1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91. | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:18, on 2009-05-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\ESET\\ESET Smart Security\\ekrn.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Canon\\IJPLM\\IJPLMSVC.EXE
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\PnkBstrA.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\SOUNDMAN.EXE
C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe
C:\\Program Files\\ScanSoft\\OmniPageSE4\\OpwareSE4.exe
C:\\Program Files\\Winamp\\winampa.exe
C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe
C:\\WINDOWS\\system32\\RUNDLL32.EXE
D:\\Program Files\\DAEMON Tools Lite\\daemon.exe
C:\\WINDOWS\\system32\\ctfmon.exe
D:\\Program Files\\MoorHunt\\MoorHunt.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
D:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.pl/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Łącza
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_BHO.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\VeohIEToolbar.dll
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\\..\\Run: [Sunkist2k] C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe
O4 - HKLM\\..\\Run: [OpwareSE4] \"C:\\Program Files\\ScanSoft\\OmniPageSE4\\OpwareSE4.exe\"
O4 - HKLM\\..\\Run: [WinampAgent] \"C:\\Program Files\\Winamp\\winampa.exe\"
O4 - HKLM\\..\\Run: [HPDJ Taskbar Utility] C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb12.exe
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [egui] \"C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe\" /hide /waitservice
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\\..\\Run: [ALLUpdate] \"D:\\Program Files\\ALLPlayer\\ALLUpdate.exe\" \"sleep\"
O4 - HKCU\\..\\Run: [DAEMON Tools Lite] \"D:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = D:\\Program Files\\Microsoft Office\\Office12\\ONENOTEM.EXE
O4 - Global Startup: 802.11g Wireless LAN PCI Card Utility.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\\PROGRA~1\\MICROS~1\\Office12\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre6\\bin\\jp2iexp.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre6\\bin\\jp2iexp.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll
O9 - Extra \'Tools\' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\\PROGRA~1\\MICROS~1\\Office12\\REFIEBAR.DLL
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{02C9D0AA-CADE-47F1-853A-0F7407D36596}: NameServer = 192.0.6.1
O17 - HKLM\\System\\CS1\\Services\\Tcpip\\..\\{02C9D0AA-CADE-47F1-853A-0F7407D36596}: NameServer = 192.0.6.1
O17 - HKLM\\System\\CS2\\Services\\Tcpip\\..\\{02C9D0AA-CADE-47F1-853A-0F7407D36596}: NameServer = 192.0.6.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET Smart Security\\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET Smart Security\\ekrn.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\\Program Files\\Canon\\IJPLM\\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\\WINDOWS\\system32\\PnkBstrA.exe
--
End of file - 6860 bytes
|