Logfile of HijackThis v1.99.1
Scan saved at 15:08:01, on 2007-02-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programki\Różne\Do telefonow\BTNtService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~2\Ochrona\eScan\TRAYSSER.EXE
C:\Programki\Ghost\GhostStartService.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Programki\Różne\Alcohol\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~2\Ochrona\eScan\TRAYICOS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Programki\Ghost\GhostStartTrayApp.exe
C:\Programki\Do Filmów\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\LClock\LClock.exe
C:\PROGRA~2\Ochrona\eScan\MAILDISP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~2\Ochrona\eScan\MAILSCAN.EXE
C:\PROGRA~2\OCHRONA\ESCAN\SPOOLER.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~2\Ochrona\eScan\kavss.exe
C:\Programki\Różne\Kalendarz XP\Kalendarz.exe
G:\Pcwk32.exe
C:\Programki\Różne\Maxthon\Maxthon.exe
C:\Documents and Settings\Modixxx\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.haker.com.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programki\Różne\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [MailScan Dispatcher] “C:\Programki\Ochrona\eScan\LAUNCH.EXE”
O4 - HKLM…\Run: [eScan Updater] C:\PROGRA~2\Ochrona\eScan\TRAYICOS.EXE /App
O4 - HKLM…\Run: [eScan Monitor] C:\PROGRA~2\Ochrona\eScan\AVPMWrap.EXE
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM…\Run: [GhostStartTrayApp] C:\Programki\Ghost\GhostStartTrayApp.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Programki\Do Filmów\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 - HKLM…\Run: [WinampAgent] C:\Programki\Do Mp3\Winamp\winampa.exe
O4 - HKLM…\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Programki\Różne\Odkurzacz\odk_mcd.exe
O4 - HKCU…\Run: [ADS] C:\Windows\ADS.exe
O4 - HKCU…\Run: [VS Online] “C:\Programki\VS Online\VSOnline.exe” /tray
O4 - HKCU…\Run: [C] C:\WINDOWS\svchost.exe
O4 - HKCU…\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Firewall.lnk = ?
O4 - Global Startup: Kalendarz XP.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wyslij SMS’a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\Tcpip…{452BB5D9-9121-400C-8ADD-B2B6A0F90F9D}: NameServer = 85.255.116.24
O17 - HKLM\System\CCS\Services\Tcpip…{565F5E55-FC36-4A7D-8229-8692E32B573D}: NameServer = 85.255.116.24
O17 - HKLM\System\CCS\Services\Tcpip…{92D3BF04-6B97-4CCC-A9E0-69AE927DB1C0}: NameServer = 85.255.116.24
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.24 85.255.112.84
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.24 85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.24 85.255.112.84
O23 - Service: „Usługa stanu ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programki\Różne\Do telefonow\BTNtService.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~2\Ochrona\eScan\TRAYSSER.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Programki\Ghost\GhostStartService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~2\Ochrona\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programki\Różne\Alcohol\Alcohol 52\StarWind\StarWindService.exe