oto log
Deckard’s System Scanner v20071014.68
Run by xxx on 2008-08-04 16:21:09
Computer is in Normal Mode.
– System Restore --------------------------------------------------------------
Successfully created a Deckard’s System Scanner Restore Point.
– Last 5 Restore Point(s) –
35: 2008-08-04 14:21:18 UTC - RP120 - Deckard’s System Scanner Restore Point
34: 2008-08-04 13:56:43 UTC - RP119 - ComboFix created restore point
33: 2008-08-04 13:30:56 UTC - RP118 - ComboFix created restore point
32: 2008-08-04 13:12:24 UTC - RP117 - Installed Debugging Tools for Windows (x86)
31: 2008-08-03 19:46:42 UTC - RP116 - Usunięty Kaspersky Anti-Virus 2009.
– First Restore Point –
1: 2008-06-24 15:14:03 UTC - RP86 - Removed 2moons
Backed up registry hives.
Performed disk cleanup.
– HijackThis (run as xxx.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24, on 2008-08-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\xxx\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\xxx.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/cccwelcome/drivers.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [bigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM…\Run: [bigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM…\Run: [PCTAVApp] “C:\Program Files\PC Tools AntiVirus\PCTAV.exe” /MONITORSCAN
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [steam] “c:\program files\steam\steam.exe” -silent
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E39FEDC3-8B80-428F-A2DE-6A09D67704EF} - http://www.clixies.com/plugin/Clixies.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 6488 bytes
– File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*
– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys
R3 ddsxeiservice (ddsxeiservice2) - c:\program files\sxe injected\ddsxei.sys
R3 RadProbe (Radeon Probe Driver) - c:\windows\system32\drivers\radprobe.sys
R3 vmfilter323 (323 filter service, Normal) - c:\windows\system32\drivers\vmfilter323.sys
R3 ZSMC326 (Vimicro USB2.0 PC Camera(VC0323)) - c:\windows\system32\drivers\usbvm323.sys
S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys
S3 XDva032 - c:\windows\system32\xdva032.sys (file missing)
– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe
S2 AutoExNT - c:\windows\system32\autoexnt.exe
S2 RadClock - c:\windows\system32\radclock.exe
– Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
– Files created between 2008-07-04 and 2008-08-04 -----------------------------
2008-08-04 16:24:02 0 d-------- C:\Program Files\Trend Micro
2008-08-04 15:30:16 68096 --a------ C:\WINDOWS\zip.exe
2008-08-04 15:30:16 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-04 15:30:16 212480 --a------ C:\WINDOWS\swxcacls.exe
2008-08-04 15:30:16 136704 --a------ C:\WINDOWS\swsc.exe
2008-08-04 15:30:16 161792 --a------ C:\WINDOWS\swreg.exe
2008-08-04 15:30:16 98816 --a------ C:\WINDOWS\sed.exe
2008-08-04 15:30:16 80412 --a------ C:\WINDOWS\grep.exe
2008-08-04 15:30:16 89504 --a------ C:\WINDOWS\fdsv.exe
2008-08-04 15:12:33 0 d-------- C:\Program Files\Debugging Tools for Windows (x86)
2008-08-03 22:05:02 0 d-------- C:\Program Files\Common Files\PC Tools
2008-08-03 22:04:43 0 d-------- C:\Program Files\PC Tools AntiVirus
2008-08-03 19:36:54 0 d-------- C:\Program Files\Panda Security
2008-08-03 18:59:01 0 d-------- C:\WINDOWS\Downloaded Installations
2008-08-03 18:39:15 0 d-------- C:\Program Files\Tibia
2008-08-02 14:44:43 0 d-------- C:\Program Files\Games-Masters.com
2008-07-31 20:19:57 0 d-------- C:\Program Files\Lavasoft
2008-07-29 20:23:10 0 d-------- C:\Program Files\EuroKiddies
2008-07-29 18:39:25 0 d-------- C:\Program Files\MoneyCashBAR
2008-07-29 15:42:01 15872 -----n— C:\WINDOWS\system32\winskfr.dll
2008-07-29 15:42:01 0 d-------- C:\Program Files\Eurobarre
2008-07-29 15:42:00 119568 -----n— C:\WINDOWS\system32\vb6fr.dll
2008-07-27 12:23:32 516096 -----n— C:\WINDOWS\system32\ati2sgag.exe
2008-07-26 15:02:36 0 d-------- C:\Program Files\Lavalys
2008-07-24 21:17:02 0 d-------- C:\omegaa
2008-07-23 10:21:33 0 d-------- C:\Program Files\Silkroad
2008-07-19 16:13:59 0 d–h----- C:\WINDOWS\msdownld.tmp
2008-07-19 16:13:51 0 d-------- C:\WINDOWS\Logs
2008-07-19 12:28:25 0 d-------- C:\Program Files\directx
2008-07-12 13:17:18 0 d-------- C:\Program Files\HLTooLz
2008-07-12 13:17:09 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-12 12:58:02 0 d-------- C:\Program Files\Nowe Gadu-Gadu
2008-07-10 16:50:17 0 d-------- C:\Program Files\Steam
