Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:06, on 2012-01-19
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programy\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/vlt/vlt_1326520735_849674
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/vlt/vlt_1326520735_849674
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/vlt/vlt_1326520735_849674
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/vlt/vlt_1326520735_849674
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://ie8.gazeta.pl/internet_explorer_8/0,0.html?ie=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Windows Internet Explorer dostarczony przez Gazeta.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [avast] “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “D:\Programy\AdbeRdr\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Creative Live! Cam Manager] “D:\Programy\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe”
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [FreeRAM XP] “C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe” -win
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip…{0C29BE56-82B0-4BAE-8FAB-25DD0E347FB5}: NameServer = 62.233.233.233 87.204.204.204
O17 - HKLM\System\CS1\Services\Tcpip…{0C29BE56-82B0-4BAE-8FAB-25DD0E347FB5}: NameServer = 62.233.233.233 87.204.204.204
O17 - HKLM\System\CS2\Services\Tcpip…{0C29BE56-82B0-4BAE-8FAB-25DD0E347FB5}: NameServer = 62.233.233.233 87.204.204.204
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
–
End of file - 6101 bytes