Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:21, on 2007-10-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C
rogram FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C
rogram FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C
rogram FilesWinampwinampa.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32temp1.exe
C:WINDOWSsystem32msiexec.exe
C
rogram FilesWinampwinamp.exe
C
rogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C
rogram FilesCommon FilesTeleca SharedCapabilityManager.exe
C
rogram FilesCommon FilesTeleca SharedGeneric.exe
C
rogram FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C
ocuments and SettingsAdministratorPulpithijackthis.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:WINDOWSsvchost.exe
O4 - HKLM..Run: [BroadcomWireless] C
rogram FilesBroadcomWirelessUtilityWlanUtil.exe
O4 - HKLM..Run: [WinampAgent] C
rogram FilesWinampwinampa.exe
O4 - HKLM..Run: [Sony Ericsson PC Suite] "C
rogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C
rogram FilesCommon FilesAheadLibNMBgMonitor.exe"
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C
ROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C
rogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C
rogram FilesMessengermsmsgs.exe
O23 - Service: IntelŽ Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C
rogram FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C
rogram FilesCommon FilesLightScribeLSSrvc.exe
--
End of file - 2862 bytes
ComboFix 07-10-20.6 - Administrator 2007-10-20 18:28:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1635 [GMT 2:00]
Running from: C
ocuments and SettingsAdministratorPulpitComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:Autorun.inf
C:autorun.inf
C:copy.exe
C:copy.exe
C:host.exe
C:WINDOWSautorun.inf
C:WINDOWSsvchost.exe
C:WINDOWSsystem32temp1.exe
C:WINDOWSsystem32temp2.exe
C:WINDOWSxcopy.exe
D:autorun.inf
D:Autorun.inf
D:copy.exe
D:copy.exe
D:host.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.
2007-10-20 18:27 51,200 --a------ C:WINDOWSNirCmd.exe
2007-10-20 18:21 <DIR> d-------- C
rogram FilesSony Ericsson
2007-10-20 18:21 <DIR> d-------- C
rogram FilesCommon FilesTeleca Shared
2007-10-20 18:21 <DIR> d-------- C
ocuments and SettingsAll UsersDocuments
2007-10-20 18:21 <DIR> d-------- C
ocuments and SettingsAll UsersDane aplikacjiTeleca
2007-10-20 18:21 <DIR> d-------- C
ocuments and SettingsAll UsersDane aplikacjiSony Ericsson
2007-10-20 18:21 <DIR> d-------- C
ocuments and SettingsAdministratorDane aplikacjiTeleca
2007-10-20 18:19 <DIR> d-------- C:WINDOWSDownloaded Installations
2007-10-20 18:19 85,408 --a------ C:WINDOWSsystem32driversw810mgmt.sys
2007-10-20 18:19 83,344 --a------ C:WINDOWSsystem32driversw810obex.sys
2007-10-20 18:18 94,064 --a------ C:WINDOWSsystem32driversw810mdm.sys
2007-10-20 18:18 8,336 --a------ C:WINDOWSsystem32driversw810mdfl.sys
2007-10-20 18:18 6,176 --a------ C:WINDOWSsystem32driversw810cmnt.sys
2007-10-20 18:18 6,176 --a------ C:WINDOWSsystem32driversw810cm.sys
2007-10-20 18:15 <DIR> d-------- C:WINDOWSLastGood
2007-10-20 18:15 58,288 -ra------ C:WINDOWSsystem32driversw810bus.sys
2007-10-20 18:15 5,808 -ra------ C:WINDOWSsystem32driversw810whnt.sys
2007-10-20 18:15 5,808 -ra------ C:WINDOWSsystem32driversw810wh.sys
2007-10-18 15:36 <DIR> d-------- C
rogram Filesffdshow
2007-10-18 15:19 <DIR> d-------- C
rogram FilesMarBit
2007-10-18 14:27 <DIR> d-------- C
rogram FilesCommon FilesLightScribe
2007-10-18 14:26 <DIR> d-------- C
ocuments and SettingsAdministratorDane aplikacjiAhead
2007-10-18 14:23 <DIR> d-------- C
rogram FilesNero
2007-10-18 14:23 <DIR> d-------- C
rogram FilesCommon FilesAhead
2007-10-18 12:57 <DIR> d-------- C:WINDOWSpss
2007-10-18 08:39 <DIR> d-------- C:WINDOWSShellNew
2007-10-17 21:10 247,256 --a------ C:WINDOWSAlcmtr.exe
2007-10-16 18:05 <DIR> d-------- C
ocuments and SettingsAdministratorDane aplikacjiMusicIP
2007-10-16 18:04 <DIR> d-------- C
rogram FilesWinamp
2007-10-16 16:27 <DIR> d-------- C
ocuments and SettingsAdministratorDane aplikacjiOpenOffice.ux.pl2
2007-10-16 08:31 <DIR> d-------- C
rogram FilesOpenOffice.ux.pl 2.2.0
2007-10-15 22:35 <DIR> d-------- C
rogram FilesCONEXANT
2007-10-15 22:31 60,288 --a------ C:WINDOWSsystem32driversdrmk.sys
2007-10-15 22:31 60,288 --a--c--- C:WINDOWSsystem32dllcachedrmk.sys
2007-10-15 22:31 4,096 --a------ C:WINDOWSsystem32ksuser.dll
