Gość: carolina
IP: *.neoplus.adsl.tpnet.pl
24.01.07, 13:20
Logfile of HijackThis v1.99.1
Scan saved at 13:24:13, on 2007-01-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection
Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\sim9sync.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Siemens\S7ubtoox\S7ubtoox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ddintra\USTAWI~1\Temp\Katalog tymczasowy 1 dla
hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
msdn.microsoft.com/vstudio/security/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common
Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software
Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = szczecin.local
O17 - HKLM\Software\..\Telephony: DomainName = szczecin.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = szczecin.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = szczecin.local
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program
Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common
Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG -
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32
\drivers\CDAC11BA.EXE
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32
\svchosts.exe" -e te-110-12-0000245 (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program
Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32
\IDriverT.exe
O23 - Service: Matrikon OPC Server for Simulation and Testing - Matrikon Inc -
C:\PROGRA~1\Matrikon\OPC\SIMULA~1\OPCSim.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner -
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -
sSQLEXPRESS (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec
Corporation - C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe
O23 - Service: Ntfapsr_-uat - Symantec Corporation - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7
\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program
Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) -
SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel
Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SIMATIC NET Synchronization Service (Sim9Sync) - Siemens AG -
C:\WINDOWS\system32\sim9sync.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program
Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. -
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. -
C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32
\vmnat.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program
Files\UltraVNC\WinVNC.exe" -service (file missing)