM\..\Run: [Media service] notpad.exe
O4 – HKLM\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\Run: [Windows Network Controller] Win9x.exe
O4 – HKLM\..\Run: [MSN32 Z Services] MSN32z.EXE
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\RunServices: [Media service] notpad.exe
O4 – HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\RunServices: [Windows Network Controller] Win9x.exe
O4 – HKLM\..\RunServices: [MSN32 Z Services] MSN32z.EXE
O4 – HKLM\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 – HKLM\..\RunOnce: [Windows Network Controller] Win9x.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 – HKCU\..\Run: [Windows Network Controller] Win9x.exe
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\RunOnce: [sysPersonalFirewall] msnmssgr.exe
O4 – HKCU\..\RunOnce: [Windows Network Controller] Win9x.exe
O4 – Global Startup: TVSCHL.lnk = C:\Program Files\Prolink\PlayTV HD\TVSCHL.EXE
O4 – Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV PVR\TVRMVCR.EXE
O4 – Global Startup: TV Scheduler.lnk = C:\Program Files\Prolink\PlayTV PVR\TVSCHL.EXE
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE
O4 – Global Startup: EdgeCLS6.50.lnk = C:\Program Files\EdgeCAM\Cam\edgecls.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{AA65C872–E02E–4437–8C23–F08AA0BCFC51}: NameServer = 194.204.152.34,194.204.159.1
O17 – HKLM\System\CCS\Services\Tcpip\..\{FC7F279B–8AE8–4FCC–B24F–0362A89F79F9}: NameServer = 194.204.152.34,194.204.159.1
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: C–DillaSrv – C–Dilla Ltd – C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 – Service: Crypkey License – Kenonic Controls Ltd. – C:\WINDOWS\SYSTEM32\crypserv.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe