
hijackthis
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 15:18:23, on 2007-05-03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rules\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CBB71BB-C20F-4BA8-AB5A-A3E72BDDCF35}: NameServer = 192.168.1.1,194.204.159.1
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
ComboFix
- Kod: Zaznacz wszystko
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Rules\Pulpit\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 ))))))))))))))))))))))))))))))))))
2007-05-03 14:08 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-03 01:45 <DIR> d-------- C:\WINDOWS\LogFiles
2007-05-03 01:34 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-05-03 01:34 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-05-03 01:34 98,304 --a------ C:\WINDOWS\system32\wmpshell.dll
2007-05-03 01:34 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-05-03 01:34 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2007-05-03 01:34 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-05-03 01:34 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2007-05-03 01:34 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-05-03 01:34 7,680 --a------ C:\WINDOWS\system32\asferror.dll
2007-05-03 01:34 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-05-03 01:34 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-05-03 01:34 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-05-03 01:34 52,224 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2007-05-03 01:34 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-05-03 01:34 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-05-03 01:34 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-05-03 01:34 358,912 --a------ C:\WINDOWS\system32\msscp.dll
2007-05-03 01:34 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-05-03 01:34 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2007-05-03 01:34 27,136 --a------ C:\WINDOWS\system32\wmdmlog.dll
2007-05-03 01:34 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-05-03 01:34 245,760 --a------ C:\WINDOWS\system32\mswmdm.dll
2007-05-03 01:34 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2007-05-03 01:34 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-05-03 01:34 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2007-05-03 01:34 23,552 --a------ C:\WINDOWS\system32\wmdmps.dll
2007-05-03 01:34 225,280 --a------ C:\WINDOWS\system32\wmpdxm.dll
2007-05-03 01:34 218,112 --a------ C:\WINDOWS\system32\wmasf.dll
2007-05-03 01:34 201,728 --a------ C:\WINDOWS\system32\mspmsp.dll
2007-05-03 01:34 20,480 --a------ C:\WINDOWS\system32\wmpui.dll
2007-05-03 01:34 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll
2007-05-03 01:34 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll
2007-05-03 01:34 2,940,928 --a------ C:\WINDOWS\system32\wmploc.dll
2007-05-03 01:34 167,936 --a------ C:\WINDOWS\system32\wmerror.dll
2007-05-03 01:34 159,232 --a------ C:\WINDOWS\system32\CEWMDM.dll
2007-05-03 01:34 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2007-05-03 01:34 106,496 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-05-03 01:34 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-05-03 01:34 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-05-03 01:33 1,026 --a------ C:\WINDOWS\unins000.dat
2007-05-03 01:33 <DIR> d-------- C:\Program Files\kswiat
2007-05-03 01:31 1,156 --a------ C:\WINDOWS\mozver.dat
2007-05-03 00:11 <DIR> d-------- C:\DOCUME~1\Rules\DANEAP~1\Gadu-Gadu
2007-05-03 00:10 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-05-03 00:10 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-05-03 00:10 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-03 01:33 73393 --a------ C:\WINDOWS\unins000.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-03 15:23:39
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-03 15:23:40
C:\ComboFix-quarantined-files.txt ... 07-05-03 15:23