oto moj log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:50, on 2009-02-05
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe
C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe
C:\PROGRA~1\ArcaBit\Common\ArcaTasksService.exe
C:\PROGRA~1\ArcaBit\ArcaUpdate\update.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ArcaBit\ArcaVir\FileMonSV.exe
C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Drive Space Indicator\DrvSpace.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\mac25.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ArcaBit\Common\ArcaBit.Core.LoggingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://update.microsoft.com/microsoftupdateR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DriveSpace] C:\Program Files\Drive Space Indicator\DrvSpace.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
O4 - HKLM\..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe
O4 - HKLM\..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S418.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [sysguard] C:\WINDOWS\sysguard.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\.DEFAULT\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [fpoewgxq.exe] C:\WINDOWS\fpoewgxq.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [xlmjebvj.exe] C:\WINDOWS\xlmjebvj.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [tjypolrc.exe] C:\WINDOWS\tjypolrc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [dbxctebp.exe] C:\WINDOWS\dbxctebp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [lfzbuuyd.exe] C:\WINDOWS\lfzbuuyd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -
http://www.mks.com.pl/skaner/SkanerOnline.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: bqutouo - C:\WINDOWS\SYSTEM32\bqutouo32.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\PROGRA~1\ArcaBit\ArcaVir\FileMonSV.exe
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
O23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\PROGRA~1\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\PROGRA~1\ArcaBit\Common\ArcaBit.Core.LoggingService.exe
O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ArcaBit Backup Service (AVBackup) - ArcaBit - C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe
O23 - Service: ArcaBit Tasks Service (AVTasks2) - ArcaBit - C:\PROGRA~1\ArcaBit\Common\ArcaTasksService.exe
O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\PROGRA~1\ArcaBit\ArcaUpdate\update.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
--
End of file - 9029 bytes