Logfile of HijackThis v1.98.2
Scan saved at 14:24:22, on 2004–08–09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNetropaMultimedia Keyboard hksrv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesAnalog DevicesSoundMAXsmagent.exe
C:WINDOWSSYSTEM32ONELABSvsmon.exe
C:PROGRA~1MouseAmoumain.exe
C:Program FilesAnalog DevicesSoundMAXSMTray.exe
C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
C:PROGRA~1ONELA~1ONEAL~1zlclient.exe
C:Program FilesWinampwinampa.exe
C:Documents and SettingsMagdalena MłynikPulpitGadu–Gadugg.exe
C:Program FilesAVERTV2KQuickTV.exe
C:WINDOWS wain_32A4CISWATCH.exe
C:Program FilesNetropaMultimedia KeyboardTrayMon.exe
C:Program FilesNetropaOnscreen DisplayOSD.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsMagdalena MłynikUstawienia lokalneTempKatalog tymczasowy 1 dla hijackthis.zipHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = NOT USED (OK)
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = NOT USED (OK)
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = NOT USED (OK)
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = NOT USED (OK)
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = NOT USED (OK)
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSSYSTEMlank.htm
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {A9A674BF–771F–42E5–A440–D20DDA85A862} – C:WINDOWSSystem327e35ztsg2a.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1MouseAmoumain.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSMTray.exe
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [zSPGuard] c:program filespjwspguardspguard.exe /s /r
O4 – HKLM..Run: [Zone Labs Client] C:PROGRA~1ONELA~1ONEAL~1zlclient.exe
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKCU..Run: [uninstal] regsvr32 /u /s image.dll
O4 – HKCU..Run: [svrhost.exe] C:WINDOWSsystem32svrhost.exe
O4 – HKCU..Run: [svphost.exe] C:WINDOWSsystem32svphost.exe
O4 – HKCU..Run: [rate.exe] C:WINDOWSSystem32i11r54n4.exe
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [drvsys.exe] C:WINDOWSSystem32drvsys.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Documents and SettingsMagdalena MłynikPulpitGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [SpyKiller] C:Documents and SettingsMagdalena MłynikPulpitSpyKillerspykiller.exe /startup
O4 – Startup: Watch.lnk = C:WINDOWS wain_32A4CISWATCH.exe
O4 – Global Startup: TeleSA.lnk = C:Program FilesAVer TeletextAVerSA.exe
O4 – Global Startup: QuickTV.lnk = C:Program FilesAVERTV2KQuickTV.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O15 – Trusted Zone: *.greg–search.com
O16 – DPF: {11010101–1001–1111–1000–110112345678} – ms–its:mhtml:file://c: osuch.mht!http://69.31.79.180/winsearchie32.chm::/winsearchie32.exe
O16 – DPF: {11111111–1111–1111–1111–111111111171} – ms–its:mhtml:file://c:\nosuch.mht!http://line–plus.com/newhelp.chm::/newhelp.exe
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {7B297BFD–85E4–4092–B2AF–16A91B2EA103} (WScanCtl Class) – http://www3.ca.com/securityadvisor/virusinfo/webscan.cab