ComboScan v20070306.20 run by noname on 2007-05-02 at 18:15:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as noname.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:51, on 07-05-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\noname\Moje dokumenty\hijackthis\comboscan.exe C:\DOCUME~1\noname\MOJEDO~1\HIJACK~1\noname.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wgp.prv.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dane aplikacji\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O15 - Trusted Zone: http://mks.com.pl O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing) -- Files created between 2007-04-02 and 2007-05-02 ----------------------------- 2007-05-02 18:09:52 0 d-------- C:\avenger 2007-05-01 19:12:23 0 d-------- C:\ComboFix 2007-05-01 11:43:36 7680 --a------ C:\WINDOWS\system32\pxinst.dll 2007-05-01 11:43:36 101120 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys 2007-05-01 11:43:35 19200 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys 2007-05-01 11:43:35 290816 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys 2007-05-01 11:43:35 8192 --a------ C:\WINDOWS\system32\drivers\pxcom.sys 2007-05-01 11:43:09 0 d-------- C:\Program Files\Prevx1 2007-05-01 11:42:49 13952 --a------ C:\WINDOWS\system32\drivers\PxRD.sys 2007-05-01 11:42:40 77312 --a------ C:\WINDOWS\ua2.dll 2007-04-30 22:57:15 1968 --a------ C:\WINDOWS\system32\tmp.reg 2007-04-30 22:57:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-04-30 22:57:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-04-30 22:39:45 0 d-------- C:\Program Files\Enigma Software Group 2007-04-30 21:39:08 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-04-30 20:05:58 126976 --a------ C:\WINDOWS\system32\zip.exe 2007-04-30 20:05:58 175616 --a------ C:\WINDOWS\system32\strings.exe 2007-04-30 20:05:58 16384 --a------ C:\WINDOWS\system32\restart.exe 2007-04-30 02:13:48 0 d-------- C:\Program Files\Common Files\task 2007-04-30 02:01:48 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-04-30 02:01:48 39184 --a------ C:\WINDOWS\system32\Ntrights.exe 2007-04-30 02:01:48 11254 --a------ C:\WINDOWS\system32\locate.com 2007-04-30 00:07:38 0 d-------- C:\Program Files\SkanerOnline 2007-04-29 18:08:17 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-29 18:08:17 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-29 18:08:17 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-29 18:08:16 90112 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-04-29 18:08:15 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-29 18:08:15 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-29 18:08:11 733824 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-04-29 18:08:08 0 d-------- C:\Program Files\Alwil Software 2007-04-29 17:42:17 49152 --a------ C:\WINDOWS\system32\vfind.exe 2007-04-29 17:42:17 212480 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-04-29 17:42:17 428032 --a------ C:\WINDOWS\system32\swreg.exe 2007-04-29 17:42:17 38400 --a------ C:\WINDOWS\system32\moveex.exe 2007-04-29 17:42:17 86528 --a------ C:\WINDOWS\catchme.exe 2007-04-29 14:56:40 0 d--hs---- C:\FOUND.000 2007-04-27 00:49:30 0 d-------- C:\Program Files\Xfire Plus 2007-04-23 04:30:49 0 d-------- C:\Program Files\ICQLite 2007-04-15 19:33:06 0 d-------- C:\Program Files\VentriloMIX 2007-04-02 18:04:46 0 d-------- C:\Program Files\Silkroad -- Find3M Report --------------------------------------------------------------- 2007-05-01 11:43:44 0 d-------- C:\Documents and Settings\noname\Dane aplikacji\Prevx 2007-04-26 13:28:54 0 d-------- C:\Documents and Settings\noname\Dane aplikacji\Xfire Plus 2007-04-23 04:30:50 0 d-------- C:\Documents and Settings\noname\Dane aplikacji\ICQLite 2007-04-23 03:39:42 0 d-------- C:\Documents and Settings\noname\Dane aplikacji\ICQ Toolbar 2007-04-23 03:05:42 0 d-------- C:\Documents and Settings\noname\Dane aplikacji\ICQ 2007-03-18 15:05:14 0 d-------- C:\Documents and Settings\noname\Dane aplikacji\temp 2007-03-18 04:54:00 1620 --a------ C:\WINDOWS\system32\sdbackup.reg 2007-03-15 12:23:16 497496 --a------ C:\WINDOWS\system32\XceedZip.dll 2007-03-15 12:19:58 526184 --a------ C:\WINDOWS\system32\XceedCry.dll 2007-03-15 12:00:36 466432 --a------ C:\WINDOWS\system32\SkanerOnline.dll 2007-03-02 02:20:36 0 d-------- C:\Program Files\Real Alternative -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "TkBellExe"="\"realsched.exe\" -osboot" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ewido" "hkey"="HKLM" "command"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nod32kui" "hkey"="HKLM" "command"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PXConsole" "hkey"="HKLM" "command"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SFAgent" "hkey"="HKLM" "command"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpyHunter" "hkey"="HKLM" "command"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC8Player] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VC8Play" "hkey"="HKLM" "command"="C:\\Program Files\\Virtual CD v8\\System\\VC8Play.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PREVXAgent"=dword:00000002 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{8EBE6D20-55AE-4DE5-B9A6-C4530A3F4073}"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b238922-e044-11da-ae54-0002447bc145}] Shell\AutoRun\command H:\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faa3d38e-e72c-11da-ae5f-0002447bc145}] Shell\AutoRun\command I:\autorun.exe -- End of ComboScan: finished at 2007-05-02 at 18:16:01 ------------------------