|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Lieneekö Keylogger Ardamax?
|
|
|
Kennyy
Suspended due to non-functional email address
|
12. helmikuuta 2008 @ 22:47 |
Linkki tähän viestiin
|
Latasin ja tietenkin tyhmyyttäni menin avaamaan .mp3 tiedoston, josta VirusTotal jälkeenpäin näytti tälläisen tuloksen:
http://www.virustotal.com/analisis/70347...41661cf8cdc5ab8
Kun kerta avasin kyseisen tiedoston niin luulen että koneellani myös sitten olisi kyseinen keylogger, mutta sitä ei vaan tunnu löytyvän. Googlella koitin etsiä ongelmaan vastausta ja siellä neuvottiin etsimään ohjelma lisää/poista sovelluksesta, joka ei tuottanut tulosta minun tapauksessani.
Tässä vielä tämä HjT-logi tarkistettavaksi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:12, on 12.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\mIRC617\mirc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mapleglobal.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.59.164.62:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\permeo\e-border driver\s5spi.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asdasd.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.27.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FanSpeedNT Service - Unknown owner - C:\Program Files\FanSpeed\fanspeedNT.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 8593 bytes
Kiitoksia sille joka viitsii tuon tarkistaa ja neuvoa minua asiassa eteenpäin.
Muokkaus:
Ajoin KL-Detector nimisen ohjelman koneellani, ohjelman kotisivu on: http://dewasoft.com/privacy/kldetector.htm
Tässä tulokset:
KL-Detector has found some suspicious files:
C:\System Volume Information\_restore{DB9464B5-856E-4796-8833-9EFFB8447B02}\RP550\change.log
C:\Program Files\Opera\profile\global.dat
C:\Program Files\Opera\profile\cache4\opr11922.htm
Please check; someone might have installed a keylogger on your computer!
You MAY want to take a look at:
C:\Documents and Settings\Käyttäjä\
C:\WINDOWS\system32\config\
C:\Program Files\Opera\profile\
C:\Program Files\Opera\profile\cache4\
==================================================================
Silmääni osui kohta "C:\System Volume Information\_restore{DB9464B5-856E-4796-8833-9EFFB8447B02}\RP550\change.log", tulisiko minun poistaa System Restore käytöstä ja käynnistää tietokone uudelleen ja laittaa System Restore takaisin päälle, kuten löytämäni ohje F-Securen sivuilla neuvoo?
Mahtaako kyseinen tiedosto olla edes avaamani tiedoston tuottama, vai selviänkö pelkästään tuolla toimenpiteellä?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 12. helmikuuta 2008 @ 23:41
|
|
Hujo
Suspended permanently
|
12. helmikuuta 2008 @ 23:52 |
Linkki tähän viestiin
|
1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
|
|
Kennyy
Suspended due to non-functional email address
|
13. helmikuuta 2008 @ 00:23 |
Linkki tähän viestiin
|
ComboFix 08-02-13.1 - Käyttäjä 2008-02-13 0:00:10.1 - NTFSx86
Running from: C:\Documents and Settings\Käyttäjä\Työpöytä\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
----- BITS: Possible infected sites -----
hxxp://go.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
-------\NPF
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-12 to 2008-02-12 )))))))))))))))))
.
2008-02-12 23:48 . 2008-02-12 23:48 <KANSIO> d-------- C:\Program Files\I Hate Keyloggers
2008-02-12 23:47 . 2008-02-12 23:47 209,008 --a------ C:\WINDOWS\system32\kbhookdll.dll
2008-02-12 23:47 . 2008-02-12 23:47 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-12 21:40 . 2008-02-12 21:40 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-12 21:34 . 2008-02-12 21:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:33 . 2008-02-12 21:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:33 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:46 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2008-02-04 23:02 . 2008-02-10 21:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-04 23:02 . 2008-02-04 23:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 15:33 . 2008-02-04 15:33 <KANSIO> d-------- C:\Program Files\TS-AudioToMIDI 3.20
2008-02-04 15:28 . 2008-02-04 15:28 <KANSIO> d-------- C:\Downloads
2008-02-02 22:01 . 2008-02-02 22:05 <KANSIO> d-------- C:\Program Files\Desktop Screen Record 5
2008-02-02 13:52 . 2007-10-20 15:01 <KANSIO> d-------- C:\Program Files\FretsOnFire
2008-01-31 23:25 . 2008-01-31 23:25 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 23:23 . 2008-01-31 23:23 <KANSIO> d-------- C:\Nexon
2008-01-31 16:33 . 2008-01-31 16:33 <KANSIO> d-------- C:\Program Files\Perfect World
2008-01-29 21:31 . 2008-01-29 21:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:31 . 2008-01-29 21:31 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 21:31 . 2008-01-29 21:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 308 --a------ C:\WINDOWS\game.ini
2008-01-29 21:26 . 2008-01-31 01:26 <KANSIO> d-------- C:\Program Files\Call of Duty 4 - Modern Warfare
2008-01-29 20:18 . 2008-01-29 20:35 <KANSIO> d-------- C:\Program Files\Crysis
2008-01-28 00:47 . 2008-02-05 14:33 <KANSIO> d-------- C:\Program Files\Multimedia Fusion 2
2008-01-21 17:43 . 2008-01-21 17:43 11,736 --a------ C:\pldecal.wad
2008-01-21 17:39 . 2008-01-21 17:42 <KANSIO> d-------- C:\Program Files\Wally
2008-01-20 15:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 14:55 . 2008-01-20 14:55 <KANSIO> d-------- C:\Program Files\Electronic Arts
2008-01-12 21:54 . 2008-01-12 21:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-12 21:53 . 2008-01-12 21:54 <KANSIO> d-------- C:\Program Files\Peggle
2008-01-12 21:53 . 2008-01-12 21:53 <KANSIO> d-------- C:\Program Files\BFG
2008-01-12 15:06 . 2008-01-13 03:11 23 --a------ C:\WINDOWS\popcinfot.dat
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 22:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 22:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-02-12 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-12 22:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-12 21:59 --------- d-----w C:\Program Files\mIRC617
2008-02-12 20:54 --------- d-----w C:\Program Files\Cheat Engine
2008-02-12 19:08 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-02-04 13:28 --------- d-----w C:\Program Files\AmazingMIDI
2008-01-31 21:23 --------- d-s---w C:\Program Files\Mabinogi Taiwan
2008-01-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 14:24 --------- d-----w C:\Program Files\Wizet
2008-01-21 21:29 412,906 ----a-w C:\Program Files\AAA Real Recorder.rar
2008-01-20 19:19 --------- d-----w C:\Program Files\Azureus
2008-01-10 20:06 --------- d-----w C:\Program Files\ZSNes
2008-01-10 14:16 --------- d-----w C:\Program Files\TeamViewer3
2008-01-03 14:01 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-03 14:01 --------- d-----w C:\Program Files\Hamachi
2007-12-26 16:26 --------- d-----w C:\Program Files\DC++
2007-12-24 17:09 --------- d-----w C:\Program Files\Portal
2007-12-22 20:09 --------- d-----w C:\Program Files\Winamp
2007-12-21 18:17 --------- d-----w C:\Program Files\DivX
2007-12-19 22:27 --------- d-----w C:\Program Files\GALA-NET
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"I-Hate-Keyloggers"="C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe" [2006-07-16 19:20 195584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"zzsecagent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"CmPCIaudio"="cmicnfg3.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:35 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:33 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hblogon]
hblogon.dll 2007-02-12 13:46 20480 C:\WINDOWS\system32\hblogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Iolo Macro Magic.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Iolo Macro Magic.lnk
backup=C:\WINDOWS\pss\Iolo Macro Magic.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Käyttäjä^Käynnistä-valikko^Ohjelmat^Käynnistys^Chronice.lnk]
path=C:\Documents and Settings\Käyttäjä\Käynnistä-valikko\Ohjelmat\Käynnistys\Chronice.lnk
backup=C:\WINDOWS\pss\Chronice.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
--a------ 2006-06-06 14:01 1541120 C:\Program Files\1st Security Agent\newadmin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]
--a------ 2006-04-27 14:13 148480 C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-Border Credential]
C:\Program Files\Permeo\e-Border Driver\s5credmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 5.5]
--a------ 2007-02-12 13:50 1870848 C:\Program Files\Novosoft\Handy Backup\hbagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
--a------ 2007-11-12 17:45 38128 C:\program files\ncsoft\launcher\NCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxHome]
C:\Program Files\Prevx Home\SAGUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2008-02-12 21:08 2115728 C:\Program Files\Spyware Doctor\swdoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-05 15:28 1266936 C:\Program Files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 12:27]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-20 22:42]
R2 npkcmsvc;npkcmsvc;C:\Program Files\Mabinogi\npkcmsvc.exe [2007-05-16 13:15]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 17:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 17:42]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
S2 anysee;anysee USB type Tuner(2005.04.25.D010313);C:\WINDOWS\system32\DRIVERS\anyseeTU.sys [2005-04-25 12:40]
S2 FanSpeedNT Service;FanSpeedNT Service;"C:\Program Files\FanSpeed\fanspeedNT.exe" []
S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 DADriv1;DADriv1;C:\Shared Files\Maple Hacks\DAEngine\DAK32.sys []
S3 danny1;danny1;C:\Shared Files\Maple Hacks\Danny Engine\danny.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;C:\Shared Files\Maple Hacks\UCE\disk_1024.sys []
S3 Dua1;Dua1;F:\Shared Files\Maple Hacks\DualEngine2\DualEngi.sys [2006-10-02 11:43]
S3 EAGLE1;EAGLE1;C:\Shared Files\Maple Hacks\Google Engine\google32.sys []
S3 fspio;fspio;C:\WINDOWS\system32\drivers\fspio.sys [2001-03-08 17:10]
S3 geebers12;geebers12;C:\Shared Files\Maple Hacks\Buffy Engine\nvid888.sys []
S3 iCheat1;iCheat1;C:\Shared Files\Maple Hacks\iCheat13\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1\IlvMoney1129.sys [2007-10-17 21:19]
S3 jamilah;jamilah;C:\Shared Files\Maple Hacks\jamilah.sys []
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Shared Files\Maple Hacks\VE5 1032\nvid999.sys []
S3 NUBBER;NUBBER;C:\Shared Files\Maple Hacks\NubEngine\nubbk32.sys []
S3 saruen;saruen;C:\Shared Files\Maple Hacks\saruengang101se\saruen.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-03-31 14:21]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-03-31 14:21]
S3 sejt1;sejt1;C:\Shared Files\Maple Hacks\AkumaEngine33\sejt.sys []
S3 serb1;serb1;F:\Shared Files\Maple Hacks\Serbio Engine\serbio.sys [2006-06-29 19:49]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 09:12]
S3 SoRa01;SoRa01;C:\Shared Files\Maple Hacks\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE\spuce.sys [2006-11-28 21:13]
S3 sys_com001;sys_com001;C:\Shared Files\Maple Hacks\SysComEngine_1059\syscom.sys []
S3 TEMPLEVER;TEMPLEVER;C:\Shared Files\Maple Hacks\Templery Engine\damainzor.sys []
S3 uzeil1;uzeil1;C:\Shared Files\Maple Hacks\Mini Engine\Mini Engine\uzeil.sys []
S3 Visual1;Visual1;C:\Shared Files\Maple Hacks\Visual Engine\Visual.sys []
S3 zenx1;zenx1;C:\Shared Files\Maple Hacks\ZenxEngine_LATEST\zenx.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 00:08:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hblogon.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\kbhookdll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2008-02-13 0:16:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 22:16:40
.
2008-01-22 15:07:46 --- E O F ---
|
|
Hujo
Suspended permanently
|
13. helmikuuta 2008 @ 00:33 |
Linkki tähän viestiin
|
Lataa: RegSeeker.zip työpöydälle:
Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.
===============
ota combofix uudestaan
==========
scannaa uusi hjt:n loki
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. helmikuuta 2008 @ 00:45
|
|
Kennyy
Suspended due to non-functional email address
|
13. helmikuuta 2008 @ 00:36 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:34:59, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\mIRC617\mirc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mapleglobal.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.59.164.62:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asdasd.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.27.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FanSpeedNT Service - Unknown owner - C:\Program Files\FanSpeed\fanspeedNT.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 8539 bytes
|
|
Hujo
Suspended permanently
|
13. helmikuuta 2008 @ 00:47 |
Linkki tähän viestiin
|
|
laitoin tuohon ylös lisää ohjetta
scannaa hjt:llä merkkaa paina Fix checked
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ?all Files? ja tallenna se Poisto.bat. nimisenä
työpöydällesi.
@echo off
sc stop NipSvc
sc delete NipSvc
Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.
========
Poista vikasiedossa kansio
C:\Norman
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. helmikuuta 2008 @ 01:21
|
|
Kennyy
Suspended due to non-functional email address
|
13. helmikuuta 2008 @ 01:25 |
Linkki tähän viestiin
|
Tässä logit ylempänä mainittuun asiaan:
ComboFix 08-02-13.1 - Käyttäjä 2008-02-13 1:12:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1590 [GMT 2:00]
Running from: C:\Documents and Settings\Käyttäjä\Työpöytä\Virustorjunta\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-13 to 2008-02-13 )))))))))))))))))
.
