Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:48, on 9. 9. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
J:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
J:\Program Files\MATLAB704\webserver\bin\win32\matlabserver.exe
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
J:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\WINDOWS\system32\PnkBstrA.exe
J:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
J:\WINDOWS\system32\wscntfy.exe
J:\WINDOWS\system32\winsys2.exe
J:\Program Files\Analog Devices\Core\smax4pnp.exe
J:\Program Files\Analog Devices\SoundMAX\Smax4.exe
J:\Program Files\Multimedia Card Reader\shwicon2k.exe
J:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
J:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
J:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Winamp\winampa.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\Program Files\Logitech\iTouch\iTouch.exe
J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
J:\WINDOWS\system32\ctfmon.exe
J:\WINDOWS\system32\wuauclt.exe
J:\Program Files\Common Files\Teleca Shared\Generic.exe
J:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
J:\Program Files\ICQ6\ICQ.exe
J:\Program Files\Trend Micro\HijackThis\HijackThis.exe
J:\WINDOWS\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.daemon-search.com/startpage
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - J:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - J:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - J:\Program Files\PC Messenger\PCMessengerBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] J:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] J:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] J:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] J:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "J:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] J:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] J:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Sunkist2k] J:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] J:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [EM_EXEC] J:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] J:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "J:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] J:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [WinampAgent] "J:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "J:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] J:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "J:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "J:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "J:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "J:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [SkinClock] J:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "J:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] J:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kek] c:\WINDOWS\system32\kek.exe
O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kalendár.lnk = J:\WINDOWS\MENINY.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = J:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - J:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://J:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://J:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - J:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - J:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvoriť mobilnú obľúbenú položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - J:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - J:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - J:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - J:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - J:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - J:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - J:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - J:\Program Files\MATLAB704\webserver\bin\win32\matlabserver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - J:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - J:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - J:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - J:\Program Files\WinPcap\rpcapd.exe
--
End of file - 9462 bytes
