Logfile of HijackThis v1.99.1
Scan saved at 14:11, on 2007-09-02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Screamer Radio\screamer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Programy instalacyjne\Programy antywirusowe\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - Startup: uni_spiker-2.6.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
ComboFix 07-06-13.3 - C:\Documents and Settings\Staszek\Pulpit\Programy Antywirusowe\ComboFix.exe
“Staszek” - 2007-09-02 14:19:04 NTFS
((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))
2007-08-31 16:39
2007-08-27 10:54 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-08-27 10:54 361,472 --a------ C:\WINDOWS\system32\drivers\Netfwdsl.sys
2007-08-27 10:54 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-08-27 10:54 31,232 --a------ C:\WINDOWS\system32\i2errDeu.dll
2007-08-27 10:54 28,160 --a------ C:\WINDOWS\system32\drivers\Aadev.sys
2007-08-27 10:54 11,264 --a------ C:\WINDOWS\system32\drivers\NETDSL.SYS
2007-08-27 10:54
2007-08-27 10:54
2007-08-27 10:48 53,760 -ra------ C:\WINDOWS\system32\avmadd32.dll
2007-08-26 18:48
2007-08-26 18:48
2007-08-23 16:06
2007-08-23 16:06
2007-08-17 10:35
2007-08-17 10:34 15,104 --a------ C:\WINDOWS\system32\drivers\avmunet.sys
2007-08-17 10:34
2007-08-17 10:34
2007-08-14 12:24
2007-08-14 12:23 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2007-08-12 14:34
2007-08-03 23:37
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-02 12:18:57 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\Skype
2007-09-02 09:52:26 -------- d-----w C:\Program Files\eMule
2007-09-01 20:56:37 -------- d-----w C:\Program Files\Odkurzacz
2007-09-01 20:43:19 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\BitTorrent
2007-09-01 20:31:28 -------- d-----w C:\Program Files\RegCleaner
2007-09-01 16:51:19 -------- d-----w C:\Program Files\ArcaMicroScan
2007-09-01 00:37:54 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\DeepBurner
2007-08-28 22:57:18 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\foobar2000
2007-08-23 10:09:42 -------- d-----w C:\Program Files\Picasa2
2007-08-17 09:40:28 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\JustVoip
2007-08-15 12:38:18 -------- d-----w C:\Program Files\SkanerOnline
2007-07-30 21:03:41 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\vlc
2007-07-29 17:10:13 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\Ahead
2007-07-29 15:10:48 -------- d-----w C:\Program Files\Trend Micro
2007-07-27 22:07:21 783,224 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-07-27 22:02:49 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 22:02:34 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 22:00:39 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 21:59:57 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 21:58:36 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 21:57:49 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-07-23 22:24:55 -------- d-----w C:\Program Files\Screamer Radio
2007-07-22 18:31:37 4 ----a-w C:\WINDOWS\system32\proc233803746.bin
2007-07-22 18:31:37 1,704 ----a-w C:\WINDOWS\mozver.dat
2007-07-22 18:31:37 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\GanymedeNet
2007-07-18 22:51:14 89,984 ----a-w C:\WINDOWS\system32\drivers\sptd6845.sys
2007-07-16 12:55:28 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 15:11:56 -------- d–h--w C:\Program Files\InstallShield Installation Information
2007-07-14 15:11:56 -------- d-----w C:\Program Files\Vimicro
2007-07-14 14:50:17 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\uTorrent
2007-07-14 14:50:17 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\EssentialPIM
2007-07-08 23:17:07 -------- d-----w C:\Program Files\MarBit
2007-07-08 22:31:47 -------- d-----w C:\Program Files\Secured_eMule
2007-07-08 11:58:02 -------- d-----w C:\Program Files\ShoppingReport
2007-07-08 11:58:01 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\ShoppingReport
2007-07-05 20:24:29 -------- d-----w C:\Program Files\Skype
2007-07-01 11:10:05 2 ----a-w C:\WINDOWS\system32\wcpicomsv.exe
2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-15 21:46:46 535,040 ----a-w C:\WINDOWS\flashax.exe
2007-06-15 21:46:46 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-06-15 15:11:44 50,352 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-15 15:11:44 358,108 ----a-w C:\WINDOWS\system32\perfh015.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 07:12]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{85F685C3-20D9-4943-95E4-EB4224056C3F}=C:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll [2007-01-26 14:35]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-03-19 03:07]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-08-15 23:07]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-12-10 16:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“Messenger”=2 (0x2)
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 14:19:48
Windows 5.1.2600 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-02 14:20:19
— E O F —