2008-02-13 00:59 . 2008-02-13 00:59 <KANSIO> d-------- C:\RegSeeker
2008-02-12 23:48 . 2008-02-12 23:48 <KANSIO> d-------- C:\Program Files\I Hate Keyloggers
2008-02-12 23:47 . 2008-02-12 23:47 209,008 --a------ C:\WINDOWS\system32\kbhookdll.dll
2008-02-12 23:47 . 2008-02-12 23:47 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-12 21:40 . 2008-02-12 21:40 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-12 21:34 . 2008-02-12 21:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:34 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\AVG7
2008-02-12 21:33 . 2008-02-12 21:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:33 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:46 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2008-02-04 15:28 . 2008-02-04 15:28 <KANSIO> d-------- C:\Downloads
2008-02-02 22:01 . 2008-02-02 22:05 <KANSIO> d-------- C:\Program Files\Desktop Screen Record 5
2008-02-02 13:52 . 2007-10-20 15:01 <KANSIO> d-------- C:\Program Files\FretsOnFire
2008-01-31 23:25 . 2008-01-31 23:25 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 23:23 . 2008-01-31 23:23 <KANSIO> d-------- C:\Nexon
2008-01-31 16:33 . 2008-01-31 16:33 <KANSIO> d-------- C:\Program Files\Perfect World
2008-01-29 21:31 . 2008-01-29 21:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:31 . 2008-01-29 21:31 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 21:31 . 2008-01-29 21:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\Documents and Settings\Käyttäjä\Application Data\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 308 --a------ C:\WINDOWS\game.ini
2008-01-29 21:26 . 2008-01-31 01:26 <KANSIO> d-------- C:\Program Files\Call of Duty 4 - Modern Warfare
2008-01-29 20:18 . 2008-01-29 20:35 <KANSIO> d-------- C:\Program Files\Crysis
2008-01-28 00:50 . 2008-01-28 00:50 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Clickteam
2008-01-28 00:47 . 2008-02-05 14:33 <KANSIO> d-------- C:\Program Files\Multimedia Fusion 2
2008-01-21 17:43 . 2008-01-21 17:43 11,736 --a------ C:\pldecal.wad
2008-01-21 17:39 . 2008-01-21 17:42 <KANSIO> d-------- C:\Program Files\Wally
2008-01-20 22:24 . 2008-01-20 22:28 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Command & Conquer 3 Tiberium Wars
2008-01-20 15:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 14:55 . 2008-01-20 14:55 <KANSIO> d-------- C:\Program Files\Electronic Arts
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 23:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-02-12 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-12 23:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 23:06 --------- d-----w C:\Program Files\mIRC617
2008-02-12 22:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-12 21:11 4,208 ----a-w C:\Documents and Settings\Käyttäjä\Application Data\wklnhst.dat
2008-02-12 20:54 --------- d-----w C:\Program Files\Cheat Engine
2008-02-12 19:08 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-02-12 11:20 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\Azureus
2008-02-04 13:28 --------- d-----w C:\Program Files\AmazingMIDI
2008-02-04 13:28 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\GetRightToGo
2008-01-31 21:23 --------- d-s---w C:\Program Files\Mabinogi Taiwan
2008-01-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 14:24 --------- d-----w C:\Program Files\Wizet
2008-01-21 21:29 412,906 ----a-w C:\Program Files\AAA Real Recorder.rar
2008-01-20 19:19 --------- d-----w C:\Program Files\Azureus
2008-01-20 13:03 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-12 19:54 --------- d-----w C:\Program Files\Peggle
2008-01-12 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-12 19:53 --------- d-----w C:\Program Files\BFG
2008-01-10 20:06 --------- d-----w C:\Program Files\ZSNes
2008-01-10 14:19 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\TeamViewer
2008-01-10 14:16 --------- d-----w C:\Program Files\TeamViewer3
2008-01-03 14:01 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-03 14:01 --------- d-----w C:\Program Files\Hamachi
2008-01-03 14:01 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\Hamachi
2007-12-26 16:26 --------- d-----w C:\Program Files\DC++
2007-12-24 17:09 --------- d-----w C:\Program Files\Portal
2007-12-22 20:09 --------- d-----w C:\Program Files\Winamp
2007-12-21 18:17 --------- d-----w C:\Program Files\DivX
2007-12-19 22:27 --------- d-----w C:\Program Files\GALA-NET
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-15 12:47 203,264 ----a-w C:\WINDOWS\system32\zk_sc.scr
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"I-Hate-Keyloggers"="C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe" [2006-07-16 19:20 195584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"zzsecagent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"CmPCIaudio"="cmicnfg3.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:35 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:33 219136]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hblogon]
hblogon.dll 2007-02-12 13:46 20480 C:\WINDOWS\system32\hblogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Bluetooth Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Iolo Macro Magic.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Service Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Käyttäjä^Käynnistä-valikko^Ohjelmat^Käynnistys^Chronice.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
--a------ 2006-06-06 14:01 1541120 C:\Program Files\1st Security Agent\newadmin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]
--a------ 2006-04-27 14:13 148480 C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-Border Credential]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 5.5]
--a------ 2007-02-12 13:50 1870848 C:\Program Files\Novosoft\Handy Backup\hbagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
--a------ 2007-11-12 17:45 38128 C:\program files\ncsoft\launcher\NCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxHome]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2008-02-12 21:08 2115728 C:\Program Files\Spyware Doctor\swdoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-05 15:28 1266936 C:\Program Files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 12:27]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-20 22:42]
R2 npkcmsvc;npkcmsvc;C:\Program Files\Mabinogi\npkcmsvc.exe [2007-05-16 13:15]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 17:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 17:42]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
S2 anysee;anysee USB type Tuner(2005.04.25.D010313);C:\WINDOWS\system32\DRIVERS\anyseeTU.sys [2005-04-25 12:40]
S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 DADriv1;DADriv1;C:\Shared Files\Maple Hacks\DAEngine\DAK32.sys []
S3 danny1;danny1;C:\Shared Files\Maple Hacks\Danny Engine\danny.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;C:\Shared Files\Maple Hacks\UCE\disk_1024.sys []
S3 Dua1;Dua1;F:\Shared Files\Maple Hacks\DualEngine2\DualEngi.sys [2006-10-02 11:43]
S3 EAGLE1;EAGLE1;C:\Shared Files\Maple Hacks\Google Engine\google32.sys []
S3 fspio;fspio;C:\WINDOWS\system32\drivers\fspio.sys [2001-03-08 17:10]
S3 geebers12;geebers12;C:\Shared Files\Maple Hacks\Buffy Engine\nvid888.sys []
S3 iCheat1;iCheat1;C:\Shared Files\Maple Hacks\iCheat13\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1\IlvMoney1129.sys [2007-10-17 21:19]
S3 jamilah;jamilah;C:\Shared Files\Maple Hacks\jamilah.sys []
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Shared Files\Maple Hacks\VE5 1032\nvid999.sys []
S3 NUBBER;NUBBER;C:\Shared Files\Maple Hacks\NubEngine\nubbk32.sys []
S3 saruen;saruen;C:\Shared Files\Maple Hacks\saruengang101se\saruen.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-03-31 14:21]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-03-31 14:21]
S3 sejt1;sejt1;C:\Shared Files\Maple Hacks\AkumaEngine33\sejt.sys []
S3 serb1;serb1;F:\Shared Files\Maple Hacks\Serbio Engine\serbio.sys [2006-06-29 19:49]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 09:12]
S3 SoRa01;SoRa01;C:\Shared Files\Maple Hacks\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE\spuce.sys [2006-11-28 21:13]
S3 sys_com001;sys_com001;C:\Shared Files\Maple Hacks\SysComEngine_1059\syscom.sys []
S3 TEMPLEVER;TEMPLEVER;C:\Shared Files\Maple Hacks\Templery Engine\damainzor.sys []
S3 uzeil1;uzeil1;C:\Shared Files\Maple Hacks\Mini Engine\Mini Engine\uzeil.sys []
S3 Visual1;Visual1;C:\Shared Files\Maple Hacks\Visual Engine\Visual.sys []
S3 zenx1;zenx1;C:\Shared Files\Maple Hacks\ZenxEngine_LATEST\zenx.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 01:17:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hblogon.dll
.
Completion time: 2008-02-13 1:20:04
ComboFix-quarantined-files.txt 2008-02-12 23:20:01
ComboFix2.txt 2008-02-12 22:16:46
.
2008-01-22 15:07:46 --- E O F ---
=====================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:25, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mapleglobal.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.59.164.62:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asdasd.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.27.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 8251 bytes
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. helmikuuta 2008 @ 01:27
|
|
Kennyy
Suspended due to non-functional email address
|
13. helmikuuta 2008 @ 01:53 |
Linkki tähän viestiin
|
En viitsi tätä tuohon logien sekaan laittaa kun menee niin sekavaksi, joten tein uuden viestin.
Tein tuon .bat filun ja poistin tuon C:\Norman kansion, mutta tuo "O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)" on ilmeisesti lähtenyt RegSeekerillä tai ComboFixillä jo itsestään pois tuolta, kun ei HjT sitä enään löydä.
|
|
Hujo
Suspended permanently
|
13. helmikuuta 2008 @ 01:56 |
Linkki tähän viestiin
|
se on hyvä että ei löydy Normania
Lainaus:
Tein tuon .bat filun ja poistin tuon C:\Norman kansion
Tuo siintä teki selvää jälkeä
OHJE
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\WINDOWS\SYSTEM32\hblogon.dll
Folder::
C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
Tallenna se nimellä CFScript
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
==============
Ota sitten uudestaan conbofix
=============
Lataa Winsockfix
http://www.tacktech.com/display.cfm?ttid=257
työpöydällesi
pura zip, Avaa Winsockfix paina Fix
============
Ota viellä uusi hjt:n loki viimisenä
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. helmikuuta 2008 @ 02:10
|
|
Kennyy
Suspended due to non-functional email address
|
13. helmikuuta 2008 @ 15:18 |
Linkki tähän viestiin
|
Tässä vielä nuo 3 viimistä logia:
CFScript-log:
ComboFix 08-02-13.1 - Käyttäjä 2008-02-13 2:05:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1581 [GMT 2:00]
Running from: C:\Documents and Settings\Käyttäjä\Työpöytä\Virustorjunta\ComboFix.exe
Command switches used :: C:\Documents and Settings\Käyttäjä\Työpöytä\Virustorjunta\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\SYSTEM32\hblogon.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe\
C:\WINDOWS\SYSTEM32\hblogon.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-13 to 2008-02-13 )))))))))))))))))
.
