- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:05, on 2008-05-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Konnekt\konnekt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Stv\Pulpit\FixVundo.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8053AF4F-F35D-4EC6-A411-039EFB515CD8} - C:\WINDOWS\system32\yayyAsro.dll
O2 - BHO: (no name) - {C968F4FF-F3BB-4685-A5D5-99915A8DD675} - C:\WINDOWS\system32\nnnmmlmj.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM1772ad10] Rundll32.exe "C:\WINDOWS\system32\aiupkxsq.dll",s
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayyAsro - C:\WINDOWS\SYSTEM32\yayyAsro.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
--
End of file - 4602 bytes
Zapewne będziecie potrzebować potwierdzeń tego, że to vundo. Prosze bardzo o to skrin logów:
http://img177.imageshack.us/img177/2677/dowodmu3.jpg
CHciałem też dodać, że to zaczęło się jak sciągnełem "lewa" wersje Nero 8 z torrentów. Pozostawił po sobie bardzo dużo śmieci i mnie to martwi. Skanowałem komputer urządzeniem FixVundo.exe - Nic nie wykrył. Proszę o pomoc. (Aha, błędy zaczeły wyskakiwac w sytuacji w której wlaczalem Nero).
PS. Przepraszam bardzo, juz zmieniony, mysle ze bedzie odpowiedni. Bardzo dawno tu nie zaglądałem.
PS2. Dodaję log z combofix.
- Kod: Zaznacz wszystko
ComboFix 08-05-20.5 - Stv 2008-05-21 20:49:26.1 - NTFSx86
Running from: C:\Documents and Settings\Stv\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM1772ad10.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bydheqbk.ini
C:\WINDOWS\system32\jmlmmnnn.ini
C:\WINDOWS\system32\jmlmmnnn.ini2
C:\WINDOWS\system32\kbqehdyb.dll
C:\WINDOWS\system32\scnurenp.ini
C:\WINDOWS\system32\vlnshkho.exe
C:\WINDOWS\system32\xlfrtxnx.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.
2008-05-21 20:55 . 2008-05-21 20:55 53,248 --a------ C:\temp\catchme.dll
2008-05-21 20:52 . 2008-05-21 20:55 <DIR> d-------- C:\temp
2008-05-21 19:00 . 2008-05-21 19:09 820 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-21 18:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-21 18:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-21 18:59 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-21 18:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-21 18:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-21 18:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-21 18:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-21 18:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-21 14:51 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-05-21 14:51 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-05-20 21:32 . 2008-05-20 21:32 <DIR> d-------- C:\Logs
2008-05-20 14:11 . 2008-05-21 12:25 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-19 14:40 . 2008-05-19 14:40 57,344 --a------ C:\WINDOWS\system32\yayyAsro.dll
2008-05-19 14:17 . 2008-05-19 14:17 <DIR> d-------- C:\Documents and Settings\Stv\Dane aplikacji\Nero
2008-05-19 14:15 . 2008-05-21 14:52 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-19 14:15 . 2008-05-21 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-18 02:46 . 2008-05-18 02:46 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-16 02:50 . 2008-05-16 02:50 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-06 20:26 . 2006-08-01 09:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-05-06 20:25 . 2008-05-06 20:25 <DIR> d-------- C:\Program Files\Realtek
2008-05-06 20:14 . 2004-08-04 00:43 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-05-06 20:14 . 2004-08-04 00:44 380,928 --------- C:\WINDOWS\system32\irprops.cpl
2008-05-06 20:14 . 2004-08-04 00:43 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2008-05-06 20:14 . 2004-08-04 00:44 163,328 --------- C:\WINDOWS\system32\wuaucpl.cpl
2008-05-06 20:14 . 2004-08-04 00:43 97,280 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-05-06 20:14 . 2004-07-17 11:36 64,352 --------- C:\WINDOWS\system32\drivers\ativmc20.cod
2008-05-06 20:14 . 2004-08-04 00:43 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2008-05-06 20:14 . 2004-08-04 00:44 23,040 --------- C:\WINDOWS\system32\ativmvxx.ax
2008-05-06 20:14 . 2004-08-04 00:44 9,728 --------- C:\WINDOWS\system32\ativdaxx.ax
2008-05-06 20:10 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02652_.tmp
2008-05-06 19:28 . 2004-08-04 00:44 192,000 --a------ C:\WINDOWS\system32\iuengine.dll
2008-05-06 19:09 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-05-06 19:09 . 2004-08-03 23:15 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-05-06 19:09 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-05-06 19:09 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-05-06 19:09 . 2004-08-04 00:44 23,552 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-05-06 19:09 . 2004-08-04 00:44 23,552 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.drv
2008-05-06 18:24 . 2001-10-26 19:28 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-06 18:23 . 2001-10-26 19:28 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-05-06 18:22 . 2004-08-04 00:44 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2008-05-06 18:21 . 2004-08-04 00:44 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-05-06 18:20 . 2004-08-04 00:43 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2008-05-06 18:19 . 2004-08-04 00:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-05-06 18:19 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-05-06 18:19 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-05-06 18:13 . 2004-08-03 23:01 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-05-06 18:13 . 2004-08-04 00:44 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-05-03 22:57 . 2008-05-03 22:57 <DIR> d-------- C:\Documents and Settings\Stv\Dane aplikacji\Desktopicon
2008-04-30 16:31 . 2008-05-21 20:55 <DIR> d-------- C:\TMP
2008-04-30 16:30 . 2007-10-02 16:40 2,723,264 --a------ C:\vcredist_x86.exe
2008-04-30 15:31 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-04-30 15:31 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-04-30 15:31 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-04-30 15:31 . 2008-04-30 15:31 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-30 15:31 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-04-30 15:31 . 2008-04-30 15:31 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-04-22 14:10 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-22 14:10 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 18:53 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\mIRC
