przez bacha88 28 Gru 2007, 22:08
przez wojtas 28 Gru 2007, 22:27
przez bacha88 28 Gru 2007, 22:55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:41, on 2007-12-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Gry\The Sims 2 Podróże\TSBin\Sims2EP6.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programy\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe
O4 - HKLM\..\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe
O4 - HKLM\..\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe
O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe
O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe
O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3939 bytes
przez wojtas 29 Gru 2007, 13:28
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
przez bacha88 29 Gru 2007, 17:17
ComboFix 07-12-21.4 - Kinga 2007-12-29 15:35:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.675 [GMT 1:00]
Running from: F:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.
2007-12-28 21:50 . 2007-12-28 21:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-10 10:02 . 2007-12-10 10:02 <DIR> d-------- C:\Program Files\Lavalys
2007-12-02 16:35 . 2007-12-02 16:36 <DIR> d-------- C:\piraci z karaibow 3 film
2007-12-01 15:01 . 2003-03-19 03:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2007-12-01 14:59 . 2005-11-19 14:26 <DIR> d-------- C:\WINDOWS\system32\msvcp71
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 14:01 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-26 13:30 --------- d-----w C:\Documents and Settings\Kinga\Dane aplikacji\Media Player Classic
2007-11-26 13:26 --------- d-----w C:\Program Files\HyperSnap 6
2007-11-26 13:18 --------- d-----w C:\Documents and Settings\Kinga\Dane aplikacji\InterVideo
2007-11-26 13:09 --------- d-----w C:\Documents and Settings\Kinga\Dane aplikacji\Ulead Systems
2007-11-26 13:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2007-11-05 21:35 --------- d-----w C:\Documents and Settings\Kinga\Dane aplikacji\ABBYY
2007-11-05 21:29 --------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2007-10-22 02:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-22 02:31 976,020 ------w C:\Program Files\BDAXP.cab
2007-10-22 02:31 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
2007-10-22 02:31 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab
2007-10-22 02:31 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
2007-10-22 02:31 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab
2007-10-22 02:31 86,802 ----a-w C:\Program Files\dxupdate.cab
2007-10-22 02:31 855,886 ------w C:\Program Files\AUG2007_d3dx10_35_x64.cab
2007-10-22 02:31 800,467 ------w C:\Program Files\AUG2007_d3dx10_35_x86.cab
2007-10-22 02:31 76,808 ----a-w C:\Program Files\DSETUP.dll
2007-10-22 02:31 702,644 ------w C:\Program Files\JUN2007_d3dx10_34_x64.cab
2007-10-22 02:31 702,212 ------w C:\Program Files\APR2007_d3dx10_33_x64.cab
2007-10-22 02:31 702,072 ------w C:\Program Files\JUN2007_d3dx10_34_x86.cab
2007-10-22 02:31 699,465 ------w C:\Program Files\APR2007_d3dx10_33_x86.cab
2007-10-22 02:31 56,902 ------w C:\Program Files\APR2007_xinput_x86.cab
2007-10-22 02:31 502,792 ----a-w C:\Program Files\DXSETUP.exe
2007-10-22 02:31 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab
2007-10-22 02:31 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
2007-10-22 02:31 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab
2007-10-22 02:31 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2007-10-22 02:31 213,767 ------w C:\Program Files\DEC2006_d3dx10_00_x64.cab
2007-10-22 02:31 201,696 ------w C:\Program Files\AUG2007_XACT_x64.cab
2007-10-22 02:31 200,722 ------w C:\Program Files\JUN2007_XACT_x64.cab
2007-10-22 02:31 199,366 ------w C:\Program Files\APR2007_XACT_x64.cab
2007-10-22 02:31 198,275 ------w C:\Program Files\FEB2007_XACT_x64.cab
2007-10-22 02:31 193,435 ------w C:\Program Files\DEC2006_XACT_x64.cab
2007-10-22 02:31 192,680 ------w C:\Program Files\DEC2006_d3dx10_00_x86.cab
2007-10-22 02:31 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab
