Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12, on 2007-12-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\Explorer.EXE
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O21 - SSODL: bvtqfvx - {E94F49D0-8EDF-4CBB-9F69-7ADD2769AE2E} - C:\windows\bvtqfvx.dll
O21 - SSODL: alxvdvm - {84547CC0-8964-4462-9A91-4FDD366F97E0} - C:\windows\alxvdvm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\windows\system32\pr2ah4nc.exe
--
End of file - 1477 bytes
ComboFix 07-12-21.4 - sxe 2007-12-26 0:18:28.5 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.717 [GMT 1:00]
Running from: C:\Documents and Settings\sxe\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.
2007-12-25 19:34 . 2007-12-25 19:34 <DIR> d-------- C:\Documents and Settings\sxe\Dane aplikacji\ZoomBrowser EX
2007-12-25 19:28 . 2007-12-25 19:28 <DIR> d-------- C:\Documents and Settings\sxe\Dane aplikacji\CANON INC
2007-12-25 19:28 . 2007-12-25 19:28 <DIR> d-------- C:\Documents and Settings\sxe\Dane aplikacji\CameraWindowDC
2007-12-25 19:28 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-25 19:28 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-25 19:28 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-25 19:17 . 2007-12-25 19:17 <DIR> d-------- C:\Program Files\Canon
2007-12-25 19:17 . 2007-12-25 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
2007-12-25 19:15 . 2007-12-25 19:15 <DIR> d-------- C:\Program Files\Common Files\Canon
2007-12-25 10:19 . 2004-08-04 00:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-25 10:19 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-25 10:19 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-25 10:19 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-25 10:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-23 15:44 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-23 15:44 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-23 15:44 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-23 15:44 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-23 15:44 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-23 15:44 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-23 15:44 . 2007-12-23 15:45 1,092 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-23 15:31 . 2007-12-23 15:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 09:46 . 2007-12-23 09:46 1 --a------ C:\WINDOWS\system32\rc.dat
2007-12-23 09:46 . 2007-12-23 09:46 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-12-23 09:46 . 2007-12-23 09:46 1 --a------ C:\WINDOWS\system32\cs.dat
2007-12-23 09:44 . 2007-12-23 09:44 53,248 --a------ C:\WINDOWS\system32\tardm2.dll
2007-12-23 09:44 . 2007-12-23 09:44 53,248 --a------ C:\WINDOWS\system32\tardeme2.dll
2007-12-23 00:37 . 2007-12-22 18:56 217,088 --a------ C:\WINDOWS\alxvdvm.dll
2007-12-23 00:37 . 2007-12-22 18:56 208,896 --a------ C:\WINDOWS\bvtqfvx.dll
2007-12-23 00:37 . 2007-12-22 18:57 167,936 --a------ C:\WINDOWS\emlkdvo.dll
2007-12-23 00:37 . 2007-12-22 18:57 77,824 --a------ C:\WINDOWS\fvkwdrt.exe
2007-12-23 00:24 . 2007-12-23 00:24 24,576 --a------ C:\WINDOWS\WindowsUpdates.exe
2007-12-11 21:45 . 2007-12-25 15:38 128 --a------ C:\WINDOWS\ChssBase.ini
2007-12-11 21:44 . 2007-12-11 21:44 <DIR> d-------- C:\Documents and Settings\sxe\Dane aplikacji\ChessBase
2007-12-11 21:43 . 2007-12-11 21:44 <DIR> d-------- C:\Program Files\Common Files\ChessBase
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-18 20:20 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys
2007-11-18 20:20 103,736 ----a-w C:\windows\system32\PnkBstrB.exe
2007-11-18 13:38 66,872 ----a-w C:\windows\system32\PnkBstrA.exe
2007-11-18 07:42 22,328 ----a-w C:\Documents and Settings\sxe\Dane aplikacji\PnkBstrK.sys
2007-11-04 19:26 21 ---ha-w C:\qpmd8378.bin
2007-11-04 19:25 49,152 ----a-w C:\windows\system32\cfperfmon_mx.dll
2007-11-04 19:12 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-10-28 14:46 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-10-27 21:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-10-14 20:06 77,824 ----a-w C:\windows\system32\qttask.exe
.