2008-05-21 18:48 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\foobar2000
2008-05-21 17:18 --------- d-----w C:\Program Files\mIRC
2008-05-21 15:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-21 15:34 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-21 15:09 103,213 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-05-19 17:53 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\uTorrent
2008-05-18 16:16 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\Skype
2008-05-18 14:39 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\skypePM
2008-05-17 13:20 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\teamspeak2
2008-05-12 20:12 --------- d-----w C:\Program Files\Driver Cleaner
2008-05-06 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 16:46 --------- d-----w C:\Program Files\MultiRes
2008-05-04 10:01 --------- d-----w C:\Program Files\Bonjour
2008-04-30 21:46 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\Hamachi
2008-04-18 19:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-04-18 19:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-18 19:37 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-17 12:26 --------- d-----w C:\Program Files\Konnekt
2008-04-14 17:05 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-13 23:29 72,234 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-13 23:29 5,319 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-13 22:48 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\atitray
2008-04-13 22:07 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-13 15:36 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-04-13 15:36 --------- d-----w C:\Program Files\Radeon Omega Drivers
2008-04-13 15:26 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\ATI
2008-04-12 08:45 --------- d-----w C:\Program Files\ToniArts
2008-04-11 10:47 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-10 19:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-10 18:57 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\BESTplayer
2008-04-10 18:54 --------- d-----w C:\Program Files\MarBit
2008-04-10 18:13 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-04-10 13:55 --------- d-----w C:\Program Files\PowerISO
2008-04-10 12:02 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\Soldat
2008-04-09 22:01 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\Media Player Classic
2008-04-09 21:53 --------- d-----w C:\Program Files\Real Alternative
2008-04-09 21:23 --------- d-----w C:\Program Files\uTorrent
2008-04-09 18:09 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-09 18:08 --------- d-----w C:\Program Files\Skype
2008-04-09 18:08 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-09 18:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-07 22:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2008-04-07 22:22 --------- d-----w C:\Program Files\Sunbelt Software
2008-04-07 17:32 --------- d-----w C:\Program Files\Trend Micro
2008-04-07 16:17 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-07 16:15 22,328 ----a-w C:\Documents and Settings\Stv\Dane aplikacji\PnkBstrK.sys
2008-04-07 16:02 --------- d-----w C:\Program Files\Activision
2008-04-07 15:57 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ATI
2008-04-07 15:32 --------- d-----w C:\Program Files\Alwil Software
2008-04-07 15:07 --------- d-----w C:\Program Files\foobar2000
2008-04-07 15:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\stamina
2008-04-07 15:02 --------- d-----w C:\Program Files\xp-AntiSpy
2008-04-07 14:55 --------- d-----w C:\Program Files\Opera
2008-04-07 14:48 --------- d-----w C:\Program Files\Marvell
2008-04-07 14:47 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-07 14:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 14:46 --------- d-----w C:\Documents and Settings\Stv\Dane aplikacji\InstallShield
2008-04-07 14:30 558,142 ----a-w C:\WINDOWS\java\Packages\LNPNZRNL.ZIP
2008-04-07 14:30 155,995 ----a-w C:\WINDOWS\java\Packages\4ZTJJ3PN.ZIP
2008-04-07 14:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-07 14:28 --------- d-----w C:\Program Files\Usługi online
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8053AF4F-F35D-4EC6-A411-039EFB515CD8}]
2008-05-19 14:40 57344 --a------ C:\WINDOWS\system32\yayyAsro.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C968F4FF-F3BB-4685-A5D5-99915A8DD675}]
C:\WINDOWS\system32\nnnmmlmj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 09:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"BM1772ad10"="C:\WINDOWS\system32\aiupkxsq.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\Stv\Menu Start\Programy\Autostart\
ATI Tray Tools.lnk - C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe [2007-12-31 21:43:36 570528]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8053AF4F-F35D-4EC6-A411-039EFB515CD8}"= C:\WINDOWS\system32\yayyAsro.dll [2008-05-19 14:40 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyAsro]
yayyAsro.dll 2008-05-19 14:40 57344 C:\WINDOWS\system32\yayyAsro.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Stv^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\Stv\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 18:21 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"D:\\Soldat\\Soldat.exe"=
"D:\\Program Files\\Konnekt\\konnekt.exe"=
"D:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 09:55]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Installer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Installer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Installer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Installer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 20:55:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\yayyAsro.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\raphook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\notepad.exe
.
**************************************************************************
.
Completion time: 2008-05-21 20:57:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 18:57:35
Pre-Run: 26,534,862,848 bajtów wolnych
Post-Run: 26,481,164,288 bajt˘w wolnych
249
