Logfile of HijackThis v1.99.1
Scan saved at 21:03:28, on 2008-02-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSExplorer.EXE
c:windowssystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb09.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1CheckP3checkp3.exe
C:Program FilesCommon FilesAheadlibNMBgMonitor.exe
C:Program FilesSkypePhoneSkype.exe
C:PROGRA~1CACHEM~1CachemanXP.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32PnkBstrB.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesAlwil SoftwareAvast4ashSimpl.exe
C:Program FilesMicrosoft OfficeOffice10EXCEL.EXE
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSExplorer.EXE
C:Program FilesHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32secpol.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe"
O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb09.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [CheckP3] C:PROGRA~1CheckP3checkp3.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [amva] C:WINDOWSsystem32amvo.exe
O4 - Startup: hamachi.lnk = C:Program FilesHamachihamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]
O17 - HKLMSystemCCSServicesTcpip..{CCC5321C-DA8F-4709-92DF-18AAD420AB5B}: NameServer = 192.168.1.1
O17 - HKLMSystemCCSServicesTcpip..{D8EA8847-EB41-402D-8696-44C178391E60}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: fsmgmt - C:WINDOWSSYSTEM32fsmgmt.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWS
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:PROGRA~1CACHEM~1CachemanXP.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: MySql - Unknown owner - c:usr/MYSQL/bin/mysqld.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe
O23 - Service: Armed Assault Drivers Auto Removal (pr2agmlb) (pr2agmlb) - Bohemia Interactive - C:WINDOWSsystem32pr2agmlb.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:WINDOWSsystem32sfrem02.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2006WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:35:21, on 2008-02-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32agrsmsvc.exe
C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesNetLimiter 2 Pronlsvc.exe
C:Program FilesOneStepSearchonestep.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesNetLimiter 2 ProNLClient.exe
C:WINDOWSExplorer.EXE
C:Program FilesLG SoftwareIP OperatorIP Operator.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesFlashGet NetworkFlashgetFlashGet.exe
C:windowsGaduGadu.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesBPKwindows32.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesPPStreamPPStream.exe
C:Program FilesOneStepSearchonestep.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:totalcmdTOTALCMD.EXE
c:Program FilesHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://google.bearshare.com/pl/[/url]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:Program FilesBPKwindows32wb.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:Program FilesFlashGet NetworkFlashgetComDllsbhoCATCH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:PROGRA~1FlashFXPIEFlash.dll
O4 - HKLM..Run: [IPO3] "C:Program FilesLG SoftwareIP OperatorIP Operator.exe" -aUtOsTaRtFrOmReG
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [FlashGet] "C:Program FilesFlashGet NetworkFlashgetFlashGet.exe" /min
O4 - HKLM..Run: [GaduGadu] c:windowsGaduGadu.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Startup: PPS.lnk = C:Program FilesPPStreamPPStream.exe
O8 - Extra context menu item: &ĘąÓĂżěłľ(FlashGet)ĎÂÔŘ - C:Program FilesFlashGet NetworkFlashgetComDllsBholink.htm
O8 - Extra context menu item: &ĘąÓĂżěłľ(FlashGet)ĎÂÔŘČŤ˛żÁ´˝Ó - C:Program FilesFlashGet NetworkFlashgetComDllsBhoall.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:WINDOWSsystem32agrsmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:Program FilesNetLimiter 2 Pronlsvc.exe
O23 - Service: OneStep Search Service - Unknown owner - C:Program FilesOneStepSearchonestep.exe" "C:Program FilesOneStepSearchonestep.dll" Service (file missing)
O4 - HKCU..Run: [amva] C:WINDOWSsystem32amvo.exe
O20 - Winlogon Notify: fsmgmt - C:WINDOWSSYSTEM32fsmgmt.dll
C:Program FilesBPKwindows32.exe
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:Program FilesBPKwindows32wb.dll
C:Program FilesOneStepSearchonestep.exe
O23 - Service: OneStep Search Service - Unknown owner - C:Program FilesOneStepSearchonestep.exe" "C:Program FilesOneStepSearchonestep.dll" Service (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:55, on 2008-02-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesG DATA AntiVirusAVKAVKService.exe
C:Program FilesG DATA AntiVirusAVKAVKWCtl.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesCommon FilesG DATAAVKProxyAVKProxy.exe
C:WINDOWSExplorer.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesG DATA AntiVirusAVKTrayAVKTray.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
E:PROGRAMYZoneAlarmzlclient.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSferiaEasyWirelessNetEasyWirelessNet.exe
E:PROGRAMYSpybot - Search & DestroySpybotSD.exe
E:PROGRAMYGadu-Gadugg.exe
E:PROGRAMYOperaOpera.exe
E:PROGRAMYDAEMON Toolsdaemon.exe
C:PROGRA~1MOZILL~1FIREFOX.EXE
E:PROGRAMYHiJackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.yahoo.com[/url]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:Program FilesG DATA AntiVirusWebfilterAvkWebIE.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:PROGRAMYflashgetjccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:PROGRAMYRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:PROGRAMYSPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: LingTools Class - {7638AB14-B003-49F2-A342-D7BD4F7FD79A} - E:PROGRAMYSLOWNI~1toolbar.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesZoneAlarmSBbar1.binSPYBLOCK.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:PROGRAMYflashgetgetflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0ycomp5_6_0_1.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:Program FilesG DATA AntiVirusWebfilterAvkWebIE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesZoneAlarmSBbar1.binSPYBLOCK.DLL
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [LXCFCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [AVKTray] "C:Program FilesG DATA AntiVirusAVKTrayAVKTray.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [QuickTime Task] "E:PROGRAMYQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [ZoneAlarm Client] "E:PROGRAMYZoneAlarmzlclient.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "E:PROGRAMYAdobe Acrobat ReaderReaderReader_sl.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] E:PROGRAMYSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [Gadu-Gadu] "E:PROGRAMYGadu-Gadugg.exe" /tray
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:PROGRAMYflashgetjc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:PROGRAMYflashgetjc_all.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRAMYflashgetFlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRAMYflashgetFlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:PROGRAMYSPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:PROGRAMYSPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - [url]http://download.gigabyte.com.tw/object/Dldrv.ocx[/url]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url]http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192476870968[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]
O17 - HKLMSystemCCSServicesTcpip..{9C6E155B-872E-408F-9808-273DF2E2FE1A}: NameServer = 193.41.112.18 193.41.112.14
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:Program FilesCommon FilesG DATAAVKProxyAVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:Program FilesG DATA AntiVirusAVKAVKService.exe
O23 - Service: Strażnik AntiVirus (AVKWCtl) - G DATA Software AG - C:Program FilesG DATA AntiVirusAVKAVKWCtl.exe
O23 - Service: GoogleDesktopManager - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: lxcf_device - Unknown owner - C:WINDOWSsystem32lxcfcoms.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
--
End of file - 10023 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:14, on 2008-02-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesSlySoftCloneCDCloneCDTray.exe
C:windowssystem32rlvknlg.exe
C:Program FilesAgnitumTauscan 1.6Taumon.exe
C:WINDOWSSystem32WScript.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesOpenOffice.org 2.3programsoffice.exe
C:Program FilesOpenOffice.org 2.3programsoffice.BIN
C:WINDOWSsystem32svhcost.exe
C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesWinampwinamp.exe
C:Program FilesAdobeAcrobat 6.0 CEReaderAcroRd32.exe
C:WINDOWSsystem32wscript.exe
C:Program FilesJeticoBestCryptBCResident.exe
C:WINDOWSsystem32wscript.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.www.daemon-search.com/default[/url]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O1 - Hosts: 81.31.239.149 paypal.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:program filessteganos internet anonym pro 7siapro7iep.dll
O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM..Run: [CloneCDTray] "C:Program FilesSlySoftCloneCDCloneCDTray.exe" /s
O4 - HKLM..Run: [Microsoft] svhcost.exe
O4 - HKLM..Run: [RelevantKnowledge] C:windowssystem32rlvknlg.exe -boot
O4 - HKLM..Run: [Tau Monitor] C:Program FilesAgnitumTauscan 1.6Taumon.exe
O4 - HKLM..Run: [Item Viewer] F:Diabloitemview.exe /register
O4 - HKLM..Run: [MSRegInfo] C:WINDOWSpagefile.sys.vbs
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [uap1.4] C:Documents and SettingsZoMoPulpituap.exe task
O4 - HKLM..Run: [svchost] C:WINDOWSsvchostsvchost.exe
O4 - HKLM..Run: [BCWipeTM Startup] "C:Program FilesJeticoBestCryptBCWipeTM.exe" startup
O4 - HKLM..Run: [TSTray] "C:Program FilesG DATA SoftwareTopSecret Next GenerationTSTray.exe" /start
O4 - HKLM..RunServices: [Microsoft] svhcost.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [BitTorrent] "C:Program FilesBitTorrentbittorrent.exe" --force_start_minimized
O4 - HKCU..Run: [h0sts.exe1] C:WINDOWSh0sts.exe
O4 - HKCU..Run: [SIAPRO7] "C:Program FilesSteganos Internet Anonym Pro 7SIAPRO7.exe" -boot