2008-02-13 00:59 . 2008-02-13 00:59 <KANSIO> d-------- C:\RegSeeker
2008-02-12 23:48 . 2008-02-12 23:48 <KANSIO> d-------- C:\Program Files\I Hate Keyloggers
2008-02-12 23:47 . 2008-02-12 23:47 209,008 --a------ C:\WINDOWS\system32\kbhookdll.dll
2008-02-12 23:47 . 2008-02-12 23:47 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-12 21:40 . 2008-02-12 21:40 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-12 21:34 . 2008-02-12 21:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:33 . 2008-02-12 21:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:33 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:46 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2008-02-04 15:28 . 2008-02-04 15:28 <KANSIO> d-------- C:\Downloads
2008-02-02 22:01 . 2008-02-02 22:05 <KANSIO> d-------- C:\Program Files\Desktop Screen Record 5
2008-02-02 13:52 . 2007-10-20 15:01 <KANSIO> d-------- C:\Program Files\FretsOnFire
2008-01-31 23:25 . 2008-01-31 23:25 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 23:23 . 2008-01-31 23:23 <KANSIO> d-------- C:\Nexon
2008-01-31 16:33 . 2008-01-31 16:33 <KANSIO> d-------- C:\Program Files\Perfect World
2008-01-29 21:31 . 2008-01-29 21:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:31 . 2008-01-29 21:31 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 21:31 . 2008-01-29 21:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 308 --a------ C:\WINDOWS\game.ini
2008-01-29 21:26 . 2008-01-31 01:26 <KANSIO> d-------- C:\Program Files\Call of Duty 4 - Modern Warfare
2008-01-29 20:18 . 2008-01-29 20:35 <KANSIO> d-------- C:\Program Files\Crysis
2008-01-28 00:47 . 2008-02-05 14:33 <KANSIO> d-------- C:\Program Files\Multimedia Fusion 2
2008-01-21 17:43 . 2008-01-21 17:43 11,736 --a------ C:\pldecal.wad
2008-01-21 17:39 . 2008-01-21 17:42 <KANSIO> d-------- C:\Program Files\Wally
2008-01-20 15:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 14:55 . 2008-01-20 14:55 <KANSIO> d-------- C:\Program Files\Electronic Arts
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 00:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 00:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-02-13 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-13 00:05 --------- d-----w C:\Program Files\mIRC617
2008-02-12 23:45 --------- d-----w C:\Program Files\Cheat Engine
2008-02-12 22:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-12 19:08 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-02-04 13:28 --------- d-----w C:\Program Files\AmazingMIDI
2008-01-31 21:23 --------- d-s---w C:\Program Files\Mabinogi Taiwan
2008-01-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 14:24 --------- d-----w C:\Program Files\Wizet
2008-01-21 21:29 412,906 ----a-w C:\Program Files\AAA Real Recorder.rar
2008-01-20 19:19 --------- d-----w C:\Program Files\Azureus
2008-01-12 19:54 --------- d-----w C:\Program Files\Peggle
2008-01-12 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-12 19:53 --------- d-----w C:\Program Files\BFG
2008-01-10 20:06 --------- d-----w C:\Program Files\ZSNes
2008-01-10 14:16 --------- d-----w C:\Program Files\TeamViewer3
2008-01-03 14:01 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-03 14:01 --------- d-----w C:\Program Files\Hamachi
2007-12-26 16:26 --------- d-----w C:\Program Files\DC++
2007-12-24 17:09 --------- d-----w C:\Program Files\Portal
2007-12-22 20:09 --------- d-----w C:\Program Files\Winamp
2007-12-21 18:17 --------- d-----w C:\Program Files\DivX
2007-12-19 22:27 --------- d-----w C:\Program Files\GALA-NET
.
(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"I-Hate-Keyloggers"="C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe" [2006-07-16 19:20 195584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"zzsecagent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"CmPCIaudio"="cmicnfg3.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:35 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:33 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hblogon]
hblogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Bluetooth Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Iolo Macro Magic.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Service Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Käyttäjä^Käynnistä-valikko^Ohjelmat^Käynnistys^Chronice.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
--a------ 2006-06-06 14:01 1541120 C:\Program Files\1st Security Agent\newadmin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]
--a------ 2006-04-27 14:13 148480 C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-Border Credential]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 5.5]
--a------ 2007-02-12 13:50 1870848 C:\Program Files\Novosoft\Handy Backup\hbagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
--a------ 2007-11-12 17:45 38128 C:\program files\ncsoft\launcher\NCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxHome]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2008-02-12 21:08 2115728 C:\Program Files\Spyware Doctor\swdoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-05 15:28 1266936 C:\Program Files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 12:27]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-20 22:42]
R2 npkcmsvc;npkcmsvc;C:\Program Files\Mabinogi\npkcmsvc.exe [2007-05-16 13:15]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 17:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 17:42]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
S2 anysee;anysee USB type Tuner(2005.04.25.D010313);C:\WINDOWS\system32\DRIVERS\anyseeTU.sys [2005-04-25 12:40]
S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 DADriv1;DADriv1;C:\Shared Files\Maple Hacks\DAEngine\DAK32.sys []
S3 danny1;danny1;C:\Shared Files\Maple Hacks\Danny Engine\danny.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;C:\Shared Files\Maple Hacks\UCE\disk_1024.sys []
S3 Dua1;Dua1;F:\Shared Files\Maple Hacks\DualEngine2\DualEngi.sys [2006-10-02 11:43]
S3 EAGLE1;EAGLE1;C:\Shared Files\Maple Hacks\Google Engine\google32.sys []
S3 fspio;fspio;C:\WINDOWS\system32\drivers\fspio.sys [2001-03-08 17:10]
S3 geebers12;geebers12;C:\Shared Files\Maple Hacks\Buffy Engine\nvid888.sys []
S3 iCheat1;iCheat1;C:\Shared Files\Maple Hacks\iCheat13\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1\IlvMoney1129.sys [2007-10-17 21:19]
S3 jamilah;jamilah;C:\Shared Files\Maple Hacks\jamilah.sys []
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Shared Files\Maple Hacks\VE5 1032\nvid999.sys []
S3 NUBBER;NUBBER;C:\Shared Files\Maple Hacks\NubEngine\nubbk32.sys []
S3 saruen;saruen;C:\Shared Files\Maple Hacks\saruengang101se\saruen.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-03-31 14:21]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-03-31 14:21]
S3 sejt1;sejt1;C:\Shared Files\Maple Hacks\AkumaEngine33\sejt.sys []
S3 serb1;serb1;F:\Shared Files\Maple Hacks\Serbio Engine\serbio.sys [2006-06-29 19:49]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 09:12]
S3 SoRa01;SoRa01;C:\Shared Files\Maple Hacks\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE\spuce.sys [2006-11-28 21:13]
S3 sys_com001;sys_com001;C:\Shared Files\Maple Hacks\SysComEngine_1059\syscom.sys []
S3 TEMPLEVER;TEMPLEVER;C:\Shared Files\Maple Hacks\Templery Engine\damainzor.sys []
S3 uzeil1;uzeil1;C:\Shared Files\Maple Hacks\Mini Engine\Mini Engine\uzeil.sys []
S3 Visual1;Visual1;C:\Shared Files\Maple Hacks\Visual Engine\Visual.sys []
S3 zenx1;zenx1;C:\Shared Files\Maple Hacks\ZenxEngine_LATEST\zenx.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 02:14:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\kbhookdll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2008-02-13 2:22:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 00:22:32
ComboFix2.txt 2008-02-12 23:20:05
ComboFix3.txt 2008-02-12 22:16:46
.