((((((((((((((((((((((((((((( snapshot_2007-12-25_19.24.22,53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-25 18:47:48 26,624 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\3bc21a2cc9b6434c9f6604935ffce671\Accessibility.ni.dll
+ 2007-12-25 18:47:50 860,160 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\7acd21e77b731241bde5331bdfc6968f\AspNetMMCExt.ni.dll
+ 2007-12-25 18:47:50 237,568 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3dc68b316761a6468190dec469f55a63\CustomMarshalers.ni.dll
+ 2007-12-25 18:47:50 15,360 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a41816809705fd4e98572a7dba729aee\dfsvc.ni.exe
+ 2007-12-25 18:47:52 880,640 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\fb7dbb3c981b774284e25e874f411a3b\Microsoft.Build.Engine.ni.dll
+ 2007-12-25 18:47:54 81,920 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\eb6d9fc274cb5f48aceef575122d52ae\Microsoft.Build.Framework.ni.dll
+ 2007-12-25 18:47:58 1,691,648 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1ef6570c40b915478a77b38c77b410c2\Microsoft.Build.Tasks.ni.dll
+ 2007-12-25 18:47:58 163,840 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\92c181c69ec6ff48b71080755f33a38a\Microsoft.Build.Utilities.ni.dll
+ 2007-12-25 18:48:02 1,724,416 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c4973d72fd3177479a0122606100bc78\Microsoft.VisualBasic.ni.dll
+ 2007-12-25 18:48:04 962,560 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a32a33ff69e1464dac36abee0f6fc4ab\System.Configuration.ni.dll
+ 2007-12-25 18:48:06 1,712,128 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b8afe993db34ec42a20bcf80fd0a7d6c\System.Deployment.ni.dll
+ 2007-12-25 18:24:30 10,723,328 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5d0d4bececd6054988886e5067ee0f2b\System.Design.ni.dll
+ 2007-12-25 18:48:10 512,000 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bf3f8431650fd14ca6f4c71c0d8d6326\System.DirectoryServices.Protocols.ni.dll
+ 2007-12-25 18:48:08 1,220,608 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c9e8f22e4feabf43bd50710e2d275377\System.DirectoryServices.ni.dll
+ 2007-12-25 18:48:12 659,456 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4ebd88af96f5d646b3ba125e43f51e3b\System.EnterpriseServices.ni.dll
+ 2007-12-25 18:48:12 294,912 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4ebd88af96f5d646b3ba125e43f51e3b\System.EnterpriseServices.Wrapper.dll
+ 2007-12-25 18:48:14 729,088 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\68190ac5cb017b47a749b536890254c4\System.Security.ni.dll
+ 2007-12-25 18:48:14 684,032 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\10554ebafc3fbc4db7735d645cdce1c4\System.Transactions.ni.dll
+ 2007-12-25 18:48:54 2,310,144 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\06c159b5a96bf74b990568ad1f8feffc\System.Web.Mobile.ni.dll
+ 2007-12-25 18:48:54 237,568 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\76c5dba77052744fb26177a5aa20911e\System.Web.RegularExpressions.ni.dll
+ 2007-12-25 18:48:58 1,945,600 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d308ad1993d45447829dcb70bd97c26c\System.Web.Services.ni.dll
+ 2007-12-25 18:48:46 11,808,768 ----a-w C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\cd144feba611914f93baf14b7d5e8022\System.Web.ni.dll
- 2007-12-25 18:20:22 52,608 ----a-w C:\windows\system32\perfc009.dat
+ 2007-12-25 18:24:44 59,100 ----a-w C:\windows\system32\perfc009.dat
- 2007-12-25 18:20:22 66,002 ----a-w C:\windows\system32\perfc015.dat
+ 2007-12-25 18:24:44 74,494 ----a-w C:\windows\system32\perfc015.dat
- 2007-12-25 18:20:22 341,896 ----a-w C:\windows\system32\perfh009.dat
+ 2007-12-25 18:24:44 394,900 ----a-w C:\windows\system32\perfh009.dat
- 2007-12-25 18:20:22 388,120 ----a-w C:\windows\system32\perfh015.dat
+ 2007-12-25 18:24:44 450,528 ----a-w C:\windows\system32\perfh015.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bvtqfvx"= {E94F49D0-8EDF-4CBB-9F69-7ADD2769AE2E} - C:\windows\bvtqfvx.dll [2007-12-22 18:56 208896]
"alxvdvm"= {84547CC0-8964-4462-9A91-4FDD366F97E0} - C:\windows\alxvdvm.dll [2007-12-22 18:56 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 00:44 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Delete less]
C:\DOCUME~1\sxe\DANEAP~1\USERLO~1\Soft Else Way.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dupe vga cdrom htm]
C:\Documents and Settings\All Users\Dane aplikacji\DUMB ARMY DUPE VGA\JugsOnline.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
C:\Program Files\Konnekt\konnekt.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\windows\system32\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure]
2007-12-23 00:24 24576 --a------ C:\windows\WindowsUpdates.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-18 11:42 32881 --a------ C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\windows\system32\pr2ah4nc.exe svc []
S4 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;"D:\instalki\macro\runtime\bin\jrunsvc.exe" [2005-01-24 18:59]
S4 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;"D:\instalki\macro\verity\k2\_nti40\bin\k2admin.exe" -cfg "D:\instalki\macro\verity\k2\common\verity.cfg" -ntstart 1 []
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 00:19:31
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASPI32]
"ImagePath"="hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,73,00,70,00,69,00,33,00,32,00,2e,00,73,00,79,00,73,00,00,00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\windows\explorer.exe [6.00.2900.2180]
-> C:\windows\bvtqfvx.dll
.
Completion time: 2007-12-26 0:19:56
C:\ComboFix2.txt ... 2007-12-25 19:24
C:\ComboFix3.txt ... 2007-12-25 14:35