2008-07-04 20:08:34 0 d-------- C:\Fraps
2008-07-04 19:19:21 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-04 19:18:13 0 d-------- C:\Program Files\Game Cam
– Find3M Report ---------------------------------------------------------------
2008-08-04 16:15:45 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Hamachi
2008-08-04 15:59:42 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Skype
2008-08-04 12:14:43 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\skypePM
2008-08-04 12:13:32 0 d-------- C:\Program Files\sXe Injected
2008-08-03 22:06:18 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\PC Tools
2008-08-03 22:05:02 0 d-------- C:\Program Files\Common Files
2008-08-03 18:40:17 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Tibia
2008-08-03 18:39:44 0 d-------- C:\Program Files\Asprate
2008-07-31 20:15:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 14:48:46 0 d-------- C:\Program Files\eMule
2008-07-27 12:21:41 0 d-------- C:\Program Files\MultiRes
2008-07-27 12:21:00 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-07-27 12:20:37 737280 --a------ C:\WINDOWS\iun6002.exe
2008-07-24 21:01:00 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\ATI
2008-07-21 14:52:40 0 d-------- C:\Program Files\Metin2_PL
2008-07-19 16:15:42 0 d-------- C:\Program Files\Valve
2008-07-19 12:25:26 448348 --a------ C:\WINDOWS\system32\perfh015.dat
2008-07-19 12:25:26 74450 --a------ C:\WINDOWS\system32\perfc015.dat
2008-07-19 12:12:50 0 d-------- C:\Program Files\Java
2008-07-12 12:59:43 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Nowe Gadu-Gadu
2008-07-05 21:42:00 0 d-------- C:\Program Files\SwiftKit
2008-07-04 21:01:36 0 d–h----- C:\Program Files\InstallShield Installation Information
2008-07-03 16:39:27 0 d-------- C:\Program Files\Game Cam V2
2008-07-01 18:51:03 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-01 12:36:44 0 d-------- C:\Program Files\cs cz
2008-06-29 16:51:13 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\WoDBO
2008-06-28 20:31:46 0 d-------- C:\Program Files\TC PowerPack
2008-06-28 15:38:28 0 d-------- C:\Program Files\No-IP
2008-06-25 12:17:06 0 d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-06-24 17:15:02 0 d-------- C:\Program Files\ivo
2008-06-24 14:35:04 0 d-------- C:\Program Files\MAIET
2008-06-18 21:56:31 0 d-------- C:\Program Files\Sun
2008-06-18 21:53:50 0 d-------- C:\Program Files\Common Files\Java
2008-06-18 21:11:55 0 d-------- C:\Documents and Settings\xxx\Dane aplikacji\Mozilla
2008-06-14 18:01:22 0 d-------- C:\Program Files\Robster Productions
2008-05-28 20:35:00 4096 --a------ C:\WINDOWS\system32\crash
– Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2002-09-27 08:44 C:\WINDOWS\SOUNDMAN.EXE]
“NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50]
“BigDogPath323VMSnap”=“C:\WINDOWS\VMSnap23.exe” [2007-01-09 13:57]
“BigDogPath323Domino”=“C:\WINDOWS\Domino.exe” [2007-01-09 13:56]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27]
“sXe Injected”=“C:\Program Files\sXe Injected\sXe Injected.exe” [2008-08-04 08:12]
“AtiPTA”=“atiptaxx.exe” [2004-12-01 02:10 C:\WINDOWS\system32\atiptaxx.exe]
“@”="" []
“PCTAVApp”=“C:\Program Files\PC Tools AntiVirus\PCTAV.exe” [2008-07-23 14:37]
“KernelFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -k” []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24]
“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” [2008-02-01 13:30]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 18:22]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44]
“Steam”=“c:\program files\steam\steam.exe” [2008-07-10 16:50]
C:\Documents and Settings\xxx\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-02-06 17:13:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoLowDiskSpaceChecks”=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{35B2861B-2B26-4691-9FF0-09083722C736}”= C:\WINDOWS\system32\RadExe.dll [2005-02-02 04:58 212992]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=“Service”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=“Volume shadow copy”
*Newly Created Service* - DDSXEISERVICE
– Hosts -----------------------------------------------------------------------
222.111.150.111 gwgt1.joymax.com
– End of Deckard’s System Scanner: finished at 2008-08-04 16:25:41 ------------
a jeszcze jest jakis extra.txt to tez dac?
Niewiem czy źle zorbiłem ten log teraz wszedłem w hijacka i zrobiłem loga
http://wklejto.pl/7283