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [AQQ] C:PROGRA~1WapSterAQQAQQ.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-19..RunOnce: [SIAPRO7] "C:Program FilesSteganos Internet Anonym Pro 7SIAPRO7.exe" -firstboot (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-20..RunOnce: [SIAPRO7] "C:Program FilesSteganos Internet Anonym Pro 7SIAPRO7.exe" -firstboot (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [SIAPRO7] "C:Program FilesSteganos Internet Anonym Pro 7SIAPRO7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - HKUS.DEFAULT..RunOnce: [SIAPRO7] "C:Program FilesSteganos Internet Anonym Pro 7SIAPRO7.exe" -firstboot (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:Program FilesOpenOffice.org 2.3programquickstart.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:Program FilesJeticoBestCryptBestCrypt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O17 - HKLMSystemCCSServicesTcpip..{92FA0B86-4708-4E7D-B5A2-F27104E705E9}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: hplun.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: Critical System Service BootDrv (BootDrv) - Unknown owner - C:WINDOWSsystem32BootDSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:Program FilesWinPcaprpcapd.exe
a moj?Logfile of HijackThis v1.99.1
Scan saved at 20:59:35, on 2008-02-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
Drogram Filescfosspd.exe
Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
Crogram FilesAnalog DevicesSoundMAXSMTray.exe
Drogram FilesHPHP Software UpdateHPWuSchd2.exe
Crogram FilesJavajre1.6.0_03binjusched.exe
C:WINDOWSsystem32RUNDLL32.EXE
Drogram FilescfoscFosSpeed.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesCommon FilesNeroLibNMBgMonitor.exe
Drogram FilesHPDigital Imagingbinhpqtra08.exe
Crogram FilesMicroStarWLANUtilityWlanUtility.exe
Drogram FilesHPDigital ImagingbinhpqSTE08.exe
Crogram FilesNeroNero8Nero BackItUpNBService.exe
Crogram FilesEsetnod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
drogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesCommon FilesNeroLibNMIndexingService.exe
Crogram FilesMicroStarWLANUtilityWLAN_Service.exe
Crogram FilesCommon FilesNeroLibNMIndexStoreSvr.exe
Drogram FilesHPDigital ImagingProduct Assistantbinhprblog.exe
Drogram FilesGadu-Gadugg.exe
drogram FilesWinampwinamp.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSsystem32cidaemon.exe
C:WINDOWSsystem32WISPTIS.EXE
Crogram FilesMozilla Firefoxfirefox.exe
D:HijackThis.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Drogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - Crogram FilesWinamp Toolbarwinamptb.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_03binssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Crogram FilesWinamp Toolbarwinamptb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [Smapp] Crogram FilesAnalog DevicesSoundMAXSMTray.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [HP Software Update] Drogram FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [NeroFilterCheck] Crogram FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "Crogram FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [QuickTime Task] "Drogram FilesK-Lite Codec PackQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [nod32kui] "Crogram FilesEsetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [cFosSpeed] Drogram FilescfoscFosSpeed.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = Drogram FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: WlanUtility.lnk = Crogram FilesMicroStarWLANUtilityWlanUtility.exe
O8 - Extra context menu item: &Winamp Toolbar Search - Cocuments and SettingsAll UsersDane aplikacjiWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://DROGRA~1OfficeOFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - DROGRA~1OfficeOFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLMSystemCCSServicesTcpip..{2A7BD452-A8A1-47C8-8E09-1249C939EE0B}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - Drogram Filescfosspd.exe" -service (file missing)
O23 - Service: MSI_WLAN_Service - Unknown owner - Crogram FilesMicroStarWLANUtilityWLAN_Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - Crogram FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - Crogram FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - Crogram FilesEsetnod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - drogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe[/b]
O23 - Service: Client/Server Runtime Server Subsystem (CSRSS) - Unknown owner - C:WINDOWScsrss.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 15:24:45, on 2008-02-16
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSSystem32wuauclt.exe
F:HijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.o2.pl/[/url]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [egui] "C:Program FilesESETESET NOD32 Antivirusegui.exe" /hide /waitservice
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O17 - HKLMSystemCCSServicesTcpip..{669658A3-97D2-4167-AC21-3B93887D0371}: NameServer = 81.219.24.1,81.219.24.221
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Client/Server Runtime Server Subsystem (CSRSS) - Unknown owner - C:WINDOWScsrss.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
ComboFix 08-02-12.3 - Dzusta 2008-02-16 15:28:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.93 [GMT 1:00]
Running from: F:ComboFixComboFix.exe
[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]
.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.
