Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:43, on 2007-11-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Daniel\Install\HiJack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192718990187
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
--
End of file - 5370 bytes
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
ComboFix 07-10-29.1 - Waski 2007-11-01 21:20:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.912 [GMT 1:00]
Running from: D:\Daniel\Install\HiJack\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))
.
2007-11-01 21:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-29 20:46 <DIR> d-------- C:\Documents and Settings\Waski\Dane aplikacji\Grisoft
2007-10-29 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-10-29 20:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-29 20:43 <DIR> d-------- C:\VundoFix Backups
2007-10-27 12:22 16,752 --a------ C:\Documents and Settings\Waski\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-10-19 15:31 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-18 19:56 <DIR> d-------- C:\WINDOWS\pss
2007-10-18 19:49 <DIR> d-------- C:\Documents and Settings\Waski\Dane aplikacji\Symantec
2007-10-18 19:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-18 19:08 131,944 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
2007-10-18 19:08 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2007-10-18 19:08 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
2007-10-18 19:08 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2007-10-18 19:07 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-18 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2007-10-18 19:07 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2007-10-18 18:56 68,752 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-10-18 18:56 26,928 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-10-18 18:55 118,784 -r------- C:\WINDOWS\bwUnin-6.3.2.62-7681197L.exe
2007-10-18 18:53 <DIR> d-------- C:\Program Files\F-Secure
2007-10-18 18:49 <DIR> d-------- C:\Documents and Settings\Waski\Dane aplikacji\Ahead
2007-10-18 18:48 <DIR> d-------- C:\Program Files\Nero
2007-10-18 18:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-18 18:17 <DIR> d-------- C:\Program Files\SkanerOnline
2007-10-18 18:12 <DIR> d-------- C:\Documents and Settings\Waski\Dane aplikacji\DivX
2007-10-18 18:08 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-10-18 18:08 <DIR> d-------- C:\Documents and Settings\Waski\Gadu-Gadu
2007-10-18 18:07 <DIR> d-------- C:\Program Files\Ares
2007-10-18 18:05 <DIR> d-------- C:\Program Files\eMule
2007-10-18 18:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-18 18:02 <DIR> d-------- C:\WINDOWS\Cache
2007-10-18 18:00 <DIR> d-------- C:\Program Files\PowerQuest
2007-10-18 18:00 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2007-10-18 18:00 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-18 16:56 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-18 16:56 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-18 16:56 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-18 16:56 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-18 16:56 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-18 16:56 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-18 16:56 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-18 16:56 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-18 16:45 <DIR> d-------- C:\WINDOWS\ShellNew
2007-10-18 16:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-10-18 16:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-18 16:22 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 16:58 --------- d-----w C:\Program Files\totalcmd
2007-10-18 16:57 --------- d-----w C:\Program Files\Real Alternative
2007-10-18 16:57 --------- d-----w C:\Program Files\Media Player Classic
2007-10-18 16:55 --------- d-----w C:\Program Files\Xvid
2007-10-18 16:55 --------- d-----w C:\Program Files\AC3Filter
2007-10-18 16:53 --------- d-----w C:\Program Files\ffdshow
2007-10-18 16:52 --------- d-----w C:\Program Files\DivX
2007-10-18 16:22 --------- d-----w C:\Program Files\Winamp Toolbar
2007-10-18 16:22 --------- d-----w C:\Program Files\Winamp Remote
2007-10-18 16:22 --------- d-----w C:\Program Files\Winamp
2007-10-18 16:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-10-18 16:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2007-10-18 14:36 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-18 14:34 --------- d-----w C:\Program Files\Usługi online
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
"C:\Program Files\Norton Ghost\Agent\VProTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 21:23:30
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-01 21:24:59
.
--- E O F ---
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 14 gości