2007-10-22 02:31 183,321 ------w C:\Program Files\OCT2006_XACT_x64.cab
2007-10-22 02:31 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab
2007-10-22 02:31 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
2007-10-22 02:31 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab
2007-10-22 02:31 156,612 ------w C:\Program Files\AUG2007_XACT_x86.cab
2007-10-22 02:31 156,509 ------w C:\Program Files\JUN2007_XACT_x86.cab
2007-10-22 02:31 154,825 ------w C:\Program Files\APR2007_XACT_x86.cab
2007-10-22 02:31 151,583 ------w C:\Program Files\FEB2007_XACT_x86.cab
2007-10-22 02:31 146,559 ------w C:\Program Files\DEC2006_XACT_x86.cab
2007-10-22 02:31 138,977 ------w C:\Program Files\OCT2006_XACT_x86.cab
2007-10-22 02:31 138,195 ------w C:\Program Files\AUG2006_XACT_x86.cab
2007-10-22 02:31 134,631 ------w C:\Program Files\JUN2006_XACT_x86.cab
2007-10-22 02:31 133,991 ------w C:\Program Files\Apr2006_XACT_x86.cab
2007-10-22 02:31 133,297 ------w C:\Program Files\Feb2006_XACT_x86.cab
2007-10-22 02:31 13,265,040 ------w C:\Program Files\dxnt.cab
2007-10-22 02:31 100,417 ------w C:\Program Files\APR2007_xinput_x64.cab
2007-10-22 02:31 1,803,760 ------w C:\Program Files\AUG2007_d3dx9_35_x64.cab
2007-10-22 02:31 1,711,752 ------w C:\Program Files\AUG2007_d3dx9_35_x86.cab
2007-10-22 02:31 1,673,224 ----a-w C:\Program Files\dsetup32.dll
2007-10-22 02:31 1,611,374 ------w C:\Program Files\JUN2007_d3dx9_34_x64.cab
2007-10-22 02:31 1,610,958 ------w C:\Program Files\APR2007_d3dx9_33_x64.cab
2007-10-22 02:31 1,610,886 ------w C:\Program Files\JUN2007_d3dx9_34_x86.cab
2007-10-22 02:31 1,609,639 ------w C:\Program Files\APR2007_d3dx9_33_x86.cab
2007-10-22 02:31 1,575,336 ------w C:\Program Files\DEC2006_d3dx9_32_x86.cab
2007-10-22 02:31 1,572,114 ------w C:\Program Files\DEC2006_d3dx9_32_x64.cab
2007-10-22 02:31 1,413,862 ------w C:\Program Files\OCT2006_d3dx9_31_x64.cab
2007-10-22 02:31 1,398,718 ------w C:\Program Files\Apr2006_d3dx9_30_x64.cab
2007-10-22 02:31 1,363,684 ------w C:\Program Files\Feb2006_d3dx9_29_x64.cab
2007-10-22 02:31 1,358,864 ------w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2007-10-22 02:31 1,351,430 ------w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2007-10-22 02:31 1,348,242 ------w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2007-10-22 02:31 1,336,890 ------w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2007-10-22 02:31 1,248,387 ------w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2007-10-22 02:31 1,156,363 ------w C:\Program Files\BDANT.cab
2007-10-22 02:31 1,128,177 ------w C:\Program Files\OCT2006_d3dx9_31_x86.cab
2007-10-22 02:31 1,116,109 ------w C:\Program Files\Apr2006_d3dx9_30_x86.cab
2007-10-22 02:31 1,085,608 ------w C:\Program Files\Feb2006_d3dx9_29_x86.cab
2007-10-22 02:31 1,080,344 ------w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2007-10-22 02:31 1,079,850 ------w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2007-10-22 02:31 1,078,532 ------w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2007-10-22 02:31 1,065,813 ------w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2007-10-22 02:31 1,014,113 ------w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"SetDefaultMIDI"="MIDIDef.exe" [2002-01-14 07:42 C:\WINDOWS\MIDIDEF.EXE]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:55]
"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2006-02-17 14:03]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00]
"DAEMON Tools-1033"="D:\Programy\D-Tools\daemon.exe" [2004-08-22 16:05]
"MKSRegmon"="C:\Program Files\mks_vir_2007\bin\mksregmon.exe" [2007-03-26 15:28]
"mks_mail"="C:\Program Files\mks_vir_2007\bin\mks_mail.exe" [2007-03-26 15:28]
"mkstray"="C:\Program Files\mks_vir_2007\bin\mkstray.exe" [2007-03-26 15:28]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]
@="service"
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 15:38:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-29 15:39:40
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 25 gości