2008-02-15 23:17 . 2008-02-16 02:10 176,128 --a------ C:WINDOWSsystem32jxv.exe
2008-02-15 00:29 . 2008-02-15 00:29 12,288 --ah----- C:WINDOWSsystem32qtjoyuia.exe
2008-02-13 23:38 . 2008-02-13 23:38 13,147 --a------ C:WINDOWSsystem32cehoxk.exe
2008-02-12 23:32 . 2008-02-12 23:32 <DIR> d-------- C:Program FilesESET
2008-02-12 23:32 . 2008-02-12 23:32 <DIR> d-------- C:Documents and SettingsAll Users.WINDOWSDane aplikacjiESET
2008-02-12 15:51 . 2008-02-12 15:51 64 --a------ C:ComboFix.txt.bat
2008-01-27 21:05 . 2008-01-27 21:05 193,880 -rah----- C:WINDOWSsystem32cpnprt2.cid
2008-01-17 02:00 . 2008-01-17 02:00 <DIR> d-------- C:drivers
2008-01-17 01:09 . 2002-08-29 01:50 24,960 --a------ C:WINDOWSsystem32driversusbprint.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 01:13 --------- d-----w C:Program FilesPhotoFiltre
2008-02-13 00:19 --------- d-----w C:Program FilesWinamp
2008-02-13 00:03 --------- d-----w C:Program FilesHD Tune
2008-02-13 00:02 --------- d-----w C:Program FilesGadu-Gadu
2008-02-12 23:06 --------- d-----w C:Program Files3D Flash Animator 4 Release 5
2008-02-11 16:26 --------- d-----w C:Documents and SettingsAll Users.WINDOWSDane aplikacjiSpybot - Search & Destroy
2008-02-10 20:28 --------- d-----w C:Program FilesSpybot - Search & Destroy
2008-01-17 01:11 --------- d-----w C:Program FilesSubEdit-Player
2008-01-10 22:20 --------- d-----w C:Program FilesGoogle
2008-01-10 00:31 --------- d-----w C:Program Filesmicrosoft frontpage
2008-01-10 00:31 --------- d-----w C:Documents and SettingsDzustaDane aplikacjiMicrosoft Web Folders
2008-01-10 00:28 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-01-10 00:28 --------- d-----w C:Documents and SettingsAll Users.WINDOWSDane aplikacjiBVRP Software
2007-12-22 01:02 --------- d-----w C:Program FilesVisualRoute
2007-12-22 00:27 --------- d--h--w C:Program FilesCommon FilesCarlson
2007-12-22 00:08 30,601 ----a-w C:WINDOWSjavax.exe
2007-12-14 18:03 42,496 ----a-w C:WINDOWSsystem32ftp.exe
2007-12-14 18:03 16,896 ----a-w C:WINDOWSsystem32tftp.exe
2007-07-27 11:42 92,064 ----a-w C:Documents and SettingsDzustamqdmmdm.sys
2007-07-27 11:42 9,232 ----a-w C:Documents and SettingsDzustamqdmmdfl.sys
2007-07-27 11:42 79,328 ----a-w C:Documents and SettingsDzustamqdmserd.sys
2007-07-27 11:42 66,656 ----a-w C:Documents and SettingsDzustamqdmbus.sys
2007-07-27 11:42 6,208 ----a-w C:Documents and SettingsDzustamqdmcmnt.sys
2007-07-27 11:42 5,936 ----a-w C:Documents and SettingsDzustamqdmwhnt.sys
2007-07-27 11:42 4,048 ----a-w C:Documents and SettingsDzustamqdmcr.sys
2007-07-27 11:42 25,600 ----a-w C:Documents and SettingsDzustausbsermptxp.sys
2007-07-27 11:42 22,768 ----a-w C:Documents and SettingsDzustausbsermpt.sys
2007-01-21 10:58 774,144 ----a-w C:Program FilesRngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"swg"="C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" [ ]
"CTFMON.EXE"="C:WINDOWSSystem32ctfmon.exe" [2002-09-20 18:05 13312]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [ ]
"egui"="C:Program FilesESETESET NOD32 Antivirusegui.exe" [2007-11-23 21:51 1410304]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSSystem32CTFMON.EXE" [2002-09-20 18:05 13312]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
MSN Messenger REG_SZ C:WINDOWSlsass.exe
R1 epfwtdir;epfwtdir;C:WINDOWSSystem32DRIVERSepfwtdir.sys [2007-11-23 21:52]
S2 CSRSS;Client/Server Runtime Server Subsystem;"C:WINDOWScsrss.exe" []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-02-16 15:35:28
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-16 15:38:58
ComboFix-quarantined-files.txt 2008-02-16 14:38:45
ComboFix2.txt 2008-02-12 21:28:40
ComboFix3.txt 2008-02-12 15:54:56
Originally posted by Alliata
O8 - Extra context menu item: &Winamp Toolbar Search - Cocuments and SettingsAll UsersDane aplikacjiWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Crogram FilesWinamp Toolbarwinamptb.dll (file missing)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - Crogram FilesWinamp Toolbarwinamptb.dll (file missing)