galvaniza
23.11.05, 14:18
Logfile of HijackThis v1.99.1
Scan saved at 14:11:16, on 2005-11-23
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\6.tmp
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ
Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ
Antivirus\VetMsg.exe
C:\WINDOWS\System32\kernels32.exe
C:\WINDOWS\System32\vxh8jkdq2.exe
C:\WINDOWS\System32\vxgame6.exe
c:\windows\winl.exe
C:\WINDOWS\System32\qvxgamet2.exe
C:\WINDOWS\System32\qvxgamet3.exe
C:\WINDOWS\System\svwhost.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\A.tmp
C:\WINDOWS\System32\hedgie.exe
C:\WINDOWS\System32\rundll32.exe
c:\windows\sstray.exe
C:\WINDOWS\System\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\TEMP\D.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\10.tmp
C:\WINDOWS\TEMP\13.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\16.tmp
C:\WINDOWS\TEMP\1A.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\1D.tmp
C:\WINDOWS\TEMP\20.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\23.tmp
C:\WINDOWS\TEMP\26.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\29.tmp
C:\WINDOWS\System32\hedgie.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ
Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ
Antivirus\CAVRID.exe
C:\WINDOWS\System32\priva.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\winstall.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\2C.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\2F.tmp
C:\WINDOWS\System32\hedgie.exe
C:\WINDOWS\TEMP\35.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\3A.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\4E.tmp
C:\WINDOWS\System32\hedgie.exe
C:\WINDOWS\TEMP\53.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\54.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\82.tmp
C:\WINDOWS\System32\hedgie.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\579.tmp
C:\WINDOWS\System32\hedgie.exe
C:\WINDOWS\TEMP\57C.tmp
C:\WINDOWS\System32\hedgie.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\agata\USTAWI~1\Temp\57F.tmp
C:\WINDOWS\System32\hedgie.exe
C:\WINDOWS\TEMP\582.tmp
C:\WINDOWS\System32\hedgie.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\TEMP\59D.tmp
C:\WINDOWS\System32\hedgie.exe
C:\WINDOWS\TEMP\5A0.tmp
C:\WINDOWS\System32\hedgie.exe
C:\WINDOWS\TEMP\5BB.tmp
C:\WINDOWS\System32\hedgie.exe
C:\WINDOWS\TEMP\5BF.tmp
C:\WINDOWS\System32\hedgie.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\agata\Pulpit\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} -
C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security
Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security
Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [hedgie] C:\WINDOWS\System32\hedgie.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\priva.exe
internat.dll,LoadMouseCarpetProfile
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\RunServices: [hedgie] C:\WINDOWS\System32\hedgie.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O4 - HKCU\..\Run: [hedgie] C:\WINDOWS\System32\hedgie.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6
\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1
\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: docent0 - C:\WINDOWS\SYSTEM32\docent0.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\q113192.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program
Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC
Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates
International, Inc. - C:\Program Files\CA\eTr