2008-01-22 15:07:46 --- E O F ---
======================================================================
Uusi combofix logi:
ComboFix 08-02-13.1 - Käyttäjä 2008-02-13 2:27:03.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1502 [GMT 2:00]
Running from: C:\Documents and Settings\Käyttäjä\Työpöytä\Virustorjunta\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-13 to 2008-02-13 )))))))))))))))))
.
2008-02-13 00:59 . 2008-02-13 00:59 <KANSIO> d-------- C:\RegSeeker
2008-02-12 23:48 . 2008-02-12 23:48 <KANSIO> d-------- C:\Program Files\I Hate Keyloggers
2008-02-12 23:47 . 2008-02-12 23:47 209,008 --a------ C:\WINDOWS\system32\kbhookdll.dll
2008-02-12 23:47 . 2008-02-12 23:47 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-12 21:40 . 2008-02-12 21:40 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-12 21:34 . 2008-02-12 21:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:34 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\AVG7
2008-02-12 21:33 . 2008-02-12 21:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:33 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:46 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2008-02-04 15:28 . 2008-02-04 15:28 <KANSIO> d-------- C:\Downloads
2008-02-02 22:01 . 2008-02-02 22:05 <KANSIO> d-------- C:\Program Files\Desktop Screen Record 5
2008-02-02 13:52 . 2007-10-20 15:01 <KANSIO> d-------- C:\Program Files\FretsOnFire
2008-01-31 23:25 . 2008-01-31 23:25 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 23:23 . 2008-01-31 23:23 <KANSIO> d-------- C:\Nexon
2008-01-31 16:33 . 2008-01-31 16:33 <KANSIO> d-------- C:\Program Files\Perfect World
2008-01-29 21:31 . 2008-01-29 21:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:31 . 2008-01-29 21:31 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 21:31 . 2008-01-29 21:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\Documents and Settings\Käyttäjä\Application Data\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 308 --a------ C:\WINDOWS\game.ini
2008-01-29 21:26 . 2008-01-31 01:26 <KANSIO> d-------- C:\Program Files\Call of Duty 4 - Modern Warfare
2008-01-29 20:18 . 2008-01-29 20:35 <KANSIO> d-------- C:\Program Files\Crysis
2008-01-28 00:50 . 2008-01-28 00:50 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Clickteam
2008-01-28 00:47 . 2008-02-05 14:33 <KANSIO> d-------- C:\Program Files\Multimedia Fusion 2
2008-01-21 17:43 . 2008-01-21 17:43 11,736 --a------ C:\pldecal.wad
2008-01-21 17:39 . 2008-01-21 17:42 <KANSIO> d-------- C:\Program Files\Wally
2008-01-20 22:24 . 2008-01-20 22:28 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Command & Conquer 3 Tiberium Wars
2008-01-20 15:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 14:55 . 2008-01-20 14:55 <KANSIO> d-------- C:\Program Files\Electronic Arts
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 00:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 00:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-02-13 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-13 00:05 --------- d-----w C:\Program Files\mIRC617
2008-02-13 00:00 4,208 ----a-w C:\Documents and Settings\Käyttäjä\Application Data\wklnhst.dat
2008-02-12 23:45 --------- d-----w C:\Program Files\Cheat Engine
2008-02-12 22:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-12 19:08 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-02-12 11:20 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\Azureus
2008-02-04 13:28 --------- d-----w C:\Program Files\AmazingMIDI
2008-02-04 13:28 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\GetRightToGo
2008-01-31 21:23 --------- d-s---w C:\Program Files\Mabinogi Taiwan
2008-01-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 14:24 --------- d-----w C:\Program Files\Wizet
2008-01-21 21:29 412,906 ----a-w C:\Program Files\AAA Real Recorder.rar
2008-01-20 19:19 --------- d-----w C:\Program Files\Azureus
2008-01-20 13:03 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-12 19:54 --------- d-----w C:\Program Files\Peggle
2008-01-12 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-12 19:53 --------- d-----w C:\Program Files\BFG
2008-01-10 20:06 --------- d-----w C:\Program Files\ZSNes
2008-01-10 14:19 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\TeamViewer
2008-01-10 14:16 --------- d-----w C:\Program Files\TeamViewer3
2008-01-03 14:01 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-03 14:01 --------- d-----w C:\Program Files\Hamachi
2008-01-03 14:01 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\Hamachi
2007-12-26 16:26 --------- d-----w C:\Program Files\DC++
2007-12-24 17:09 --------- d-----w C:\Program Files\Portal
2007-12-22 20:09 --------- d-----w C:\Program Files\Winamp
2007-12-21 18:17 --------- d-----w C:\Program Files\DivX
2007-12-19 22:27 --------- d-----w C:\Program Files\GALA-NET
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-15 12:47 203,264 ----a-w C:\WINDOWS\system32\zk_sc.scr
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"I-Hate-Keyloggers"="C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe" [2006-07-16 19:20 195584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"zzsecagent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"CmPCIaudio"="cmicnfg3.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:35 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:33 219136]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hblogon]
hblogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Bluetooth Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Iolo Macro Magic.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Service Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Käyttäjä^Käynnistä-valikko^Ohjelmat^Käynnistys^Chronice.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
--a------ 2006-06-06 14:01 1541120 C:\Program Files\1st Security Agent\newadmin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]
--a------ 2006-04-27 14:13 148480 C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-Border Credential]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 5.5]
--a------ 2007-02-12 13:50 1870848 C:\Program Files\Novosoft\Handy Backup\hbagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
--a------ 2007-11-12 17:45 38128 C:\program files\ncsoft\launcher\NCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxHome]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2008-02-12 21:08 2115728 C:\Program Files\Spyware Doctor\swdoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-05 15:28 1266936 C:\Program Files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 12:27]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-20 22:42]
R2 npkcmsvc;npkcmsvc;C:\Program Files\Mabinogi\npkcmsvc.exe [2007-05-16 13:15]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 17:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 17:42]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
S2 anysee;anysee USB type Tuner(2005.04.25.D010313);C:\WINDOWS\system32\DRIVERS\anyseeTU.sys [2005-04-25 12:40]
S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 DADriv1;DADriv1;C:\Shared Files\Maple Hacks\DAEngine\DAK32.sys []
S3 danny1;danny1;C:\Shared Files\Maple Hacks\Danny Engine\danny.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;C:\Shared Files\Maple Hacks\UCE\disk_1024.sys []
S3 Dua1;Dua1;F:\Shared Files\Maple Hacks\DualEngine2\DualEngi.sys [2006-10-02 11:43]
S3 EAGLE1;EAGLE1;C:\Shared Files\Maple Hacks\Google Engine\google32.sys []
S3 fspio;fspio;C:\WINDOWS\system32\drivers\fspio.sys [2001-03-08 17:10]
S3 geebers12;geebers12;C:\Shared Files\Maple Hacks\Buffy Engine\nvid888.sys []
S3 iCheat1;iCheat1;C:\Shared Files\Maple Hacks\iCheat13\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1\IlvMoney1129.sys [2007-10-17 21:19]
S3 jamilah;jamilah;C:\Shared Files\Maple Hacks\jamilah.sys []
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Shared Files\Maple Hacks\VE5 1032\nvid999.sys []
S3 NUBBER;NUBBER;C:\Shared Files\Maple Hacks\NubEngine\nubbk32.sys []
S3 saruen;saruen;C:\Shared Files\Maple Hacks\saruengang101se\saruen.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-03-31 14:21]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-03-31 14:21]
S3 sejt1;sejt1;C:\Shared Files\Maple Hacks\AkumaEngine33\sejt.sys []
S3 serb1;serb1;F:\Shared Files\Maple Hacks\Serbio Engine\serbio.sys [2006-06-29 19:49]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 09:12]
S3 SoRa01;SoRa01;C:\Shared Files\Maple Hacks\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE\spuce.sys [2006-11-28 21:13]
S3 sys_com001;sys_com001;C:\Shared Files\Maple Hacks\SysComEngine_1059\syscom.sys []
S3 TEMPLEVER;TEMPLEVER;C:\Shared Files\Maple Hacks\Templery Engine\damainzor.sys []
S3 uzeil1;uzeil1;C:\Shared Files\Maple Hacks\Mini Engine\Mini Engine\uzeil.sys []
S3 Visual1;Visual1;C:\Shared Files\Maple Hacks\Visual Engine\Visual.sys []
S3 zenx1;zenx1;C:\Shared Files\Maple Hacks\ZenxEngine_LATEST\zenx.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 02:28:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\kbhookdll.dll
.