2007-10-15 22:31 4,096 --a--c--- C:WINDOWSsystem32dllcacheksuser.dll
2007-10-15 22:28 <DIR> d-------- C
rogram FilesRealtek
2007-10-15 22:27 520,192 --a------ C:WINDOWSRtlExUpd.dll
2007-10-15 22:27 493,012 --a------ C:WINDOWSHideWin.exe
2007-10-15 22:20 160,256 -ra------ C:WINDOWSsystem32driversb57xp32.sys
2007-10-15 22:20 160,256 --a--c--- C:WINDOWSsystem32dllcacheb57xp32.sys
2007-10-15 22:18 <DIR> d-------- C
rogram FilesSynaptics
2007-10-15 22:18 191,936 --a------ C:WINDOWSsystem32driversSynTP.sys
2007-10-15 22:18 114,688 --a------ C:WINDOWSsystem32SynCtrl.dll
2007-10-15 22:18 94,297 --a------ C:WINDOWSsystem32SynTPAPI.dll
2007-10-15 22:18 82,012 --a------ C:WINDOWSsystem32SynCOM.dll
2007-10-15 22:18 81,920 --a------ C:WINDOWSsystem32SynTPCo2.dll
2007-10-15 22:18 69,721 --a------ C:WINDOWSsystem32SynTPFcs.dll
2007-10-15 22:16 180,224 --a------ C:WINDOWSsystem32igfxres.dll
2007-10-15 22:12 <DIR> d-------- C
rogram FilesCommon FilesInstallShield
2007-10-15 22:12 <DIR> d-------- C
rogram FilesBroadcom
2007-10-15 22:12 754,688 --a------ C:WINDOWSsystem32driversbcmwl564.sys
2007-10-15 22:12 604,928 --a------ C:WINDOWSsystem32driversbcmwl5.sys
2007-10-15 22:12 28,544 --a------ C:WINDOWSsystem32driverscallistx.sys
2007-10-15 22:10 <DIR> d-------- C:WINDOWStiinst
2007-10-15 22:10 290,304 --a------ C:WINDOWSsystem32driverstifm21.sys
2007-10-15 22:08 <DIR> d-------- C:WINDOWSsystem32PLK
2007-10-15 22:08 304,602 --a------ C:WINDOWSsystem32Imsmudlg.exe
2007-10-15 22:07 <DIR> d--h----- C
rogram FilesInstallShield Installation Information
2007-10-15 22:07 <DIR> d-------- C
ocuments and SettingsAdministratorDane aplikacjiInstallShield
2007-10-15 22:04 <DIR> d----c--- C:WINDOWSsystem32DRVSTORE
2007-10-15 22:04 <DIR> d-------- C
rogram FilesIntel
2007-10-15 22:04 <DIR> d-------- C:Intel
2007-10-15 22:02 988,800 --a------ C:WINDOWSsystem32driversHSF_DPV.sys
2007-10-15 22:02 730,112 --a------ C:WINDOWSsystem32driversHSF_CNXT.sys
2007-10-15 22:02 209,664 --a------ C:WINDOWSsystem32driversHSFHWAZL.sys
2007-10-15 22:02 176,128 --a------ C:WINDOWSsystem32UCI32M16.dll
2007-10-15 22:02 94,208 --a------ C:WINDOWSsystem32mdmxsdk.dll
2007-10-15 22:02 12,672 --a------ C:WINDOWSsystem32driversmdmxsdk.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 19:51 --------- d-----w C
rogram Filesmicrosoft frontpage
2007-10-15 19:50 --------- d-----w C
rogram FilesUsługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"BroadcomWireless"="C
rogram FilesBroadcomWirelessUtilityWlanUtil.exe" []
"WinampAgent"="C
rogram FilesWinampwinampa.exe" [2007-04-23 19:57]
"Sony Ericsson PC Suite"="C
rogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 16:17]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C
rogram FilesCommon FilesAheadLibNMBgMonitor.exe" []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.2.0.lnk]
path=C
ocuments and SettingsAdministratorMenu StartProgramyAutostartOpenOffice.ux.pl 2.2.0.lnk
backup=C:WINDOWSpssOpenOffice.ux.pl 2.2.0.lnkStartup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C
ocuments and SettingsAll UsersMenu StartProgramyAutostartMicrosoft Office.lnk
backup=C:WINDOWSpssMicrosoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAzMixerSel]
C
rogram FilesRealtekInstallShieldAzMixerSel.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHotKeysCmds]
C:WINDOWSsystem32hkcmd.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIAAnotif]
"C
rogram FilesIntelIntel Matrix Storage ManagerIaanotif.exe"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIgfxTray]
C:WINDOWSsystem32igfxtray.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPersistence]
C:WINDOWSsystem32igfxpers.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynTPEnh]
C
rogram FilesSynapticsSynTPSynTPEnh.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2c0
ccb9c-7b67-11dc-a348-806d6172696f}]
AutoRuncommand - E:start.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3dd
4c2d0-7bab-11dc-a355-001c26c61d33}]
AutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{552
c5c9e-7b65-11dc-9197-806d6172696f}]
AutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{552
c5c9f-7b65-11dc-9197-806d6172696f}]
AutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-20 18:29:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-20 18:29:51
.
--- E O F ---
Heh y pocyatku nie yroyumialme o co ci chodyi. Nie mam ya bardyo dostepu do neta zeby szybko odpisywac
