Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:58, on 2008-08-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chello.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6712 bytes
ComboFix 08-07-31.01 - Administrator 2008-08-23 14:01:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.897 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.
2008-08-23 13:44 . 2008-08-23 13:55 452 --a------ C:\WINDOWS\gmer.ini
2008-07-31 20:01 . 2008-07-31 20:01 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Creative
2008-07-31 19:43 . 2008-07-31 19:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Talkback
2008-07-31 19:39 . 2008-07-31 19:39 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite
2008-07-31 19:28 . 2008-08-23 14:01 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-07-31 19:28 . 2008-07-31 19:28 <DIR> dr------- C:\Documents and Settings\Administrator\Ulubione
2008-07-31 19:28 . 2006-10-04 20:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-07-31 19:28 . 2008-08-23 13:55 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-07-31 19:28 . 2008-07-31 19:28 <DIR> dr------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-07-31 19:28 . 2006-10-04 20:58 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-07-31 19:28 . 2008-07-31 20:01 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-07-31 19:28 . 2008-07-31 19:33 <DIR> d-------- C:\Documents and Settings\Administrator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 14:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
2008-04-21 19:20 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-07-31_19.55.39.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-23 11:44:28 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
- 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AVASTSS.scr
- 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 17:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 17:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 17:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 17:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-08-23 11:44:28 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2008-08-23 10:56:29 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00 45056]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-07-16 17:42 290816]
"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2004-04-09 17:18 87040]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"CTHelper"="CTHELPER.EXE" [2004-03-19 10:33 24576 C:\WINDOWS\system32\CTHELPER.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
gwum.lnk - C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe [2006-10-04 21:16:16 475136]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\2000\FILTNT.SYS [2004-04-09 17:16]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\ADBLOCK.DLL [2004-04-09 17:16]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\CONTENT.DLL [2004-04-09 17:16]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\DNSCACHE.DLL [2004-04-09 17:16]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\FTPFILT.DLL [2004-04-09 17:17]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\HTMLFILT.DLL [2004-04-09 17:16]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\HTTPFILT.DLL [2004-04-09 17:16]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\IMAPFILT.DLL [2004-04-09 17:17]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\MAILFILT.DLL [2004-04-09 17:16]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\NNTPFILT.DLL [2004-04-09 17:17]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\POP3FILT.DLL [2004-04-09 17:16]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1\kernel\PROTECT.DLL [2004-04-09 17:17]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
R3 WMIBIOS;%WMIBIOS.ServiceName%;C:\WINDOWS\system32\Drivers\wmibios.sys [2002-10-15 21:33]
R3 WMIINFO;WMIINFO Driver;C:\WINDOWS\system32\Drivers\wmiinfo.sys [2002-05-13 20:16]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
*Newly Created Service* - GMER
*Newly Created Service* - HUADIO1
*Newly Created Service* - RKREVEAL150
.
.
------- Supplementary Scan -------
.
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 14:02:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-23 14:03:28
ComboFix-quarantined-files.txt 2008-08-23 12:03:16
ComboFix2.txt 2008-08-13 14:05:59
ComboFix3.txt 2008-07-31 18:25:52
ComboFix4.txt 2008-07-31 17:55:59
Pre-Run: 71,528,769,024 bajtów wolnych
Post-Run: 71,515,009,536 bajtów wolnych
130 --- E O F --- 2008-04-22 15:40:21