Completion time: 2008-02-13 2:29:24
ComboFix-quarantined-files.txt 2008-02-13 00:29:15
ComboFix2.txt 2008-02-13 00:22:39
ComboFix3.txt 2008-02-12 23:20:05
ComboFix4.txt 2008-02-12 22:16:46
.
2008-01-22 15:07:46 --- E O F ---
======================================================================
Viimeinen hjt-logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:31, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mapleglobal.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.59.164.62:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asdasd.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.27.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O20 - Winlogon Notify: hblogon - hblogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 8437 bytes
|
|
Hujo
Suspended permanently
|
13. helmikuuta 2008 @ 15:33 |
Linkki tähän viestiin
|
Lataa Dr.Web CureIt työpöydälle:
Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
Kun scan on valmis, Klikkaa Custom scan merkkaa asemat, jotka haluat scannata.
Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
Klikaa vihreää nuolta oikealla ja scan alkaa.
Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä: 
Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:
Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
Sulje Dr.Web Cureit.
Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.
Voiko tietsikka koskaan toimia?
|
|
Kennyy
Suspended due to non-functional email address
|
13. helmikuuta 2008 @ 20:15 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti Hujo:
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:
Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
En löydä koko next-kuvaketta ohjelmasta, tässä kuva scannin jälkeen:
Mitä tulisi tehdä tuossa kohdassa?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. helmikuuta 2008 @ 20:52
|
|
Hujo
Suspended permanently
|
13. helmikuuta 2008 @ 21:29 |
Linkki tähän viestiin
|
|
Kilkaan tuosta misssä on asemat c
niihin tulee se merkki paina tuota kolmioo
sitten kun valmis select all ja delete
Voiko tietsikka koskaan toimia?
|
|
Kennyy
Suspended due to non-functional email address
|
13. helmikuuta 2008 @ 21:56 |
Linkki tähän viestiin
|
|
Dr. Web -logi:
09257546.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257656.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257734.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257796.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257859.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257875.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257906.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257921.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257968.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09257984.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258015.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258031.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258046.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258078.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258109.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258140.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258187.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258203.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258265.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258296.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258312.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258343.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258406.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258453.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258562.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258703.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258750.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258828.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258937.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09258984.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259015.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259031.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259062.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259109.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259125.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259140.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259156.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259171.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259218.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259281.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259359.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259421.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259734.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259843.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09259968.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09260093.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09260125.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09260156.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
09260234.FIL;F:\$VAULT$.AVG;Win32.Virut.5;Cured.;
jamilah.exe;F:\Shared Files\Maple Hacks;Tool.Jamilah;Deleted.;
blowie32.sys;F:\Shared Files\Maple Hacks\blowie;Trojan.NtRootKit.72;Deleted.;
fixmem.dll;F:\Shared Files\Maple Hacks\blowie;Trojan.MulDrop.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Danny Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\DualEngine2;Trojan.DownLoader.origin;Incurable.Moved.;
GameMon.des;F:\Shared Files\Maple Hacks\GameGuard\GameGuard;Probably BACKDOOR.Trojan;Deleted.;
stealth.dll;F:\Shared Files\Maple Hacks\GG System X [Protected]\GG System X [Protected];Trojan.DownLoader.origin;Incurable.Moved.;
g_poison.exe;F:\Shared Files\Maple Hacks\ggk;BackDoor.Iroffer.1349;Deleted.;
setup.exe;F:\Shared Files\Maple Hacks\GMasters Engine;Trojan.KillFiles.11340;Deleted.;
stealth.dll;F:\Shared Files\Maple Hacks\Google Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Leecher Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Mini Engine\Mini Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1;Trojan.DownLoader.origin;Incurable.Moved.;
nubdeal.dll;F:\Shared Files\Maple Hacks\NubEngine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Serbio Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Templery Engine;Trojan.DownLoader.origin;Incurable.Moved.;
important.htm;F:\Shared Files\Maple Hacks\TrojanPie.exe\TrojanPie.exe\Bots\ProMacro\AutoMacroRecorder!!;Win32.Virut;Cured.;
kanal.htm;F:\Shared Files\Maple Hacks\TrojanPie.exe\TrojanPie.exe\S3NSA and scruie, the olly supporters, Style =] (Ollydbg)\PEiD\plugins;Win32.Virut;Cured.;
stealth.dll;F:\Shared Files\Maple Hacks\UCE;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Visual Engine;Trojan.DownLoader.origin;Incurable.Moved.;
tealth.dll;F:\Shared Files\Maple Hacks\Visual Engine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\zenosengine1.9\zenosengine;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\zenosengine1.9 + ct\zenosengine;Trojan.DownLoader.origin;Incurable.Moved.;
Project1.exe;F:\Shared Files\Maple Hacks\ZenxEngine_LATEST;VirusConstructor.Davwormgen;Deleted.;
stealth.dll;F:\Shared Files\Maple Hacks\ZenxEngine_LATEST;Trojan.DownLoader.origin;Incurable.Moved.;
stealth.dll;F:\Shared Files\Maple Hacks\Zion Engine;Trojan.DownLoader.origin;Incurable.Moved.;
15904281.FIL;C:\$VAULT$.AVG;Adware.SaveNow;Deleted.;
15904312.FIL;C:\$VAULT$.AVG;Adware.SaveNow;Deleted.;
15904375.FIL;C:\$VAULT$.AVG;Adware.SaveNow;Deleted.;
|
|
Hujo
Suspended permanently
|
13. helmikuuta 2008 @ 22:00 |
Linkki tähän viestiin
|
Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v2.03.532- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.
aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi
Voiko tietsikka koskaan toimia?
|
|
Kennyy
Suspended due to non-functional email address
|
13. helmikuuta 2008 @ 22:14 |
Linkki tähän viestiin
|
|
|
|
Hujo
Suspended permanently
|
13. helmikuuta 2008 @ 22:18 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
|
|
Kennyy
Suspended due to non-functional email address
|
14. helmikuuta 2008 @ 16:05 |
Linkki tähän viestiin
|
eScan logi:
File C:\PROGRA~1\IHATEK~1\IHATEK~1.EXE tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File C:\PROGRA~1\mIRC617\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\PROGRA~1\IHATEK~1\IHATEK~1.EXE tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File C:\WINDOWS\system32\kbhookdll.dll tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File C:\Documents and Settings\Käyttäjä\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Käyttäjä\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Käyttäjä\Omat tiedostot\bsplayer142.833.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\Program Files\I Hate Keyloggers\I Hate Keyloggers.exe tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File C:\Program Files\mIRC\backup\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\Program Files\mIRC617\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\WINDOWS\system32\kbhookdll.dll tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File F:\Shared Files\Maple Hacks\DualEngine2\GR.sys infected by "Rootkit.Win32.Agent.zi" Virus. Action Taken: File Renamed.
