Logfile of HijackThis v1.99.1
Scan saved at 20:45:55, on 2007-06-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\1032\dll\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Piotr\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEE05DE2-F84D-437A-95D8-473480959D51}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Installator Windows (windowsinstaller) - Space Sciences Laboratory - C:\WINDOWS\system32\1032\dll\svchost.exe
[ Dodano: Dzisiaj o 21:36 ] "Piotr" - 2007-06-05 20:55:46 Dodatek Service Pack 2 NTFS
ComboFix 07-06-3 - Running from: "C:\Documents and Settings\Piotr\Pulpit\"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Piotr\Pulpit\internet.lnk
((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))
2007-06-05 20:31 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-05 20:31 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-05 20:31 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-05 20:31 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-05 20:31 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-05 20:31 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-05 20:31 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-05 20:31 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-05 20:20 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-06-05 20:20 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-06-05 20:20 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-05 12:35 243,164 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-06-04 23:53 <DIR> d-------- C:\DOCUME~1\Piotr\DANEAP~1\Google
2007-06-04 21:38 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-06-04 21:32 <DIR> d-------- C:\KAV
2007-06-04 21:11 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-04 21:11 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-04 21:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-04 21:11 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-04 21:11 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-06-04 21:11 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-04 21:11 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-06-04 21:11 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-06-04 21:11 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-04 21:11 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-04 21:11 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-04 21:11 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-04 21:11 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-04 21:11 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-04 20:55 <DIR> d-------- C:\WINDOWS\system32\pl-PL
2007-06-04 20:54 <DIR> d-------- C:\Program Files\MSBuild
2007-06-04 20:49 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-06-04 20:48 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-06-04 20:47 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-06-04 20:47 <DIR> d-------- C:\DOCUME~1\Piotr\DANEAP~1\FlashGet
2007-06-04 20:41 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-04 20:33 <DIR> d-------- C:\DOCUME~1\Piotr\DANEAP~1\Lavasoft
2007-06-04 20:32 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-06-03 22:28 <DIR> d-------- C:\Program Files\MyWebSearch
2007-06-03 21:17 297,472 --a------ C:\WINDOWS\uninst.exe
2007-06-03 21:17 <DIR> d-------- C:\DOCUME~1\Piotr\WINDOWS
2007-06-02 14:54 632 --a------ C:\WINDOWS\system32\win.cmd
2007-06-02 14:54 31,232 --a------ C:\WINDOWS\system32\scnt.exe
2007-06-02 14:54 <DIR> d-------- C:\WINDOWS\system32\1032
2007-06-02 12:53 <DIR> d---s---- C:\Program Files\Raxco
2007-06-02 12:53 <DIR> d-------- C:\Program Files\Common Files\Raxco
2007-06-02 12:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Raxco
2007-06-02 12:28 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-31 16:45 <DIR> d-------- C:\DOCUME~1\Piotr\.jpi_cache
2007-05-31 15:19 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-05-31 15:19 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-05-31 15:19 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-05-31 15:18 <DIR> d---s---- C:\Program Files\DivX
2007-05-31 15:02 <DIR> d---s---- C:\Program Files\SubEdit-Player
2007-05-31 14:42 <DIR> d---s---- C:\Program Files\CCleaner
2007-05-31 13:47 <DIR> d---s---- C:\Program Files\MarBit
2007-05-31 13:46 <DIR> d---s---- C:\Program Files\NAPI-PROJEKT
2007-05-31 13:44 <DIR> d-------- C:\DOCUME~1\Piotr\DANEAP~1\Real
2007-05-31 13:36 <DIR> d-------- C:\DOCUME~1\Piotr\DANEAP~1\Ahead
2007-05-31 13:34 <DIR> d---s---- C:\Program Files\Nero
2007-05-31 13:34 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-30 16:02 <DIR> d-------- C:\DOCUME~1\Piotr\DANEAP~1\Skype
2007-05-30 16:01 <DIR> d---s---- C:\Program Files\Skype
2007-05-30 16:01 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-30 16:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype
2007-05-30 15:06 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-05-30 15:04 64,419 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-05-30 15:02 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-30 15:02 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-30 15:02 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-30 15:02 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-30 15:02 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-05-30 15:02 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-30 15:02 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-30 15:02 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-30 15:02 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-30 15:02 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-30 15:02 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-30 15:02 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-30 15:02 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-30 15:02 <DIR> d-------- C:\WINDOWS\BricoPacks
2007-05-30 15:02 <DIR> d-------- C:\Program Files\Vista Inspirat 2
2007-05-30 15:01 9,759 --a------ C:\WINDOWS\system32\HSF_INST.dll
2007-05-30 15:01 73,279 --a------ C:\WINDOWS\system32\drivers\HSF_SPKP.sys
2007-05-30 15:01 67,167 --a------ C:\WINDOWS\system32\drivers\HSF_BSC2.sys
2007-05-30 15:01 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-30 15:01 57,471 --a------ C:\WINDOWS\system32\drivers\HSF_SAMP.sys
2007-05-30 15:01 542,879 --a------ C:\WINDOWS\system32\drivers\HSF_MSFT.sys
2007-05-30 15:01 50,751 --a------ C:\WINDOWS\system32\drivers\HSF_TONE.sys
2007-05-30 15:01 488,383 --a------ C:\WINDOWS\system32\drivers\HSF_V124.sys
2007-05-30 15:01 44,863 --a------ C:\WINDOWS\system32\drivers\HSF_SOAR.sys
2007-05-30 15:01 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-05-30 15:01 391,199 --a------ C:\WINDOWS\system32\drivers\HSF_K56K.sys
2007-05-30 15:01 289,887 --a------ C:\WINDOWS\system32\drivers\HSF_FALL.sys
2007-05-30 15:01 199,711 --a------ C:\WINDOWS\system32\drivers\HSF_FAXX.sys
2007-05-30 15:01 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-05-30 15:01 150,239 --a------ C:\WINDOWS\system32\drivers\HSF_AMOS.sys
2007-05-30 15:01 115,807 --a------ C:\WINDOWS\system32\drivers\HSF_FSKS.sys
2007-05-30 15:01 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-05-30 15:00 77,312 --a------ C:\WINDOWS\system32\usbui.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-05 18:37:00 82,230 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-05 18:37:00 484,978 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-05-30 13:15:18 -------- d-----w C:\Program Files\Usługi online
2007-05-30 13:04:33 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeAlarm]
C:\Program Files\Chameleon Clock\ChamClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\NEOSTR~1\Watch.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-05 20:56:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-05 20:57:23
C:\ComboFix-quarantined-files.txt ... 2007-06-05 20:57
--- E O F ---
mam jeszcze z combofix.