File F:\Shared Files\Maple Hacks\DualEngine2.zip infected by "Rootkit.Win32.Agent.zi" Virus. Action Taken: File Renamed.
File F:\Shared Files\Maple Hacks\InjecTOR.rar infected by "HackTool.Win32.Injecter.n" Virus. Action Taken: File Deleted.
File F:\Shared Files\Maple Hacks\jamilah(rootkit).rar tagged as not-a-virus:RiskTool.Win32.JML.a. No Action Taken.
File F:\Shared Files\PC Apps\i-hate-keyloggers\i-hate-keyloggers.exe tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File F:\Shared Files\PC Apps\i-hate-keyloggers.zip tagged as not-a-virus:Monitor.Win32.KeyLogger.w. No Action Taken.
File F:\Shared Files\PC Apps\mirc617.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File F:\Shared Files\PC Apps\mirc621.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\AppData\Local\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Documents and Settings\Kenny--\Local Settings\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\AppData\Local\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Application Data\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Temporary Internet Files\Content.IE5\J6SAJKL5\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File V:\Users\Kenny--\Local Settings\Temporary Internet Files\Low\Content.IE5\WLMOVGZ1\mirc621[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
|
|
Kennyy
Suspended due to non-functional email address
|
15. helmikuuta 2008 @ 11:11 |
Linkki tähän viestiin
|
|
Oliko ne toimenpiteet sitten siinä?
Voiko näiden logien perusteella sanoa, että onko tiedostossa ollut keylogger päässyt koneeseen asti, ja onko se todennäköistä että kyseistä keyloggeria ei löydy enään koneesta?
|
|
Hujo
Suspended permanently
|
15. helmikuuta 2008 @ 12:15 |
Linkki tähän viestiin
|
Lataa Atribunen ATF Cleaner
Ohjeet;
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
================
Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.
Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta
Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"
o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter
Toisissa koneissa paukutetaan F8:sin sijasta F5:tä
HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.
============
poista lisää poista sovelutuksesta
I Hate Keyloggers
Poista kansio vikasiedossa
C:\Program Files\I Hate Keyloggers
=========
Ota hjt:loki uusi ja aja uusi combofix
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 15. helmikuuta 2008 @ 12:55
|
|
Kennyy
Suspended due to non-functional email address
|
15. helmikuuta 2008 @ 21:04 |
Linkki tähän viestiin
|
AVG-login saannissa oli ongelmia joten otin kuvat quarantine-listasta:
======================================================================
Hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:23, on 15.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mapleglobal.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.59.164.62:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asdasd.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.27.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O20 - Winlogon Notify: hblogon - hblogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 8506 bytes
======================================================================
ComboFix:
ComboFix 08-02-13.1 - Käyttäjä 2008-02-15 20:34:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.1571 [GMT 2:00]
Running from: C:\Documents and Settings\Käyttäjä\Työpöytä\Virustorjunta\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-01-15 to 2008-02-15 )))))))))))))))))
.
2008-02-15 20:25 . 2008-02-15 20:25 112,147 --a------ C:\avg3.jpg
2008-02-15 20:25 . 2008-02-15 20:25 108,899 --a------ C:\avg4.jpg
2008-02-15 20:22 . 2008-02-15 20:22 72,019 --a------ C:\avg.jpg
2008-02-15 20:22 . 2008-02-15 20:22 44,702 --a------ C:\avg2.jpg
2008-02-15 17:09 . 2008-02-15 17:09 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Grisoft
2008-02-15 17:08 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-15 16:56 . 2008-02-15 16:56 <KANSIO> d-------- C:\kav
2008-02-14 05:32 . 2008-02-14 05:32 0 --a------ C:\23990098.$$$
2008-02-13 22:33 . 2008-02-13 22:35 <KANSIO> d-------- C:\Bases
2008-02-13 22:32 . 2008-02-13 22:38 <KANSIO> d-------- C:\Kaspersky
2008-02-13 22:07 . 2008-02-13 22:07 <KANSIO> d-------- C:\Program Files\CCleaner
2008-02-13 19:23 . 2008-02-13 19:23 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\DoctorWeb
2008-02-13 19:23 . 2008-02-13 19:23 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\DoctorWeb
2008-02-13 19:20 . 2008-02-13 19:20 <KANSIO> d-------- C:\Program Files\Dr. Web CureIt
2008-02-13 00:59 . 2008-02-13 00:59 <KANSIO> d-------- C:\RegSeeker
2008-02-12 23:47 . 2008-02-12 23:47 209,008 --a------ C:\WINDOWS\system32\kbhookdll.dll
2008-02-12 23:47 . 2008-02-12 23:47 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-02-12 21:40 . 2008-02-12 21:40 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-12 21:34 . 2008-02-12 21:34 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-12 21:34 . 2008-02-13 02:46 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\AVG7
2008-02-12 21:33 . 2008-02-15 17:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 21:33 . 2008-02-12 21:35 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 20:46 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2008-02-04 15:28 . 2008-02-13 22:38 <KANSIO> d-------- C:\Downloads
2008-02-02 22:01 . 2008-02-02 22:05 <KANSIO> d-------- C:\Program Files\Desktop Screen Record 5
2008-02-02 13:52 . 2007-10-20 15:01 <KANSIO> d-------- C:\Program Files\FretsOnFire
2008-01-31 23:25 . 2008-01-31 23:25 <KANSIO> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 23:23 . 2008-01-31 23:23 <KANSIO> d-------- C:\Nexon
2008-01-31 16:33 . 2008-01-31 16:33 <KANSIO> d-------- C:\Program Files\Perfect World
2008-01-29 21:31 . 2008-01-29 21:31 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:31 . 2008-01-29 21:31 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 21:31 . 2008-01-29 21:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 22,328 --a------ C:\Documents and Settings\Käyttäjä\Application Data\PnkBstrK.sys
2008-01-29 21:31 . 2008-01-29 21:31 308 --a------ C:\WINDOWS\game.ini
2008-01-29 21:26 . 2008-01-31 01:26 <KANSIO> d-------- C:\Program Files\Call of Duty 4 - Modern Warfare
2008-01-29 20:18 . 2008-01-29 20:35 <KANSIO> d-------- C:\Program Files\Crysis
2008-01-28 00:50 . 2008-01-28 00:50 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Clickteam
2008-01-28 00:47 . 2008-02-05 14:33 <KANSIO> d-------- C:\Program Files\Multimedia Fusion 2
2008-01-21 17:43 . 2008-01-21 17:43 11,736 --a------ C:\pldecal.wad
2008-01-21 17:39 . 2008-01-21 17:42 <KANSIO> d-------- C:\Program Files\Wally
2008-01-20 22:24 . 2008-01-20 22:28 <KANSIO> d-------- C:\Documents and Settings\Käyttäjä\Application Data\Command & Conquer 3 Tiberium Wars
2008-01-20 15:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 14:55 . 2008-01-20 14:55 <KANSIO> d-------- C:\Program Files\Electronic Arts
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 18:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-15 18:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-02-15 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-15 15:18 --------- d-----w C:\Program Files\mIRC617
2008-02-13 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 13:12 --------- d-----w C:\Program Files\BSplayer_WhenUSave_Installer
2008-02-13 00:00 4,208 ----a-w C:\Documents and Settings\Käyttäjä\Application Data\wklnhst.dat
2008-02-12 23:45 --------- d-----w C:\Program Files\Cheat Engine
2008-02-12 22:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-12 19:08 51,072 ----a-w C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-02-12 11:20 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\Azureus
2008-02-04 13:28 --------- d-----w C:\Program Files\AmazingMIDI
2008-02-04 13:28 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\GetRightToGo
2008-01-31 21:23 --------- d-s---w C:\Program Files\Mabinogi Taiwan
2008-01-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 14:24 --------- d-----w C:\Program Files\Wizet
2008-01-21 21:29 412,906 ----a-w C:\Program Files\AAA Real Recorder.rar
2008-01-20 19:19 --------- d-----w C:\Program Files\Azureus
2008-01-20 13:03 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-12 19:54 --------- d-----w C:\Program Files\Peggle
2008-01-12 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-12 19:53 --------- d-----w C:\Program Files\BFG
2008-01-10 20:06 --------- d-----w C:\Program Files\ZSNes
2008-01-10 14:19 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\TeamViewer
2008-01-10 14:16 --------- d-----w C:\Program Files\TeamViewer3
2008-01-03 14:01 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-03 14:01 --------- d-----w C:\Program Files\Hamachi
2008-01-03 14:01 --------- d-----w C:\Documents and Settings\Käyttäjä\Application Data\Hamachi
2007-12-26 16:26 --------- d-----w C:\Program Files\DC++
2007-12-24 17:09 --------- d-----w C:\Program Files\Portal
2007-12-22 20:09 --------- d-----w C:\Program Files\Winamp
2007-12-21 18:17 --------- d-----w C:\Program Files\DivX
2007-12-19 22:27 --------- d-----w C:\Program Files\GALA-NET
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-15 12:47 203,264 ----a-w C:\WINDOWS\system32\zk_sc.scr
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"zzsecagent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"CmPCIaudio"="cmicnfg3.cpl" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-12 21:35 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-02-12 21:08 2115728]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-12 21:33 219136]
C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hblogon]
hblogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Bluetooth Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Iolo Macro Magic.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Service Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Käyttäjä^Käynnistä-valikko^Ohjelmat^Käynnistys^Chronice.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00saskda]
--a------ 2006-06-06 14:01 1541120 C:\Program Files\1st Security Agent\newadmin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSplayer_WhenUSave_Installer]
C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-Border Credential]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 5.5]
--a------ 2007-02-12 13:50 1870848 C:\Program Files\Novosoft\Handy Backup\hbagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
--a------ 2007-11-12 17:45 38128 C:\program files\ncsoft\launcher\NCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxHome]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2008-02-12 21:08 2115728 C:\Program Files\Spyware Doctor\swdoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-05 15:28 1266936 C:\Program Files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 12:27]
R2 npkcmsvc;npkcmsvc;C:\Program Files\Mabinogi\npkcmsvc.exe [2007-05-16 13:15]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 17:42]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 17:42]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
S2 anysee;anysee USB type Tuner(2005.04.25.D010313);C:\WINDOWS\system32\DRIVERS\anyseeTU.sys [2005-04-25 12:40]
S3 CEDRIVER52;CEDRIVER52;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 19:13]
S3 DADriv1;DADriv1;C:\Shared Files\Maple Hacks\DAEngine\DAK32.sys []
S3 danny1;danny1;C:\Shared Files\Maple Hacks\Danny Engine\danny.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;C:\Shared Files\Maple Hacks\UCE\disk_1024.sys []
S3 Dua1;Dua1;F:\Shared Files\Maple Hacks\DualEngine2\DualEngi.sys [2006-10-02 11:43]
S3 EAGLE1;EAGLE1;C:\Shared Files\Maple Hacks\Google Engine\google32.sys []
S3 fspio;fspio;C:\WINDOWS\system32\drivers\fspio.sys [2001-03-08 17:10]
S3 geebers12;geebers12;C:\Shared Files\Maple Hacks\Buffy Engine\nvid888.sys []
S3 iCheat1;iCheat1;C:\Shared Files\Maple Hacks\iCheat13\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;F:\Shared Files\Maple Hacks\MoonLight Engine 1129.1\IlvMoney1129.sys [2007-10-17 21:19]
S3 jamilah;jamilah;C:\Shared Files\Maple Hacks\jamilah.sys []
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Shared Files\Maple Hacks\VE5 1032\nvid999.sys []
S3 NUBBER;NUBBER;C:\Shared Files\Maple Hacks\NubEngine\nubbk32.sys []
S3 saruen;saruen;C:\Shared Files\Maple Hacks\saruengang101se\saruen.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-03-31 14:21]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-03-31 14:21]
S3 sejt1;sejt1;C:\Shared Files\Maple Hacks\AkumaEngine33\sejt.sys []
S3 serb1;serb1;F:\Shared Files\Maple Hacks\Serbio Engine\serbio.sys [2006-06-29 19:49]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 09:12]
S3 SoRa01;SoRa01;C:\Shared Files\Maple Hacks\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;F:\Shared Files\Maple Hacks\SPUCEREV878able\SPUCE\spuce.sys [2006-11-28 21:13]
S3 sys_com001;sys_com001;C:\Shared Files\Maple Hacks\SysComEngine_1059\syscom.sys []
S3 TEMPLEVER;TEMPLEVER;C:\Shared Files\Maple Hacks\Templery Engine\damainzor.sys []
S3 uzeil1;uzeil1;C:\Shared Files\Maple Hacks\Mini Engine\Mini Engine\uzeil.sys []
S3 Visual1;Visual1;C:\Shared Files\Maple Hacks\Visual Engine\Visual.sys []
S3 zenx1;zenx1;C:\Shared Files\Maple Hacks\ZenxEngine_LATEST\zenx.sys []
*Newly Created Service* - AVGASCLN
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 20:38:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-15 20:41:32
ComboFix-quarantined-files.txt 2008-02-15 18:41:30
ComboFix2.txt 2008-02-13 00:29:25
ComboFix3.txt 2008-02-13 00:22:39
ComboFix4.txt 2008-02-12 23:20:05
ComboFix5.txt 2008-02-12 22:16:46
.
2008-01-22 15:07:46 --- E O F ---
|
|
Hujo
Suspended permanently
|
15. helmikuuta 2008 @ 22:00 |
Linkki tähän viestiin
|
kai deletoit avg:n anti-spywaren löydöt lopullisesti
============
acannaa hjt:llä merkka paina Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O20 - Winlogon Notify: hblogon - hblogon.dll (file missing)
============
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä: 
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u4
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 15. helmikuuta 2008 @ 22:25
|
|
Kennyy
Suspended due to non-functional email address
|
15. helmikuuta 2008 @ 23:06 |
Linkki tähän viestiin
|
Deletoisin kyllä avg:n löytämät tiedostot.
Tein myös juuri kaikki nuo Hjt ja Java-kohdat.
Muokkaus:
Huomasin tuolla Ardamaxin virallisilla sivuilla olevan ohjelman joka poistaa kaikki keyloggerit, jotka on tehty kyseisellä ohjelmalla.
Kun tuo Ardamax on kaupallinen ohjelma niin voin kyllä varmaan luottaa tuohon, kun se herjas että "Ardamax Keylogger not found."
Kiitoksia kumminkin kovasti avusta, enköhän nyt voi jo turvallisin mielin käyttää konettani enempää scannaamatta. Olen myös huomannut, että kone käynnistyy nykyään paljon nopeammin kuin ennen, noiden kaikkien toimenpiteiden jälkeen, joten kiitos siitäkin.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 16. helmikuuta 2008 @ 00:07
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
16. helmikuuta 2008 @ 00:50 |
Linkki tähän viestiin
|
Poista tuo vikasiedossa
C:\Program Files\BSplayer_WhenUSave_Installer
C:\WINDOWS\system32\kbhookdll.dll <-- laita piilotiedostot näkyviin
==========
Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 16. helmikuuta 2008 @ 00:53
|
|
